You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have taken all of the artifacts from the SANS FOR500 (red) poster and converted them into conditional coloring rules. Applying the rules will cause the "Name" column for an artifact to be highlighted with roughly the same color as the poster. Additionally, the color pink is used to highlight and callout encrypted files in general since those are probably important. This config gives you over 100 rules which you can immediately use or disable individually if you find one that you don't like.
## Installation
If installing Conditional Coloring.cfg, go to Options -> Directory Browser -> "Store dir. browser settings in cases" and make sure it is unchecked. When XWF is not running, replace the included file (Tooltips.txt or Conditional Coloring.cfg) in the main XWF installation directory with the one from this repo. Launch XWF and enable the associated feature if it is not already turned on.
