Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update DeepBlue.ps1

Browse Source 
fixed indentation
This commit is contained in:
Netscylla
2021-09-16 13:57:35 +01:00
committed by GitHub
parent ddb9e3e0fa
commit 0c7338dd38
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
DeepBlue.ps1
View File

@ -631,7 +631,7 @@ function Check-Options($file, $log)
"Microsoft-Windows-AppLocker/EXE and DLL" {$logname="Applocker"}
"Microsoft-Windows-PowerShell/Operational" {$logname="Powershell"}
"Microsoft-Windows-Sysmon/Operational" {$logname="Sysmon"}
"Microsoft-Windows-WMI-Activity/Operational" {$logname="WMI-Activity"}
"Microsoft-Windows-WMI-Activity/Operational" {$logname="WMI-Activity"}
default {"Logic error 3, should not reach here...";Exit 1}
}
}
@ -662,7 +662,7 @@ function Create-Filter($file, $logname)
"Applocker" {$filter="@{path=""$file"";ID=$applocker_events}"}
"Powershell" {$filter="@{path=""$file"";ID=$powershell_events}"}
"Sysmon" {$filter="@{path=""$file"";ID=$sysmon_events}"}
"WMI-Activity"{$filter="@{path=""$file"";ID=$wmi_events}"}
"WMI-Activity"{$filter="@{path=""$file"";ID=$wmi_events}"}
default {"Logic error 1, should not reach here...";Exit 1}
}
}
@ -674,7 +674,7 @@ function Create-Filter($file, $logname)
"Applocker" {$filter="@{logname=""Microsoft-Windows-AppLocker/EXE and DLL"";ID=$applocker_events}"}
"Powershell" {$filter="@{logname=""Microsoft-Windows-PowerShell/Operational"";ID=$powershell_events}"}
"Sysmon" {$filter="@{logname=""Microsoft-Windows-Sysmon/Operational"";ID=$sysmon_events}"}
"WMI-Activity"{$filter="@{logname=""Microsoft-Windows-WMI-Activity/Operational"";ID=$wmi_events}"}
"WMI-Activity"{$filter="@{logname=""Microsoft-Windows-WMI-Activity/Operational"";ID=$wmi_events}"}
default {"Logic error 2, should not reach here...";Exit 1}
}
}