plottable
windows-event-forwarding
plottable | windows-event-forwarding | |
---|---|---|
1 | 7 | |
2,952 | 1,183 | |
0.1% | 0.0% | |
4.0 | 0.0 | |
9 months ago | about 1 year ago | |
TypeScript | Roff | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
plottable
-
DEMO DAY DISCUSSION
To be more precise https://github.com/palantir/plottable
windows-event-forwarding
- Windows Event Forwarding - forward subset of events from one collector to another?
-
WinCollect to pic up custom event channel | AutorunsToWinEventLog
Hi All , We have deployed https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog which create autoruns entries into a custom event channel named Autoruns. We did filter to pic up this channel but no luck. the filter is like
-
How to add a new log under windows logs for different types of forwarded logs in event viewer
Here is an up to date documentation with an example: https://github.com/palantir/windows-event-forwarding/tree/master/windows-event-channels
-
Windows Event Forwarding vs SIEM Access?
Palantir has an excellent guide on this approach, https://github.com/palantir/windows-event-forwarding, and ArcSight provides some shockingly good information as well https://community.softwaregrp.com/dcvta86296/attachments/dcvta86296/BestPractices/57/1/Micro_Focus_ArcSight_Collecting_Windows_Event_Logs.pdf.
-
We are thinking SMB1 disabling but anything breaks authentication or anything else ?
You don't have a SIEM, but Windows has event forwarding built-in. There is a great overview here - https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection. With properly crafted subscriptions, with specific SMB events, you could better understand your environment by looking in just one log. This is another good resource - https://github.com/palantir/windows-event-forwarding.
- GitHub - palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
What are some alternatives?
blueprint - A code generation tool for Laravel developers.
policy-bot - A GitHub App that enforces approval policies on pull requests
cal-heatmap - Cal-Heatmap is a javascript charting library to create a time-series calendar heatmap
tslint - :vertical_traffic_light: An extensible linter for the TypeScript language
@blueprintjs/core - A React-based UI toolkit for the web
pyspark-style-guide - This is a guide to PySpark code style presenting common situations and the associated best practices based on the most frequent recurring topics across the PySpark repos we've encountered.
stacktrace - Stack traces for Go errors
spark - Palantir Distribution of Apache Spark
atlasdb - Transactional Distributed Database Layer
python-language-server - An implementation of the Language Server Protocol for Python