Skip to content

ipcis/CoreThreatAgent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
CoreThreatAgent.py
CoreThreatAgent.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
powershell_audit.reg
powershell_audit.reg
 
 
sysmonconfig.xml
sysmonconfig.xml
 
 

Repository files navigation

Core|Threat Agent

What is Core|Threat Agent?

Core|Threat Agent collects security logs and send them over syslog. Easy to deploy security related logs. Automatically installs Sysmon, sets the necessary registry-keys and policies. Gets the Windows-Events from Sysmon and sends them over syslog to the destination of your choice.

Features

  • installs Sysmon
  • activates windows logging
  • collects sysmon-events
  • sends sysmon-events to syslog server

How to use?

CoreThreatAgent.exe sysmon

CoreThreatAgent.exe auditpol

CoreThreatAgent.exe psaudit

CoreThreatAgent.exe runagent:(ip or hostname):(port):(proto)

Sample: CoreThreatAgent.exe runagent:10.10.10.1:5555:UDP

Releases

https://github.com/ipcis/CoreThreatAgent/releases

Working on the following features

  • hide cmd dialog (background mode)
  • run as admin / service
  • other kinds of events: powershell, etc.
  • threading
  • filelog

Install on Windows - no exe

python -m pip install pywin32 python -m pip install xmltodict

About

Collect security logs and send them over syslog

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Languages