windows-event-forwarding
atlasdb
windows-event-forwarding | atlasdb | |
---|---|---|
7 | 1 | |
1,183 | 43 | |
0.0% | - | |
0.0 | 9.8 | |
about 1 year ago | 2 days ago | |
Roff | Java | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
windows-event-forwarding
- Windows Event Forwarding - forward subset of events from one collector to another?
-
WinCollect to pic up custom event channel | AutorunsToWinEventLog
Hi All , We have deployed https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog which create autoruns entries into a custom event channel named Autoruns. We did filter to pic up this channel but no luck. the filter is like
-
How to add a new log under windows logs for different types of forwarded logs in event viewer
Here is an up to date documentation with an example: https://github.com/palantir/windows-event-forwarding/tree/master/windows-event-channels
-
Windows Event Forwarding vs SIEM Access?
Palantir has an excellent guide on this approach, https://github.com/palantir/windows-event-forwarding, and ArcSight provides some shockingly good information as well https://community.softwaregrp.com/dcvta86296/attachments/dcvta86296/BestPractices/57/1/Micro_Focus_ArcSight_Collecting_Windows_Event_Logs.pdf.
-
We are thinking SMB1 disabling but anything breaks authentication or anything else ?
You don't have a SIEM, but Windows has event forwarding built-in. There is a great overview here - https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection. With properly crafted subscriptions, with specific SMB events, you could better understand your environment by looking in just one log. This is another good resource - https://github.com/palantir/windows-event-forwarding.
- GitHub - palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
atlasdb
-
Palantir’s God’s-Eye View of Afghanistan
Disclaimer that I left in 2014, but at that time they didn’t lean into their reputation at all. With that said, I’d guess that they’re leaning into it and capitalizing on it because any press is good press.
They were actually incredibly open with what they actually did technically, and a lot of who they worked with it’s just that nobody seemed to care at the time. They had tech talks showing the full system architecture on YouTube that didn’t get more than 10k or so views. A quick search indicates that a lot of those are gone now (maybe just outdated) and the channel is more marketing heavy now, but just as low trafficed.
They also open source a lot of their core technologies. The main database they used was “AtlasDB”, a relational layer on top of Cassandra. It’s open sourced and actively developed, and again, nobody seems to care, with it at a measly 700ish stars - https://github.com/palantir/atlasdb
People just like a good boogie man story, and after 2 decades of being labeled as such eventually you just stop trying to fight it I guess.
What are some alternatives?
policy-bot - A GitHub App that enforces approval policies on pull requests
gradle-baseline - A set of Gradle plugins that configure default code quality tools for developers.
tslint - :vertical_traffic_light: An extensible linter for the TypeScript language
spark - Palantir Distribution of Apache Spark
pyspark-style-guide - This is a guide to PySpark code style presenting common situations and the associated best practices based on the most frequent recurring topics across the PySpark repos we've encountered.
palantir-java-format - A modern, lambda-friendly, 120 character Java formatter.
plottable - :bar_chart: A library of modular chart components built on D3
stacktrace - Stack traces for Go errors
@blueprintjs/core - A React-based UI toolkit for the web
python-language-server - An implementation of the Language Server Protocol for Python