In this video I'll show you how to use the Windows Task Scheduler to automate DeepBlueCLI to look for evidence of attackers on your network. I'll load it into Python Pandas real quick just to show that it's been properly analyzed.

If you are interested in a video showing how to use Filebeat to load into the Elastic Stack or how to remotely ingest evtx files, please leave a comment and let me know.

DeepBlueCLI is a PowerShell module created by Eric Conrad for hunting threats through Windows event logs.

DeepBlueCLI can be downloaded for free here:
https://github.com/sans-blue-team/DeepBlueCLI

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.