Run HEG-PreAssessment on your system before using HEG so you can:
- 📶 Determine logging levels of your Windows system across Security, Sysmon and PowerShell log files.
- 📚 Find which logging policies have been configured and which ones haven't.
- 🧭 Guide your roadmap to which policies should be configured next.
- ✅ Get detailed list of EventIDs and the associated event, see which ones your system can and cannot produce.
- 🕵️♂️ Know precisely which logs you are eligible for.
⚠️ No log generated - means no log to SIEM - means no detection!⚠️
Quick start:
* Download and extract repo
* Launch PowerShell as admin
* Locate and run `HEG-PA.ps1`