-
-
Notifications
You must be signed in to change notification settings - Fork 7
Plugins
Ceramicskate0 edited this page Jul 13, 2018
·
14 revisions
SWELF Plugins are simply Powershell (.ps1) scripts that are executed by SWELF and then any output that the script has is sent as a log in the format you specify. The scripts are forced through AMSI and if the Microsoft AMSI (which could also plugin to you endpoint AV) module says its safe it is allowed to run. If its found to be malware SWELF will make sure you know.
- The directory of what you want SWLF to find in the output (just like Event Log)
C:....\Plugins\Plugin_Searchs
- The file to tell SWELF what to find in the Powershell output is here
C:....\Plugins\Plugin_Searchs\Searchs.txt
- All the Scripts that SWELF is to run as Plugins must be in this directory
C:....\Plugins\Scripts
When central configuration is utilized for plugins I left it to you to get the scripts to the endpoint to execute.
- Home
- How it Works
- Knowledge Base
- Configuration
- Searchs
- Plugins
- Usage
- Extras
- SWELF Logging
- SWELF Development