-
-
Notifications
You must be signed in to change notification settings - Fork 7
Plugins
SWELF Plugins are simply Powershell (.ps1) scripts that are executed by SWELF and then any output that the script has is sent as a log in the format you specify. The scripts are forced through AMSI and if the Microsoft AMSI (which could also plugin to you endpoint AV) module says its safe it is allowed to run. If its found to be malware SWELF will make sure you know.
The directory of what you want SWELF to find in the output (just like Event Log)
C:\..\..\Plugins\Plugin_Searchs
The folder that tells SWELF where to find the Powershell seachs file is here. Including Whitelists.
C:\..\..\Plugins\Plugin_Searchs\Searchs.txt
All the Scripts that SWELF is to run as Plugins must be in this directory
C:\..\..\Plugins\Scripts
This is where SWELF will look on the local machine for the plugins/scripts it is to run. It will not look anywhere else. You must place the scripts and anything they need in this location.
When central configuration is utilized for plugins I left it to you to get the scripts to the endpoint to execute.
- Home
- How it Works
- Knowledge Base
- Configuration
- Searchs
- Plugins
- Usage
- Extras
- SWELF Logging
- SWELF Development