DeepBlueCLI is a PowerShell Module for Threat Hunting via Windows Event Logs. Usage .\DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a ‘running scripts is disabled on this system’ error. Process local Windows security event log (PowerShell must be run as Administrator): .\DeepBlue.ps1 or: .\DeepBlue.ps1 -log security Process local Windows …
Continue reading “DeepBlueCLI : A PowerShell Module For Threat Hunting Via Windows Event Logs”