policy-bot
windows-event-forwarding
policy-bot | windows-event-forwarding | |
---|---|---|
2 | 7 | |
706 | 1,183 | |
0.8% | 0.0% | |
9.0 | 0.0 | |
3 days ago | about 1 year ago | |
Go | Roff | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
policy-bot
-
Multiple approvers for some PR paths?
This looks promising https://github.com/palantir/policy-bot.
-
How to automatically merge dependabot pull requests with Github Actions ?
My team has used a combination of bulldozer and policy-bot to do this as well. Though we only target a select set of things to auto-bump.
windows-event-forwarding
- Windows Event Forwarding - forward subset of events from one collector to another?
-
WinCollect to pic up custom event channel | AutorunsToWinEventLog
Hi All , We have deployed https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog which create autoruns entries into a custom event channel named Autoruns. We did filter to pic up this channel but no luck. the filter is like
-
How to add a new log under windows logs for different types of forwarded logs in event viewer
Here is an up to date documentation with an example: https://github.com/palantir/windows-event-forwarding/tree/master/windows-event-channels
-
Windows Event Forwarding vs SIEM Access?
Palantir has an excellent guide on this approach, https://github.com/palantir/windows-event-forwarding, and ArcSight provides some shockingly good information as well https://community.softwaregrp.com/dcvta86296/attachments/dcvta86296/BestPractices/57/1/Micro_Focus_ArcSight_Collecting_Windows_Event_Logs.pdf.
-
We are thinking SMB1 disabling but anything breaks authentication or anything else ?
You don't have a SIEM, but Windows has event forwarding built-in. There is a great overview here - https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection. With properly crafted subscriptions, with specific SMB events, you could better understand your environment by looking in just one log. This is another good resource - https://github.com/palantir/windows-event-forwarding.
- GitHub - palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
What are some alternatives?
octostats - 🐙🐱📦 Additional GitHub API methods
tslint - :vertical_traffic_light: An extensible linter for the TypeScript language
pyspark-style-guide - This is a guide to PySpark code style presenting common situations and the associated best practices based on the most frequent recurring topics across the PySpark repos we've encountered.
TrojanSourceFinder - 🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators (CI/CD)
plottable - :bar_chart: A library of modular chart components built on D3
bouncer - An application to cycle (bounce) all nodes in a coordinated fashion in an AWS ASG or set of related ASGs
stacktrace - Stack traces for Go errors
octotui - 🐙🐱🖥️ GitHub stats in your terminal
@blueprintjs/core - A React-based UI toolkit for the web
gitpod - The developer platform for on-demand cloud development environments to create software faster and more securely.
spark - Palantir Distribution of Apache Spark