[New Tool] El Jefe v2.1 – Windows Process Monitoring Released

El Jefe (pronounced ‘ell-HEFF-ay’) is a Windows based process monitoring solution. El Jefe produces a unique view into how processes are created, what privileges they possess and what child processes they spawn. All of this information is stored, and categorized into a central logging server, which allows a user to quickly see any suspicious behavior that could indicate compromise or malware proliferation.

Changelog v2.1

Improved error handling and logging in client and server.
Added Cuckoo integration with web ui (so far only to view Cuckoo’s configuration and configured machines)
Improved Cuckoo reports in webui. More detailed reports.
Added a web ui feature to select a specific vm for Cuckoo analysis.
Added Camal integration.
Added Remote Vmware integration. Now, Vmware Server could be in a different server than Cuckoo Sanbox.
Added client verification on server.
Improved the web ui interface when listing stations, a last seen column was added.
Installer settings (username, password, server and port) are set from the webui, if a new user is entered on this form the user will be created automatically no need to user scripts/addxmluser.py anymore.
Added proxy support
Added event filters that trigger an email warning or a sandbox analysis of the suspicious binary.