Integrating Sysinternals Autoruns’ logs into Security Onion
PowerShell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
diff
normalize
parsers
LICENSE
README.md

README.md

Pertinax

Latin: “Persistent, Stubborn”

The ability to remain active on a target system even after reboots is a key component of a long-term successful compromise. Unfortunately, there are a number of ways for a threat actor to persist in Windows across reboots, and it can be very difficult to comprehensively identify these areas without specialized software. This is where Sysinternals' Autoruns (AR) come into play. Autoruns is a Sysinternals’ tool that has been widely used in the industry to help bring to light the many different areas in Windows used for persistence.

The purpose of Pertinax is succinctly thus:

To further enhance the host-level capabilities of Security Onion by integrating Sysinternals Autoruns’ logs into the Security Onion ecosystem, and making this data available for OSSEC rulesets as well as ELSA queries.