Comments (5)
This seems like something Posh-Syslog would help with. The nice thing about DBCLI is that the output is just PowerShell objects, so you can integrate the output with any other PowerShell pipeline tool. I imagine DeepBlue.ps1 | ForEach-Object { Send-SyslogMessage -Server '127.0.0.1' -Message "$_.Message - $_.Results" -Severity 'Alert' -Facility 'local0' }
might do the trick!
Give that a shot and feel free to close this once you have some results.
from deepbluecli.
Hey Joshua,
Thanks a lot, this has worked for us.
Regards
from deepbluecli.
Hi Team,
Is there any way to forward the DeepBlueCLI logs in a JSON format using Posh-Syslog? This will be really helpful.
Any help would be appreciated.
Regards.
Raj Vira.
from deepbluecli.
You have some options.
PowerShell supports ConvertTo-JSON
which could be used to take the DBCLI output and convert it to JSON, but then it's a single JSON blob. I don't know if that's what you want, and it might exceed the length limitation for Syslog messages if there are a lot of alerts, but it's straightforward in PowerShell:
PS C:\Users\Sec504\Downloads\DeepBlueCLI> .\DeepBlue.ps1 | ConvertTo-JSON -OutVariable json
[
{
"Date": "\/Date(1655033354955)\/",
"Log": "Security",
"EventID": 4672,
"Message": "Multiple admin logons for one account",
"Results": "Username: Sec504\nUser SID Access Count: 2",
"Command": "",
"Decoded": ""
},
{
"Date": "\/Date(1655033354955)\/",
"Log": "Security",
"EventID": 4672,
"Message": "Multiple admin logons for one account",
"Results": "Username: Sec504\nUser SID Access Count: 2",
"Command": "",
"Decoded": ""
}
]
PS C:\Users\Sec504\Downloads\DeepBlueCLI> Send-SyslogMessage -Server '127.0.0.1' -Facility local0 -severity alert -message $json
Otherwise, you could send each alert as its own JSON blob with a ForEach-Object
loop:
PS C:\Users\Sec504\Downloads\DeepBlueCLI> .\DeepBlue.ps1 | ForEach-Object { $_ |COnvertTo-Json -outvariable json ; Send-SyslogMessage -Server '127.0.0.1' -Facility local0 -severity alert -message $json }
{
"Date": "\/Date(1655033354955)\/",
"Log": "Security",
"EventID": 1102,
"Message": "Audit Log Clear",
"Results": "The Audit log was cleared.\nAccount Name:\tSec504",
"Command": "",
"Decoded": ""
}
{
"Date": "\/Date(1655033354955)\/",
"Log": "Security",
"EventID": 4672,
"Message": "Multiple admin logons for one account",
"Results": "Username: Sec504\nUser SID Access Count: 2",
"Command": "",
"Decoded": ""
}
Good luck!
from deepbluecli.
Hey Joshua,
Thanks a lot again, this has worked for us.
Regards
from deepbluecli.
Related Issues (15)
- Check-Service function HOT 1
- Powershell local (-log) or remote (-file) arguments shows no results HOT 1
- deepbluecli for siem HOT 2
- README.md correction for Examples HOT 1
- Errors on Application.evtx HOT 3
- Add Event ID 1102 HOT 1
- DeepWhite-collector
- ConvertTo-Json - login failures not output correctly
- Defender detecting zip as vir us HOT 1
- Blocked by WinDefender - Powersploit HOT 1
- Logic error 3, should not reach here.. HOT 1
- DeepBlue.ps1 not Found. HOT 2
- Ingest into Security Onion
- allow for json type input
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deepbluecli.