# Blue Team

- [elastalert.py](/projects/blue-team/elastalert.py.md)
- [Windows Event Fowarder](/projects/blue-team/windows-event-fowarder.md): This lays out how to create a sbuscription (both source and collector initiated) that collects selected forwarded .evtx event logs from a workstation to a domain controller.
- [Custom EVTX Logs](/projects/blue-team/custom-evtx-logs.md)
- [Flags](/projects/blue-team/flags.md)
- [Tempest](/projects/blue-team/flags/tempest.md): Flags