Windows Defender Scan with Command line

Type the following command to open the antivirus tool location and press *Enter*:
– cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
Type the following command to perform a custom antivirus scan and press *Enter*:
– MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES – In the command, make sure to specify the path to the folder you want to scan. – For example, this command scans the “Downloads” folder: – MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads
www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10#custom_scan_cmd_defender

log collection, storage, and searching

From the Bored Hacker Blog www.boredhackerblog.info/2021/12/noteslinks-about-log-collection-storage.html

*Gathering & shipping logs:*
For Windows Event Logs:
– fluentbit – docs.fluentbit.io/manual/pipeline/inputs/windows-event-log
– fluentd – docs.fluentd.org/input/windows_eventlog
– nxlog – nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog
– winlogbeat – www.elastic.co/downloads/beats/winlogbeat-oss
– promtail – grafana.com/docs/loki/latest/clients/promtail/scraping/#windows-event-log

While doing more research, I came across clickhouse (which is also supported by some of the tools above) (clickhouse.com/) Clickhouse can store json data and you can do sql queries on that data.
I also came across cloki, which is using clickhouse but emulating loki ( github.com/lmangani/cloki)
The backend is a clickhouse database and you push logs into loki emulator, just like you’d push logs into loki. cloki also supports the same query language as loki and will work with grafana loki connector.

*Sample logs:*
To play with any of the tools above without making changes in production env, you can use sample logs or data sources.
github.com/logpai/loghub – github repo that links to several sample logs
www.secrepo.com/ – logs related to security. there are some network traffic logs in there
www.sec.gov/dera/data/edgar-log-file-data-set.html – EDGAR log files
log-sharing.dreamhosters.com/ – various log files
www.logs.to/ – log generator (various types)
github.com/mingrammer/flog – log generator
certstream.calidog.io/ – certificate transparency logs
www.hivemq.com/demos/websocket-client/ / broker.mqttdashboard.com – If you want to grab MQTT demo data. I’m pretty sure people are using this for free for their projects too…

Run powershell from batch bat command line

Running Powershell from a batch file can be a bit fiddly. Fortunately, Daniel S. has provided all the details. blog.danskingdom.com/allow-others-to-run-your-powershell-scripts-from-a-batch-file-they-will-love-you-for-it/
Additional info available as well. stackoverflow.com/questions/19335004/how-to-run-a-powershell-script-from-a-batch-file stackoverflow.com/questions/46070152/how-to-run-powershell-command-in-batch-file/65911978#65911978 devblogs.microsoft.com/scripting/powertip-start-hidden-process-with-powershell/