windows-event-forwarding
windows-event-forwarding copied to clipboard
palantir
A repository for using windows event forwarding for incident detection and response
My WEC is installed on Server 2016, for reference. **Problem:** Without the IPv6 Filter enabled on this GPO ``` Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote...
XPATH should be *[System[(EventID=865 or EventID=866 or EventID=867 or EventID=868 or EventID=882)]] Not *[Application[Provider[@Name='Microsoft-Windows-SoftwareRestrictionPolicies'] and (EventID=865 or EventID=866 or EventID=867 or EventID=868 or EventID=882)]]
Hello, We are encountring a strange behavior on a Windows 2012 Event Collector. This server use > 8vCPU and 20GB RAM, monitoring it does not show specific usage peaks. NXLog...
Add appropriate groups to lists of Advanced Audit Configuration policies in Domain Controller, Member Server, and Workstation Enhanced Auditing Policies
Spelling
This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling). The misspellings have been reported at https://github.com/jsoref/windows-event-forwarding/commit/27d66ab39dc1c7c608433a4e42e36fad033891e1#commitcomment-49961900 The action reports that the changes in this PR would make it happy: https://github.com/jsoref/windows-event-forwarding/commit/822df24554677ef401cb7d17ee761db36fd4d6ed...
I propose resizing the log files to a more sane 4GB instead of 4MB. Beginning with 4MB will cause the loss of lots of log files when event collection is...
The following line of `AutorunsToWinEventLog/Install.ps1` fails, due to `live.sysinternals.com` being hosted over HTTP and **_not_** HTTPS: `Invoke-WebRequest -Uri "https://live.sysinternals.com/autorunsc64.exe" -OutFile "$autorunsPath"` Fix should be as simple as changing the URI...
Changed the download of `Autorunsc64.exe` to use an HTTP URI instead of HTTPS. No other changes were made. Fixes #54
The MD for the Event Channels says: _The Event Channel manifest provided in this project consists of 16 individual providers, each with 7 channels. Channels follow a standard naming scheme...
Hello, thank you for your base files, excellent. After i update a subscription XML file, and try to update the subscription using `wecutil ss .\filename.xml`, i receive the following error....
