Create manua.md

manua.md

@@ -0,0 +1,137 @@
+1. Installation Instructions
+A. Linux (Bash)
+Step 1: Install Python and pip
+
+Make sure you have Python installed. You can check by running:
+
+bash
+
+python3 --version
+
+If not installed, use the following command to install Python:
+
+bash
+
+sudo apt update
+sudo apt install python3 python3-pip
+
+Step 2: Install Required Libraries
+
+Install the pywin32 library (if running on Windows) and other dependencies:
+
+bash
+
+pip3 install pywin32  # Only if you are on Windows
+
+Step 3: Create the Configuration File
+
+Create a configuration file named config.ini:
+
+bash
+
+nano config.ini
+
+Add the following content, updating the email addresses as necessary:
+
+ini
+
+[Settings]
+polling_interval = 60
+
+[Email]
+EMAIL_SENDER = [email protected]
+EMAIL_RECEIVER = [email protected]
+EMAIL_PASSWORD = your_password
+
+Save and exit (Ctrl + X, then Y, then Enter).
+Step 4: Set Environment Variables
+
+Set environment variables for email credentials:
+
+bash
+
+export EMAIL_SENDER='[email protected]'
+export EMAIL_RECEIVER='[email protected]'
+export EMAIL_PASSWORD='your_password'
+
+Step 5: Run the Script
+
+Make sure the script is executable:
+
+bash
+
+chmod +x script.py
+
+Run the script:
+
+bash
+
+python3 script.py
+
+B. Windows (PowerShell)
+Step 1: Install Python
+
+Download and install Python from the official website: python.org.
+
+During installation, ensure to check the box that says "Add Python to PATH".
+Step 2: Install Required Libraries
+
+Open PowerShell as an administrator and run:
+
+powershell
+
+pip install pywin32
+
+Step 3: Create the Configuration File
+
+Open Notepad (or any text editor) and create a file named config.ini. Add the following content:
+
+ini
+
+[Settings]
+polling_interval = 60
+
+[Email]
+EMAIL_SENDER = [email protected]
+EMAIL_RECEIVER = [email protected]
+EMAIL_PASSWORD = your_password
+
+Save the file in the same directory where you will have the Python script.
+Step 4: Set Environment Variables
+
+Set environment variables for email credentials in PowerShell:
+
+powershell
+
+$env:EMAIL_SENDER = '[email protected]'
+$env:EMAIL_RECEIVER = '[email protected]'
+$env:EMAIL_PASSWORD = 'your_password'
+
+Step 5: Run the Script
+
+Navigate to the directory containing the script and run:
+
+powershell
+
+python script.py
+
+2. Usage Instructions
+Script Overview
+
+The script monitors Windows Security event logs for specific event IDs related to CVE-2024-38124 and CVE-2024-43468. It will log suspicious activities and send email alerts when such activities are detected.
+Configuration Options
+
+    Polling Interval: The interval (in seconds) for checking the event logs can be adjusted in the config.ini file.
+    Email Settings: Ensure to set your email credentials in the configuration file or via environment variables.
+
+Log Output
+
+    The script generates a log file named cve_alerts.log in the same directory, which contains details about detected suspicious activities and alert messages.
+
+Stopping the Script
+
+To stop the script, simply press Ctrl + C in the terminal or PowerShell window.
+Troubleshooting
+
+    Permissions: Ensure you run the script with administrative privileges to access event logs.
+    Log File Size: Regularly check cve_alerts.log to manage disk space.