DeepBlueCLI

• DeepBlueCLI is a tool created by Eric Conrad of the SANS Institute, and is a PowerShell tool used to parse and analyze event logs.
• To run DeepBlue, you need to first modify your system's PowerShell Execution Policy to allow scripts to run.

Usage

• .\DeepBlue.ps1 <event log name> <evtx filename>

Metadata

Sources

DeepBlueCLI | SANS Institute
GitHub - sans-blue-team/DeepBlueCLI
DeepBlueCLI – PowerShell Module for Threat Hunting - Security Investigation
Threat%20Hunting%20via%20Windows%20Event%20Logs%20Secwest%202019.pdf

Tags

#tools_sec