Skip to content

Robicus/DeepBlueCLI

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
evtx
evtx
 
 
.gitattributes
.gitattributes
 
 
DeepBlue.ps1
DeepBlue.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
regexes.txt
regexes.txt
 
 
whitelist.txt
whitelist.txt
 
 

Repository files navigation

DeepBlueCLI

DeepBlueCLI 0.1 Beta

Eric Conrad, Backshore Communications, LLC

deepblue at backshore dot net

Twitter: @eric_conrad

http://ericconrad.com

Sample evtx files are in the .\evtx directory

Usage:

.\DeepBlue.ps1 <event log name> <evtx filename>

If you see this error:

.\DeepBlue.ps1 : File .\DeepBlue.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

You must run Set-ExecutionPolicy as Administrator, here is an example:

Set-ExecutionPolicy RemoteSigned

See get-help Set-ExecutionPolicy for more options.

Examples:

Process local Windows security event log:

.\DeepBlue.ps1

or:

.\DeepBlue.ps1 -log security

Process local Windows system event log:

.\DeepBlue.ps1 -log system

or:

.\DeepBlue.ps1 "" system

Process evtx file:

.\DeepBlue.ps1 .\evtx\new-user-security.evtx

or:

.\DeepBlue.ps1 -file .\evtx\new-user-security.evtx

or:

\DeepBlue.ps1 -file .\evtx\psattack-security.evtx -format csv -path ./

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%