Plugins4387Themes and Skins11Add-ons732Documentation283Graphics and Logos36View All Categories
LinuxSecuritySNMPFile SystemCloud
New Listings Recently Updated Listings Most Favored Listings Most Popular Listings Most Rated Listings Most Reviewed Listings
Random Project
Others check_dcmfind
0.0 (0)
35.7K
RSS Feed
Newest Listings Updated Listings
Top Contributors
LAMY (7)Julien DESMAREST (6)deskwork_itunes142 (4)Davide Lemma (4)Joerg Hoerter (3)
See More
Newest Contributors
Guillaume8723 (1)Salvo (1)SOHA-IT (1)Tsvetomir Tsvetanov (1)Igor Ru (1)
See More
Security

Check Windows for Indicators of Compromise – Via Event Logs

5 (1)
11,161
0
0
Download Copy Page Link Login to Claim

Thank you for your review!

Your review has been submitted and is pending approval.

Description

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule via a Nagios NCPA agent, however, it may also be run from a command-line (for incident response) as well. The script is heavily commented and very readable with numerous usage examples in the script itself. There is an accompanying SANS gold paper in the SANS Reading Room (https://www.sans.org/reading-room/) to learn more about the script and the methodology behind it. There is also an updated version of the gold paper found at the Linux Included (https://www.linuxincluded.com) website. If you have any issues or you would like to see other event IDs added, please let me know and I will make changes as necessary. Enjoy!

Project Details

Current Version

1.4

Last Release Date

2016-11-06

Owner

Dallas

Website

https://www.linuxincluded.com/uncovering-indicators-of-compromise/

Download URL

https://github.com/oneoffdallas/check_ioc

License

GPL

Compatible With

  • Nagios 4.x
  • Nagios XI

Recommend

To:


From: