Release 2.7.0 · wagga40/Zircolite

What's new in v2.7.0 :

Initial Auditd logs support
Initial rules with regex support
Colorized output for rule level
Updated rules and docs

⚠️ I will probably remove the embedded versions in favor of DFIR ORC packaged versions.

What to download ?

[RECOMMENDED] Binaries with "nuitka" in their names were generated with Nuitka and are supposedly faster (but bigger in size)
Binaries with "embedded" in their names are self contained and to not need external files to work (even ruleset files)
Binaries for Windows 7 have "win7" in their names. Other releases may not work on Windows 7

⚠️ Some AV may not like the packaged binaries. The nuitka version are generally considered OK by most AV.
⚠️ The set of tests for windows binaries is far from being exhaustive, please create an issue if you encounter difficulties.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2.7.0

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

What's new in v2.7.0 :

What to download ?

Uh oh!