Home / Operations Management / Endpoint Security / Event Forwarding Guidance
Event Forwarding Guidance

Event Forwarding Guidance

Pricing: Free
Write a Review Visit Website
Event Forwarding Guidance

What is Event Forwarding Guidance

ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.

This Repository Provides Resources for Administrators

This repository provides resources to help administrators collect security-related Windows event logs using Windows Event Forwarding (WEF).

This repository supports the Spotting the Adversary with Windows Event Log Monitoring paper

This repository serves as a companion resource to the paper titled Spotting the Adversary with Windows Event Log Monitoring.

The Updated List of Events in...

The list of events in this repository is more current than those presented in the paper.

The List of Events in This Repository

The events listed in this repository are more current than those found in the paper. There are scripts available to create custom Event Log views and to set up WEF subscriptions. WEF subscriptions are provided in XML format. Here are some useful links for Microsoft Windows Event Forwarding resources: Use Windows Event Forwarding to assist with intrusion detection, along with references for security auditing and monitoring on Windows 10 and Windows Server 2016. You can find Microsoft's Threat Protection guidelines for advanced security audit policy settings and security auditing. Additionally, there is a list of important events from Microsoft, and resources from Microsoft SysInternals, including Sysmon. For further information, visit the ACSC GitHub Windows Event Logging repository and the ACSC Windows Event Logging Technical documentation.
 

Event Forwarding Guidance Reviews

Write a Review

No reviews yet. Be the first to review this tool!

Write a Review

Share your experience with Event Forwarding Guidance tool and help others make informed decisions.

Featured

Specops Software
Free
Password Management

Specops Software View Specops Software

Specops Software empowers organizations to fortify their IT security by addressing the critical vulnerability of password management and authentication. As a premier vendor, Specops Software provides advanced solutions designed to proactively block weak passwords, enforce robust authentication protocols, and ensure compliance with stringent industry standards like CJIS and HITRUST. With deep native integration into Active Directory and on-premises data storage, Specops Software offers unparalleled security and control for sensitive business data.

Active Directory password policy auditing against compliance standards
Breached password detection for over 900 million known compromised passwords
Zero-trust access evaluation and enhancement
Infisical
Free
Password Management

Infisical View Infisical

Infisical is the premier open-source platform designed for unified management of secrets, certificates, and configurations across your entire organization. It seamlessly integrates into your development workflows, CI/CD pipelines, and cloud infrastructure, ensuring secure storage and automated injection of sensitive information. Empower your team with robust features like versioning, point-in-time recovery, comprehensive audit logging, and automated secret rotation for enhanced security and operational efficiency.

Open-source secrets management platform
Unified management of secrets, certificates, and configs
Seamless integration with development workflows and CI/CD
Click Studios
Free
Password Management

Click Studios View Click Studios

Click Studios is an Australian-based Agile software development company dedicated to evolving Passwordstate, their robust Enterprise Password Management solution. Continuously refined through customer insights and cybersecurity advancements, Passwordstate offers advanced features for secure sensitive information management and stringent compliance. Click Studios provides scalable, secure, and user-friendly password management solutions, empowering businesses globally with affordable and reliable access control.

Secure Enterprise Password Management
Continuous Feature Enhancement
Customer Feedback Driven Development

Similar Tools

Trend Vision One - Endpoint Security
Free
Endpoint Security

Trend Vision One - Endpoint Security View Trend Vision One - Endpoint Security

AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.

Absolute Control
Free
Endpoint Security

Absolute Control View Absolute Control

Comprehensive endpoint protection solution providing advanced threat detection, proactive defense, and efficient management.

OSSEC
Free
Endpoint Security

OSSEC View OSSEC

OSSEC is a robust, open-source Host-based Intrusion Detection System (HIDS) designed for comprehensive security monitoring and analysis across diverse platforms. Its advanced capabilities include deep log analysis, file integrity verification, rootkit detection, and real-time alerting, ensuring continuous protection against threats. OSSEC excels at centralized policy enforcement and active response, making it an indispensable tool for maintaining robust security postures in complex IT environments.

Scalable, multi-platform Host-based Intrusion Detection System (HIDS)
Advanced log analysis and correlation engine
File integrity checking and monitoring
ClamAV
Free
Endpoint Security

ClamAV View ClamAV

ClamAV is a robust, open-source antivirus engine designed for comprehensive threat detection across diverse environments. Its versatile architecture is ideal for defending email gateways, web servers, and endpoints from malware, viruses, and other malicious threats. Optimized for scalability and performance, ClamAV offers a flexible multi-threaded daemon, efficient command-line tools, and automated signature updates, establishing itself as the de facto standard for secure email and network infrastructure.

Open-source Antivirus Engine
Email Gateway Scanning
Web Server Protection
Zeek Agent
Free
Endpoint Security

Zeek Agent View Zeek Agent

AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.

YARA-Endpoint
Free
Endpoint Security

YARA-Endpoint View YARA-Endpoint

The official security guide for Red Hat Enterprise Linux 7, providing detailed information on securing the operating system.