Event-Forwarding-Guidance
Purpleteam
Event-Forwarding-Guidance | Purpleteam | |
---|---|---|
4 | 1 | |
787 | 123 | |
- | - | |
0.0 | 7.8 | |
over 3 years ago | 29 days ago | |
PowerShell | PowerShell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Event-Forwarding-Guidance
-
Which event id's are generated from advanced auditing policies?
See https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events.
-
DC's are drowning in Event 521 security events
NSA has some good guidance of which ones are of value here
-
Suspect user of clearing security log on server, what are my next steps?
Your next step is to implement Event Forwarding using NSA's handy scripts to a centralized logging server or repository.
-
For those that use windows log forwarding, what are you forwarding?
Good guide here - https://github.com/nsacyber/Event-Forwarding-Guidance
Purpleteam
What are some alternatives?
sysmon-config - Sysmon configuration file template with default high-quality event tracing
MAL-CL - MAL-CL (Malicious Command-Line)
Windows-10-Sophia-Script - :zap: A powerful PowerShell module for fine-tuning and tweaking Windows 10 & Windows 11 [Moved to: https://github.com/farag2/Sophia-Script-for-Windows]
UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
awesome-lists - Security lists for SOC detections
Scoop - A command-line installer for Windows.
chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
Sophia-Script-for-Windows - :zap: The most powerful PowerShell module on GitHub for fine-tuning Windows 10 & Windows 11
macOS-ATTACK-DATASET - JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.