Skip to content

Plugins

Ceramicskate0 edited this page Jul 13, 2018 · 14 revisions

SWELF PLugins:

Summary:

SWELF Plugins are simply Powershell (.ps1) scripts that are executed by SWELF and then any output that the script has is sent as a log in the format you specify. The scripts are forced through AMSI and if the Microsoft AMSI (which could also plugin to you endpoint AV) module says its safe it is allowed to run. If its found to be malware SWELF will make sure you know.

Plugins Layout:

  • The directory of what you want SWLF to find in the output (just like Event Log)

C:....\Plugins\Plugin_Searchs

  • The file to tell SWELF what to find in the Powershell output is here

C:....\Plugins\Plugin_Searchs\Searchs.txt

  • All the Scripts that SWELF is to run as Plugins must be in this directory

C:....\Plugins\Scripts

IMPORTANT NOTE:

When central configuration is utilized for plugins I left it to you to get the scripts to the endpoint to execute.

Clone this wiki locally