ATAschert / CoreThreatAgent

Collect security logs and send them over syslog

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Core|Threat Agent

What is Core|Threat Agent?

Core|Threat Agent collects security logs and send them over syslog. Easy to deploy security related logs. Automatically installs Sysmon, sets the necessary registry-keys and policies. Gets the Windows-Events from Sysmon and sends them over syslog to the destination of your choice.

Features

  • installs Sysmon
  • activates windows logging
  • collects sysmon-events
  • sends sysmon-events to syslog server

How to use?

CoreThreatAgent.exe sysmon

CoreThreatAgent.exe auditpol

CoreThreatAgent.exe psaudit

CoreThreatAgent.exe runagent:(ip or hostname):(port):(proto)

Releases

https://github.com/ipcis/CoreThreatAgent/releases

Working on the following features

  • hide cmd dialog (background mode)
  • run as admin / service
  • other kinds of events: powershell, etc.
  • threading
  • filelog

About

Collect security logs and send them over syslog

License:Apache License 2.0


Languages

Language:Python 100.0%