[New Tool] El Jefe v2.1 – Windows Process Monitoring Released
El Jefe (pronounced ‘ell-HEFF-ay’) is a Windows based process monitoring solution. El Jefe produces a unique view into how processes are created, what privileges they possess and what child processes they spawn. All of this information is stored, and categorized into a central logging server, which allows a user to quickly see any suspicious behavior that could indicate compromise or malware proliferation.
- Improved error handling and logging in client and server.
- Added Cuckoo integration with web ui (so far only to view Cuckoo’s configuration and configured machines)
- Improved Cuckoo reports in webui. More detailed reports.
- Added a web ui feature to select a specific vm for Cuckoo analysis.
- Added Camal integration.
- Added Remote Vmware integration. Now, Vmware Server could be in a different server than Cuckoo Sanbox.
- Added client verification on server.
- Improved the web ui interface when listing stations, a last seen column was added.
- Installer settings (username, password, server and port) are set from the webui, if a new user is entered on this form the user will be created automatically no need to user scripts/addxmluser.py anymore.
- Added proxy support
- Added event filters that trigger an email warning or a sandbox analysis of the suspicious binary.
Supported Platforms and Installations
- Client: – Windows 2000/XP (32/64) to Windows 7 (32/64)
- Server: – VMWare Player/Workstation