Comment on page
Setting up Automated Logging
Configuring the API endpoint for automatic activity logging
Currently, two different C2 frameworks can easily integrate with Ghostwriter's GraphQL API: Mythic and Cobalt Strike. These utilities automatically create and update log entries.
You can also write scripts to integrate other frameworks and tools. All you need to get started if an API token.
To get started logging you need an API token. To use the utilities mentioned below you will want to generate an API token with an expiration date. For custom logging tools, you can consider using the
loginaction with the API.
Read more about this process here:
Note: Cobalt Strike does not associate console output with the original command. Therefore, cobalt_sync cannot automatically complete the output fields for log entries. Job IDs may be available for CObalt Strike in the future.
Note: Since Mythic associates output with the original command, the mythic_sync project will retroactively update previous log entries when output is received. This will overwrite any additional context added to the original entry within Ghostwriter before the new output was received.