This repository has been archived by the owner on Feb 11, 2022. It is now read-only.
首先给这个方案点赞,其次写一些问题 #11
Labels
enhancement
New feature or request
Comments
|
loginlog_windows.go 没有实际event日志被删掉的记录行为,这些内容都可能被删掉。 |
|
嗯,这边暂时没有考虑有对抗的场景,win下的驱动目前只实现了执行的命令监控。 |
|
@caidongyun 是指eventlog被删除的情况吗? |
|
对啊,对应也有日志。 |
|
暂时不知道调用 wevtapi.dll 能不能实时监控到日志删除的记录行为。 |
|
系统eventlog有的,你怎么删除,都会遗留一条记录 |
|
如果是不是借助事件查看器删除的,那么你要监控对应的系统etl文件 删除记录 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
windows:
如下
The text was updated successfully, but these errors were encountered: