Copyright 2018-2019 Crown Copyright
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
The National Cyber Security Centre (NCSC) is a UK Government department with the mission of:
"Helping to make the UK the safest place to live and work online."
..more can be found on www.ncsc.gov.uk.
Prerequisites - Start deployment here
Chapter 1 - Set up Windows Event Forwarding
Chapter 3A – Database (Easy Method)
Chapter 3B – Database (Manual Method)
Chapter 4 - Post Install Actions
- Shane M, NCSC Technical Lead.
- Lucy A, David L and Oli T, Cabinet Office Government Security Group, funding and project management.
- Adam B, NCSC, Customer Liaison / Developer.
- Duncan A, NCC Group, Lead Developer.
- Harry G and Alfie T, NCSC, creating visualisations.
These organisations spent time trialing earlier versions of LME which was critical to development and publication.
- Diane L at Ofqual
- Gavin M at Creative Scotland
- Carol P and Andy M at Renfrewshire Council
- Chris B and Andrew H at Cardiff Council
- Julian D and the team at Companies House
- Martin O at TeamGB
- The NCSC CAPRI team
- David C
- Roberto Rodriguez (@Cyb3rWard0g and @THE_HELK) provided guidance and authored HELK (similar to LME but more featured) HELK on Github
- Carl Morris sharing experiences behind his 44Con presentation
- SwiftOnSecurity for creating an open-source Sysmon configuration which we refer to.
- Jessica Payne acknowledging her WEFFLES blog highlighting what's possible with in-built Windows functionality.
- Ryan Watson and Syspanda from which the Sysmon install script was adapted from.
- Sysmon from the Sysinternals team at Microsoft.
- Elasticsearch, Logstash, Kibana and Winlogbeat from Elastic.co and their github
- Docker Community Edition