Core|Threat Agent collects security logs and send them over syslog. Easy to deploy security related logs. Automatically installs Sysmon, sets the necessary registry-keys and policies. Gets the Windows-Events from Sysmon and sends them over syslog to the destination of your choice.
- installs Sysmon
- activates windows logging
- collects sysmon-events
- sends sysmon-events to syslog server
CoreThreatAgent.exe sysmon
CoreThreatAgent.exe auditpol
CoreThreatAgent.exe psaudit
CoreThreatAgent.exe runagent:(ip or hostname):(port):(proto)
https://github.com/ipcis/CoreThreatAgent/releases
- hide cmd dialog (background mode)
- run as admin / service
- other kinds of events: powershell, etc.
- threading
- filelog