Skip to content
/ Event_Saver Public

A short and dirty script to preserve Event logs in potentially compromised environments.

www.HonestRepair.net

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zelon88/Event_Saver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
es.vbs
es.vbs
 
 
es.vbs_Readme..txt
es.vbs_Readme..txt
 
 

Repository files navigation

NAME: Infrastructure_Heartbeat.vbs

TYPE: Visual Basic Script

PRIMARY LANGUAGE: VBS

AUTHOR: Justin Grimes

ORIGINAL VERSION DATE: 5/31/2019

CURRENT VERSION DATE: 2/6/2020

VERSION: v1.0

DESCRIPTION: A short and dirty script to preserve Event logs in potentially compromised environments.

PURPOSE: To monitor the event logs and preserve specified ones for administrator review.

INSTALLATION INSTRUCTIONS:

  1. Copy the entire "es.vbs" file to a well-hidden location on the local machine (the machine to be monitored).

  2. Add a scheduled task to run the script on a designated schedule. Every 10m is adequate.

  3. Check the logs frequently to see if they have captured the desired events.

  4. Modify the configuration variables in the beginning of the ex.vbs file to adjust log location and preserved events.

NOTES:

About

A short and dirty script to preserve Event logs in potentially compromised environments.

www.HonestRepair.net

Topics

automation event-listener opsec security-tools event-monitoring sysadmin-tool

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages