https://github.com/zelon88/event_saver

A short and dirty script to preserve Event logs in potentially compromised environments.
https://github.com/zelon88/event_saver

automation event-listener event-monitoring opsec security-tools sysadmin-tool

Last synced: 10 months ago
JSON representation

A short and dirty script to preserve Event logs in potentially compromised environments.

• Host: GitHub
• URL: https://github.com/zelon88/event_saver
• Owner: zelon88
• License: gpl-3.0
• Created: 2020-02-06T19:31:21.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-02-06T19:39:36.000Z (about 6 years ago)
• Last Synced: 2025-02-25T17:45:21.996Z (about 1 year ago)
• Topics: automation, event-listener, event-monitoring, opsec, security-tools, sysadmin-tool
• Language: VBScript
• Homepage: https://www.HonestRepair.net
• Size: 15.6 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
NAME: Infrastructure_Heartbeat.vbs

 

TYPE: Visual Basic Script

PRIMARY LANGUAGE: 

VBS

AUTHOR: Justin Grimes

ORIGINAL VERSION DATE: 5/31/2019

CURRENT VERSION DATE: 2/6/2020

VERSION: v1.0

DESCRIPTION: 

A short and dirty script to preserve Event logs in potentially compromised environments.

PURPOSE: 

To monitor the event logs and preserve specified ones for administrator review.

INSTALLATION INSTRUCTIONS: 

1. Copy the entire "es.vbs" file to a well-hidden location on the local machine (the machine to be monitored).

2. Add a scheduled task to run the script on a designated schedule. Every 10m is adequate.

3. Check the logs frequently to see if they have captured the desired events.

4. Modify the configuration variables in the beginning of the ex.vbs file to adjust log location and preserved events.

NOTES: