cole@cybertek.systems
5b2c329d15
|
||
|---|---|---|
| event_log_monitoring | ||
| lolrmm | ||
| network_traffic_monitor | ||
| README.md | ||
README.md
Cybertek Detection Scripts
Internal review only — shared with Cybertek colleagues for code review and further development.
Syncro RMM scripts used by Cybertek Systems for endpoint security monitoring. Each script runs on a schedule via Syncro and raises alerts when suspicious activity is detected.
Scripts
Network Traffic Monitor
network_traffic_monitor/network_traffic_monitor.ps1
Monitors active network connections for malicious IPs using live threat intelligence feeds (aggregated hourly from abuse.ch, Emerging Threats, and others). Raises a Syncro alert categorized as network_traffic_critical or network_traffic_warning depending on threat severity.
LoLRMM Detector
lolrmm/lolrmm_syncro_detector.ps1
Detects unauthorized Remote Monitoring and Management (RMM) tools running on endpoints. Checks running processes and installed software against the lolrmm.io database of known RMM tools. Raises a Syncro alert if any unapproved RMM tool is found.
Event Log Monitor
event_log_monitoring/event_log_monitor.ps1
Monitors the Windows Security Event Log for high-value security events — including failed logon attempts, privilege escalation, account lockouts, and suspicious process activity. Raises Syncro alerts categorized by severity.
Deployment
All scripts are deployed and scheduled via Syncro RMM. Each script is self-contained and requires only a Syncro API key configured as a Script Variable within the Syncro platform.