cnicholas
/
Cybertek-Detection-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Cybertek-Detection-Scripts/lolrmm
History
cole@cybertek.systems 5b2c329d15 Add per-folder READMEs and network traffic monitor project.md 2026-03-16 09:21:13 -05:00
..
README.md Add per-folder READMEs and network traffic monitor project.md 2026-03-16 09:21:13 -05:00
lolrmm_syncro_detector.ps1 Initial commit: network traffic monitor, lolrmm detector, event log monitor 2026-03-16 09:14:51 -05:00
project.md Initial commit: network traffic monitor, lolrmm detector, event log monitor 2026-03-16 09:14:51 -05:00

README.md

LoLRMM Detector

Detects unauthorized Remote Monitoring and Management (RMM) tools on Windows endpoints by comparing running processes, services, scheduled tasks, network connections, and registry artifacts against the live lolrmm.io catalog. Raises a Syncro alert when unapproved RMM tooling is found.

See project.md for full architecture, detection layers, allowlist design, and deployment details.

Files

File Description
lolrmm_syncro_detector.ps1 Main Syncro script — deploy this
project.md Architecture, detection layers, allowlist design, deployment guide