Skip to content

Latest commit

 

History

History
74 lines (51 loc) · 3.3 KB

README.md

File metadata and controls

74 lines (51 loc) · 3.3 KB

EDR - PowerShield 🧿

🔐 EDR Security Solution:

EDR is powerful tool combines IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) capabilities into a single, efficient package. Leveraging PowerShell scripts, it continuously monitors network activity, isolates compromised machines upon detecting anomalies, and send detailed alerts and triage reports via email and Slack. It consider to be vital asset for proactive network security management.

MIT License LinkedIn Medium

📱Features

  • Advanced Monitoring: Continuously monitors network activities to detect any anomalies or suspicious behavior.
  • Automated Isolation: Instantly isolates compromised machines from the network upon detecting multiple failed login attempts.
  • Real-time Alerts: Sends immediate notifications and detailed triage reports over email and slack channel.
  • Customizable Options: Allows users to specify target IP ranges and port lists.
  • Scalable and Efficient: Designed to handle large-scale network environments with minimal resource usage, ensuring robust security management

🛠 Installation / Setup

🔗 Prerequisites:

  • PowerShell 5.1 or later
  • An active Slack Webhook URL
  • email address for send triaged report.
  1. Clone the Repository

    git clone https://github.com/DNcrypter/EDR-PowerShield.git
    
  2. Navigate to Directory

    cd EDR-PowerShield
  3. Configure cofig.ps1 file

$global:NetworkAdapter = "Ethernet" # Change to your network adapter name
$global:SlackWebhookUrl = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
$global:SmtpServer = "smtp.yourmailserver.com"
$global:SmtpFrom = "alert@yourdomain.com"
$global:SmtpTo = "admin@yourdomain.com"
$global:SmtpSubject = "Alert: System Compromised"

Note: Ensure MonitorLoginAttempts.ps1, isolate.ps1, and send_slack_mail.ps1 are in the same directory as config.ps1.

  1. Run the Monitoring Script
powershell -ExecutionPolicy Bypass -File .\MonitorLoginAttempts.ps1
  1. Set Up Script to Run on Startup
  • Open Task Scheduler and create a new task.

  • Set the trigger to "At startup".

  • Set the action to "Start a Program" and point to the MonitorLoginAttempts.ps1 script.

  • Ensure the task is set to run with the highest privileges.

Screenshot 1

Screenshot 2

🍁 Future release

I am working on this project some more ideas are in my mind. Some more advancement i am thinking and you will get to see advance features in future release....

tip:- "Fellow researchers, focus on understanding concepts deeply rather than rote memorization. Practice, practice, and practice again."

📝 Contributions

Pull requests are always welcome and appreciated. Your contributions help make this project even better for everyone.