Log Analysis
Explore 47 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
A module for loading Bro logs as tables in Osquery
A tool that collects and displays user activity and system events on a Windows system.
A tool that collects and displays user activity and system events on a Windows system.
A tool for analyzing Android applications in local storage with various functionalities.
A tool for analyzing Android applications in local storage with various functionalities.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
Open source framework for network traffic analysis with advanced features.
Open source framework for network traffic analysis with advanced features.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A method for log volume reduction without losing analytical capability.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.
OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.
A community-led project focused on standardizing security event logs.
A community-led project focused on standardizing security event logs.
Serverless, real-time data analysis framework for incident detection and response.
Serverless, real-time data analysis framework for incident detection and response.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
Search AWS CloudWatch logs on the command line with aws-sdk-for-go.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
Full-featured C2 framework for stealthy communication and control on web servers.
Full-featured C2 framework for stealthy communication and control on web servers.
A collection of tools that can be used with Honeyd for data analysis or other purposes
A collection of tools that can be used with Honeyd for data analysis or other purposes
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
