📄️ Detect Tor Connection
In this section, we will leverage Rego to detect Tor connection. The detection method used here is based on the following article. That is, we fetch Tor nodes information every 30 minutes, then we make a Rego detection rule by the addresses.
📄️ ETW Only Mode
You can disable detection rules and make Eolh to output ETW logs only.