Releases: ceramicskate0/SWELF
0.4.1.0
Bug fixes:
issue 67
0.4.0.0
Bug Fixes:
- Issue 62
Added Feature:
- Dumb File of Hashs and IPs seen in logs
0.3.4.0
Fixed:
- Issue 58
Added:
- Ability of user to send to more than 514(only sends udp) (514udp is default)
- Added new output format of key=value
- Added SWELF ignore approved by AMSI script to be ignored in swelf plugin log forward
- Reconfigured error log output format to key=value
- Reset default output to keyvalue
0.3.3.0
Added features from issues:
-51
-52
-53
Fixed Plugin Output being cases sensitve to find results.
0.3.2.2
Changes/Fixes to SWELF(0.3.0.0-0.3.2.1):
-Fixed bug in logic for CHECK_if_all_Search_Terms_have_Indexed_LogsSources(). Some EventLogs not added in some cases.
-Added ability to read in all evtx files from a folder when run and output either .csv or write them to the local machines event logs
-'log_level' search command added. It will search windows event log for severity level of event log and return just those logs.
-'not_in_log' search command added. It will search the eventlog in search command (must have evnt log name). it will search to see if it does not contain information.
-added command to appconsole.conf 'logging_level' to filter app logging based on Verbose=0,Infomrtaion=1,Warning=2,Critical=3. value logged will be based on level and above.
-Powershell plugin logic bug fixes to make it not always fail to eval input.
-SWELF will MD5 each plugin run and try to pass through AMSI. If found to be bad will log and report md5 of script in all configured output and log formats.
-Renamed all SWELF windows eventlogs from non existent informational severity to information
-NEW Central config command 'central_plugin_search_config' web dir of searchs files
-Added local machine name to every error log entry.
-Fixed EventLogID_PlaceHolder central config so that it will now update centrally
-Replaced appgenerated default searchs.txt and Eventlog_with_PlaceKeeper.txt file contents
-Error logging and app loggin further refined and issue with duplicate error logging fixed.
-Bug fix where SWELF would send each log source in order instead of all logs.
-Command -Evtx_folder
-Documented https://github.com/ceramicskate0/SWELF/wiki/CommandLine-Inputs-Args-for-local-usage
-Also if the -Output_CSV command is not present default is to write to local event log now
Additionally Resolved Issues:
-48 (MAJOR ISSUE with 0.3.* Build)
-47 (Windows Event Log Security Checks)
0.2.0.3
Fixed:
Evtx local file reads not working and always erroring
Enhanced:
Reduced memory requirements
0.2.0.2
Resolved Issues:
32
30
35
31
New Features:
-Whitelisting by Search function NOT SWELF command
-SWELF eventlogs retain more original eventlog infor (Eventlog name and event id)
-Powershell Plugins now accepted by SWELF (this means SWELF will now run Powershell)(Central Config not supported in this release)
-SWELF now conducts some Windows eventlog tampering checks and will alert user if detected.
Major Bug Fixes:
-SWELF APP Error logging more than 1 error is now logged
Notes:
Icon Added to App (SWELF GOT A LOGO!!!)
Memory allocation reduced while app runs
0.2.0.1
Sec Enhancement for outputing to csv
Central Configuration and Local EVTX Reads
Changes
Feature Additions:
Central Configuration
Local EVTX file Reads via CMD line input output findings in csv
and Bug Fixes
v.0.1.1.0
Added:
-Ability to combine search commands into all search's so it can now be applied to logs or events and not just all data
-App binary renamed
-Regex searching added
-Code refactor
-All search's moved to LINQ (makes it faster)
-Bug fixes continue >:|