No description, website, or topics provided.
PowerShell
Latest commit cbfee44 Sep 26, 2016 @eric-conrad eric-conrad committed on GitHub Create .gitattributes
Permalink
Failed to load latest commit information.
evtx Delete readme.md Sep 21, 2016
.gitattributes Create .gitattributes Sep 26, 2016
DeepBlue.ps1 Added command obfuscation detection Sep 23, 2016
LICENSE Initial commit Sep 20, 2016
README.md Update README.md Sep 20, 2016
regexes.txt Add files via upload Sep 20, 2016
whitelist.txt Add files via upload Sep 20, 2016

README.md

DeepBlueCLI

DeepBlueCLI 0.1 Beta

Eric Conrad, Backshore Communications, LLC

deepblue at backshore dot net

Twitter: @eric_conrad

http://ericconrad.com

Sample evtx files are in the .\evtx directory

Usage:

.\DeepBlue.ps1 <event log name> <evtx filename>

If you see this error:

.\DeepBlue.ps1 : File .\DeepBlue.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

You must run Set-ExecutionPolicy as Administrator, here is an example:

Set-ExecutionPolicy RemoteSigned

See get-help Set-ExecutionPolicy for more options.

Examples:

Process local Windows security event log:

.\DeepBlue.ps1

or:

.\DeepBlue.ps1 -log security

Process local Windows system event log:

.\DeepBlue.ps1 -log system

or:

.\DeepBlue.ps1 "" system

Process evtx file:

.\DeepBlue.ps1 .\evtx\new-user-security.evtx

or:

.\DeepBlue.ps1 -file .\evtx\new-user-security.evtx