check_wmi_os_security

Script monitoring not only Windows security components by WMI. Tested on Windows Server 2019/2022 64-bit. Tested on Python version: 3.6.8. - Windows Firewall status monitoring - Define your own WQL query and your own namespace. It is possible to monitor any WMI item there :) (Monitoring Windows Service, Windows Share, Windows - Process, Disk partitions, etc.) - Windows EventLog monitoring example ( very small SIEM smiley ): Monitoring user operations such as user creation, deletion, password change, locking, etc. Monitoring dump memory (read RDP passwords cleartext/hash from memory) Account login failed multiple times Powershell security 'Set-ExecutionPolicy Bypass' Windows Defender Antivirus (disable engine, found virus, etc.) Symantec Antivirus (disable engine, found virus, etc.) Scheduled task was created etc. - Windows Network monitoring - Monitoring Windows Users (for example lockusers) - Windows Uptime monitoring - Windows Timezone monitoring - Windows Domain/Workgroup monitoring - Windows S/N monitoring, HW information (ideal for physical servers) - OS information etc.

You must be logged in to submit a review.

Your review has been submitted and is pending approval.

Your recommendation has been sent.

Project Overview Project Notes Reviews