Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
An implementation of a Windows Event Collector server running on GNU/Linux.
Automated forensic logging system for Windows Audit Logs. Features a decoupled pipeline using Logstash for routing, Redis for buffering, and a custom Python consumer for asynchronous ingestion into immudb. Provides immutable data persistence and real-time ELK analytics to ensure ISO/IEC 27001 (Control 8.15) compliance.
An open-source log collector for collecting logs from Windows Event Forwarding
Setup-Guide for the central Logserver Graylog (dockerized)
🚀 Enhanced PowerShell script for configuring Windows Remote Management (WinRM) for log collection via Windows Event Collector (WEC). Supports HTTP/HTTPS listeners with comprehensive security features, firewall configuration, and certificate management.
Splunk Add-on to import Windows WEC subscription information
Splunk App that provides some dashboards for Windows WEC telemetry data retrieved using the Windows WEC Add-On
Ansible role for deploying WEFC subscriptions.
Scripts to automate the setup and configuration of windows event collector.
Winlogbeat installation for Windows Event Collectors (WEFCs)
🛡️ Collect macOS security logs and system diagnostics for incident response, packaging insights into a timestamped ZIP archive for easy analysis.
Add a description, image, and links to the windows-event-collector topic page so that developers can more easily learn about it.
To associate your repository with the windows-event-collector topic, visit your repo's landing page and select "manage topics."