Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49836207d1047f08b87febcf69be3bf72a7bd011
DeepBlueCLI/README.md
Eric Conrad 49836207d1 Minor version update
2017-08-19 13:04:31 -04:00

58 lines
1023 B
Markdown
Raw Blame History

# DeepBlueCLI
DeepBlueCLI 0.2 Beta
Eric Conrad, Backshore Communications, LLC
deepblue `at` backshore `dot` net
Twitter: @eric_conrad
http://ericconrad.com
Sample evtx files are in the .\evtx directory
## Usage:
`.\DeepBlue.ps1 <event log name> <evtx filename>`
If you see this error:
`.\DeepBlue.ps1 : File .\DeepBlue.ps1 cannot be loaded because running scripts is
disabled on this system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.`
You must run Set-ExecutionPolicy as Administrator, here is an example:
`Set-ExecutionPolicy RemoteSigned`
See `get-help Set-ExecutionPolicy` for more options.
## Examples:
### Process local Windows security event log:
`.\DeepBlue.ps1`
or:
`.\DeepBlue.ps1 -log security`
### Process local Windows system event log:
`.\DeepBlue.ps1 -log system`
or:
`.\DeepBlue.ps1 "" system`
### Process evtx file:
`.\DeepBlue.ps1 .\evtx\new-user-security.evtx`
or:
`.\DeepBlue.ps1 -file .\evtx\new-user-security.evtx`
Reference in New Issue View Git Blame Copy Permalink