/check_ioc

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response). For more information on the script and the logic behind it, check out https://www.linuxincluded.com/uncovering-indicators-of-compromise.

Primary LanguagePowerShellGNU General Public License v2.0GPL-2.0

check_ioc

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response), or even from another monitoring system. The script is heavily commented and very readable with numerous usage examples in the script itself. For more information on the script and the logic behind it, check out https://www.linuxincluded.com/uncovering-indicators-of-compromise. Enjoy!