DeepBlueCLI Logo

DeepBlueCLI

0
Free
Visit Website

DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs Eric Conrad, Backshore Communications, LLC Sample EVTX files are in the .\evtx directory Note If your antivirus freaks out after downloading DeepBlueCLI: it's likely reacting to the included EVTX files in the .\evtx directory (which contain command-line logs of malicious attacks, among other artifacts). EVTX files are not harmful. You may need to configure your antivirus to ignore the DeepBlueCLI directory. Table of Contents Usage Windows Event Logs processed Detected events Examples Output Logging setup See the DeepBlue.py Readme for information on DeepBlue.py See the DeepBlueHash Readme for information on DeepBlueHash (detective safelisting using Sysmon event logs) Usage: .\DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a 'running scripts is disabled on this system' error. Process local Windows security event log (PowerShell must be run as Administrator): .\DeepBlue.ps1 or: .DeepBlue.ps1 -log security Process local Windows system event log: .DeepBlue.ps1 -log system Proc

FEATURES

ALTERNATIVES

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.

Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.

Acapulco is a Splunk application that automatically generates meta-events from hpfeeds channels and visualizes them using D3.js.

ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.

Robust Python SDK and Command Line Client for interacting with IntelOwl's API.

A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.

Open source web app for storing and searching Actor related data from users and public repositories.

A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.