TOP LEVEL CATEGORIES
EXPLORE
Description:
Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule via a Nagios NCPA agent, however, it may also be run from a command-line (for incident response) as well. The script is heavily commented and very readable with numerous usage examples in the script itself. There is an accompanying SANS gold paper in the SANS Reading Room (https://www.sans.org/reading-room/) to learn more about the script and the methodology behind it. There is also an updated version of the gold paper found at the Linux Included (https://www.linuxincluded.com) website. If you have any issues or you would like to see other event IDs added, please let me know and I will make changes as necessary. Enjoy!
Current Version
1.4
Last Release Date
2016-11-06
Compatible With
Owner
Dallas
Website
https://www.linuxincluded.com/uncovering-indicators-of-compromise/
Download URL
https://github.com/oneoffdallas/check_ioc
License
GPL
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
You must be logged in to submit a review.
Your review has been submitted and is pending approval.
To:
From:
Your recommendation has been sent.