Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20 Commits 2 Branches 0 Tags
5a2f201331de176e9b7e97cc159895fcb47e11a8
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Eric Conrad 5a2f201331 Delete readme.md
2016-09-21 10:06:01 -04:00
evtx
Delete readme.md
2016-09-21 10:06:01 -04:00
DeepBlue.ps1
Add files via upload
2016-09-20 15:24:53 -04:00
LICENSE
Initial commit
2016-09-20 12:06:06 -04:00
README.md
Update README.md
2016-09-20 16:47:43 -04:00
regexes.txt
Add files via upload
2016-09-20 15:24:53 -04:00
whitelist.txt
Add files via upload
2016-09-20 15:24:53 -04:00

README.md

DeepBlueCLI

DeepBlueCLI 0.1 Beta

Eric Conrad, Backshore Communications, LLC

deepblue at backshore dot net

Twitter: @eric_conrad

http://ericconrad.com

Sample evtx files are in the .\evtx directory

Usage:

.\DeepBlue.ps1 <event log name> <evtx filename>

If you see this error:

.\DeepBlue.ps1 : File .\DeepBlue.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

You must run Set-ExecutionPolicy as Administrator, here is an example:

Set-ExecutionPolicy RemoteSigned

See get-help Set-ExecutionPolicy for more options.

Examples:

Process local Windows security event log:

.\DeepBlue.ps1

or:

.\DeepBlue.ps1 -log security

Process local Windows system event log:

.\DeepBlue.ps1 -log system

or:

.\DeepBlue.ps1 "" system

Process evtx file:

.\DeepBlue.ps1 .\evtx\new-user-security.evtx

or:

.\DeepBlue.ps1 -file .\evtx\new-user-security.evtx

Description
No description provided
Readme GPL-3.0 5.8 MiB
Languages
PowerShell 90.7%
Python 9.3%