Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added output section

Browse Source
This commit is contained in:
Eric Conrad
2019-05-04 10:31:10 -03:00
committed by GitHub
parent 7cbb5748e4
commit 8d2c355718
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -17,6 +17,7 @@ Sample evtx files are in the .\evtx directory
- [Windows Event Logs processed](#windows-event-logs-processed)
- [Detected events](#detected-events)
- [Examples](#examples)
- [Output](#output)
- [Logging setup](#logging-setup)
- See the [DeepBlue.py Readme](README-DeepBlue.py.md) for information on DeepBlue.py
- See the [DeepWhite Readme](README-DeepWhite.md) for information on DeepWhite (detective whitelisting using Sysmon event logs)
@ -125,6 +126,20 @@ See 'Logging setup' section below for how to configure these logs
|PSAttack|`.\DeepBlue.ps1 .\evtx\psattack-security.evtx`|
|User added to administrator group|`.\DeepBlue.ps1 .\evtx\new-user-security.evtx`|
## Output
DeepBlueCLI outputs in PowerShell objects, allowing a variety of output methods and types, including JSON, HTML, CSV, etc.
For example:
|Output Type|Syntax|
|-----------|------|
|CSV|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Csv|
|HTML|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Html|
|JSON|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Json|
|GridView|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| Out-GridView|
|XML|.\DeepBlue.ps1 .\evtx\psattack-security.evtx| ConvertTo-Xml|
## Logging setup
### Security event 4688 (Command line auditing):