windows-event-forwarding
stacktrace
windows-event-forwarding | stacktrace | |
---|---|---|
7 | 3 | |
1,183 | 503 | |
0.0% | 0.0% | |
0.0 | 0.0 | |
about 1 year ago | over 3 years ago | |
Roff | Go | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
windows-event-forwarding
- Windows Event Forwarding - forward subset of events from one collector to another?
-
WinCollect to pic up custom event channel | AutorunsToWinEventLog
Hi All , We have deployed https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog which create autoruns entries into a custom event channel named Autoruns. We did filter to pic up this channel but no luck. the filter is like
-
How to add a new log under windows logs for different types of forwarded logs in event viewer
Here is an up to date documentation with an example: https://github.com/palantir/windows-event-forwarding/tree/master/windows-event-channels
-
Windows Event Forwarding vs SIEM Access?
Palantir has an excellent guide on this approach, https://github.com/palantir/windows-event-forwarding, and ArcSight provides some shockingly good information as well https://community.softwaregrp.com/dcvta86296/attachments/dcvta86296/BestPractices/57/1/Micro_Focus_ArcSight_Collecting_Windows_Event_Logs.pdf.
-
We are thinking SMB1 disabling but anything breaks authentication or anything else ?
You don't have a SIEM, but Windows has event forwarding built-in. There is a great overview here - https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection. With properly crafted subscriptions, with specific SMB events, you could better understand your environment by looking in just one log. This is another good resource - https://github.com/palantir/windows-event-forwarding.
- GitHub - palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
stacktrace
What are some alternatives?
policy-bot - A GitHub App that enforces approval policies on pull requests
errors - Go error library with error portability over the network
tslint - :vertical_traffic_light: An extensible linter for the TypeScript language
errors - Simple error handling primitives
pyspark-style-guide - This is a guide to PySpark code style presenting common situations and the associated best practices based on the most frequent recurring topics across the PySpark repos we've encountered.
log4j-sniffer - A tool that scans archives to check for vulnerable log4j versions
plottable - :bar_chart: A library of modular chart components built on D3
emperror - The Emperor takes care of all errors personally
@blueprintjs/core - A React-based UI toolkit for the web
go-multierror - A Go (golang) package for representing a list of errors as a single error.
spark - Palantir Distribution of Apache Spark
comparerr - Compare error stacktrace output of different libraries