plgx-esp
lme
| plgx-esp | lme | |
|---|---|---|
| 1 | 11 | |
| 20 | 684 | |
| - | - | |
| 6.5 | 3.4 | |
| over 2 years ago | about 1 year ago | |
| CSS | Shell | |
| MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
plgx-esp
-
Free EDR solutions
Check out PolyLogyx ESP ( aka EclecticIQ ER community edition) if you are familiar with Osquery this offers much of the same functionality with more Windows telemetry visibility. https://github.com/polylogyx/plgx-esp
lme
-
SysMon
This may help https://github.com/ukncsc/lme/blob/master/docs/chapter2.md
- Syslog Analyistics for cyberSecurity
-
500+ windows server logging
But if you're still commited: there are too many variables to calculate it with any amount of certainty but you can measure it. Start off by setting up event forwarding on a small batch of test servers with only security audit logs included in the default configuration. Let it run for a few days and measure the usage and extrapolate from there. How to do most of it, you're going to find from MS documentation, but NCSC has a nice summary of it here: https://github.com/ukncsc/lme
- Active Directory monitoring
-
What are the Implications of an automation tool, using PsExec to execute commands (of any kind) on client machines, from a domain controller?
Much appreciated. I'm a sole IT guy in a small shop so always keen to hear what others have found. I'm looking at: https://github.com/ukncsc/lme and Security Onion...
- Sysmon for SME <50 employees?
- All sysmon event types and their fields explained
-
Free EDR solutions
https://github.com/ukncsc/lme is this
-
I want to buy a SIEM, but I don't know which one
Use something based off of a free version of Elasticsearch, like Logging Made Easy: https://github.com/ukncsc/lme or SIEMMonster or Security Onion.
-
Requesting /r/lme - zero posts in 9 years and one inactive mod.
Would also be repurposing sub to be a resource for Logging Made Easy, a community SIEM project by UKNCSC: https://github.com/ukncsc/lme
What are some alternatives?
EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
fleet - A flexible control server for osquery fleets
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
xxh - 🚀 Bring your favorite shell wherever you go through the ssh. Xonsh shell, fish, zsh, osquery and so on.
eiq-er-ce - Community Edition of the EclecticIQ Endpoint Security Platform; An open source and extensible platform to manage and monitor endpoints, based on osqery agent