From 434d2c5a3d289cca1ee7bd154f2294d9a227fb28 Mon Sep 17 00:00:00 2001 From: SOCFortress <95670863+socfortress@users.noreply.github.com> Date: Sat, 20 Aug 2022 09:20:37 -0500 Subject: [PATCH] Update README.md --- Windows Logon Sessions/README.md | 53 ++++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/Windows Logon Sessions/README.md b/Windows Logon Sessions/README.md index 4b8dbf3..060dd80 100644 --- a/Windows Logon Sessions/README.md +++ b/Windows Logon Sessions/README.md @@ -1,8 +1,19 @@ -### Sysinternals - Logonsessions [![N|Solid](https://cdn-icons-png.flaticon.com/128/6939/6939131.png)](https://myservice.socfortress.co/explore?left=%7B%22datasource%22:%22WAZUH%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:$get_alert_id.hits.hits.#._id%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D) [![N|Solid](https://cdn-icons-png.flaticon.com/128/406/406217.png)](https://hunt.socfortress.co) [![N|Solid](https://cdn-icons-png.flaticon.com/128/4840/4840332.png)](https://servicedesk.socfortress.co/help/2979687893) -### Description -## Sysinternals Logonsessions - Official documentation. +[](https://www.socfortress.co/) + +# Sysinternals - Logonsessions [![Awesome](https://img.shields.io/badge/SOCFortress-Worlds%20First%20Free%20Cloud%20SOC-orange)](https://www.socfortress.co/trial.html) +> If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session. + +[![MIT License][license-shield]][license-url] +[![LinkedIn][linkedin-shield]][linkedin-url] +[![your-own-soc-free-for-life-tier](https://img.shields.io/badge/Get%20Started-FREE%20FOR%20LIFE%20TIER-orange)](https://www.socfortress.co/trial.html) + + +## Description + +[Sysinternals Logonsessions - Official documentation.](https://docs.microsoft.com/en-us/sysinternals/downloads/logonsessions) + +## Wazuh Integration -Wazuh Integration Wazuh Capability: Wodles Command Log Output: Active Response Log @@ -40,10 +51,34 @@ Foreach ($item in $Sessions_Output_Array) { echo $item | ConvertTo-Json -Compress | Out-File -width 2000 C:\"Program Files (x86)"\ossec-agent\active-response\active-responses.log -Append -Encoding ascii } ``` ----------------------------------------------------------------------------------- -

- -logo_website (1) + +## Need Help? + +SOCFortress - [![LinkedIn][linkedin-shield]][linkedin-url] - info@socfortress.co + +

+

Let SOCFortress Professional Services Take Your Open Source SIEM to the Next Level

+ + Banner -

+ + +
+ + + +[contributors-shield]: https://img.shields.io/github/contributors/socfortress/Wazuh-Rules +[contributors-url]: https://github.com/socfortress/Wazuh-Rules/graphs/contributors +[forks-shield]: https://img.shields.io/github/forks/socfortress/Wazuh-Rules +[forks-url]: https://github.com/socfortress/Wazuh-Rules/network/members +[stars-shield]: https://img.shields.io/github/stars/socfortress/Wazuh-Rules +[stars-url]: https://github.com/socfortress/Wazuh-Rules/stargazers +[issues-shield]: https://img.shields.io/github/issues/othneildrew/Best-README-Template.svg?style=for-the-badge +[issues-url]: https://github.com/othneildrew/Best-README-Template/issues +[license-shield]: https://img.shields.io/badge/Help%20Desk-Help%20Desk-blue +[license-url]: https://servicedesk.socfortress.co/help/2979687893 +[linkedin-shield]: https://img.shields.io/badge/Visit%20Us-www.socfortress.co-orange +[linkedin-url]: https://www.socfortress.co/ +[fsecure-shield]: https://img.shields.io/badge/F--Secure-Check%20Them%20Out-blue +[fsecure-url]: https://www.f-secure.com/no/business/solutions/elements-endpoint-protection/computer