Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SearchCommand for Sysmon logs to send event of program connecting to network (Sysmon eventid 3) #51

Closed
ceramicskate0 opened this issue Aug 2, 2018 · 2 comments
Closed

SearchCommand for Sysmon logs to send event of program connecting to network (Sysmon eventid 3) #51

ceramicskate0 opened this issue Aug 2, 2018 · 2 comments
Assignees
@ceramicskate0
Labels
New Feature Additional feature to add

Comments

@ceramicskate0
Copy link
Owner

Is your feature request related to a problem? Please describe.
Powershell used as call out for initial infection delivery. need that log.

Describe the solution you'd like
Forward sysmon log for that event event id 3

Describe alternatives you've considered
none

Additional context
@ceramicskate0 ceramicskate0 added the New Feature Additional feature to add label Aug 2, 2018
@ceramicskate0 ceramicskate0 added this to the 0.3.0.0 milestone Aug 2, 2018
@ceramicskate0 ceramicskate0 self-assigned this Aug 2, 2018
@ceramicskate0 ceramicskate0 added this to 0.3.0.* in SWELF before Prod Aug 2, 2018
@ceramicskate0
Copy link
Owner Author

will be in next release

@ceramicskate0
Copy link
Owner Author

added 0.3.3.0

@ceramicskate0 ceramicskate0 removed this from 0.3.0.0-0.3.*.* in SWELF before Prod Aug 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ceramicskate0 ceramicskate0

Labels
New Feature Additional feature to add
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ceramicskate0