Giter Site home page Giter Site logo

Comments (5)

joswr1ght avatar joswr1ght commented on July 22, 2024

This seems like something Posh-Syslog would help with. The nice thing about DBCLI is that the output is just PowerShell objects, so you can integrate the output with any other PowerShell pipeline tool. I imagine DeepBlue.ps1 | ForEach-Object { Send-SyslogMessage -Server '127.0.0.1' -Message "$_.Message - $_.Results" -Severity 'Alert' -Facility 'local0' } might do the trick!

Give that a shot and feel free to close this once you have some results.

from deepbluecli.

therajvira avatar therajvira commented on July 22, 2024

Hey Joshua,

Thanks a lot, this has worked for us.

Regards

from deepbluecli.

therajvira avatar therajvira commented on July 22, 2024

Hi Team,

Is there any way to forward the DeepBlueCLI logs in a JSON format using Posh-Syslog? This will be really helpful.

Any help would be appreciated.

Regards.
Raj Vira.

from deepbluecli.

joswr1ght avatar joswr1ght commented on July 22, 2024

You have some options.

PowerShell supports ConvertTo-JSON which could be used to take the DBCLI output and convert it to JSON, but then it's a single JSON blob. I don't know if that's what you want, and it might exceed the length limitation for Syslog messages if there are a lot of alerts, but it's straightforward in PowerShell:

PS C:\Users\Sec504\Downloads\DeepBlueCLI> .\DeepBlue.ps1 | ConvertTo-JSON -OutVariable json
[
    {
        "Date":  "\/Date(1655033354955)\/",
        "Log":  "Security",
        "EventID":  4672,
        "Message":  "Multiple admin logons for one account",
        "Results":  "Username: Sec504\nUser SID Access Count: 2",
        "Command":  "",
        "Decoded":  ""
    },
    {
        "Date":  "\/Date(1655033354955)\/",
        "Log":  "Security",
        "EventID":  4672,
        "Message":  "Multiple admin logons for one account",
        "Results":  "Username: Sec504\nUser SID Access Count: 2",
        "Command":  "",
        "Decoded":  ""
    }
]
PS C:\Users\Sec504\Downloads\DeepBlueCLI> Send-SyslogMessage -Server '127.0.0.1' -Facility local0 -severity alert -message $json

Otherwise, you could send each alert as its own JSON blob with a ForEach-Object loop:

PS C:\Users\Sec504\Downloads\DeepBlueCLI> .\DeepBlue.ps1 | ForEach-Object { $_ |COnvertTo-Json -outvariable json ; Send-SyslogMessage -Server '127.0.0.1' -Facility local0 -severity alert -message $json }
{
    "Date":  "\/Date(1655033354955)\/",
    "Log":  "Security",
    "EventID":  1102,
    "Message":  "Audit Log Clear",
    "Results":  "The Audit log was cleared.\nAccount Name:\tSec504",
    "Command":  "",
    "Decoded":  ""
}
{
    "Date":  "\/Date(1655033354955)\/",
    "Log":  "Security",
    "EventID":  4672,
    "Message":  "Multiple admin logons for one account",
    "Results":  "Username: Sec504\nUser SID Access Count: 2",
    "Command":  "",
    "Decoded":  ""
}

Good luck!

from deepbluecli.

therajvira avatar therajvira commented on July 22, 2024

Hey Joshua,

Thanks a lot again, this has worked for us.

Regards

from deepbluecli.

Related Issues (15)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.