Log Analysis
Explore 47 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A data curation platform that automates security data collection, transformation and routing while reducing data volume and infrastructure costs.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
A module for loading Bro logs as tables in Osquery
A tool that collects and displays user activity and system events on a Windows system.
A tool for analyzing Android applications in local storage with various functionalities.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
A forensics tool for tracking USB device artifacts on Linux machines.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
Blue-team capture the flag competition for improving cybersecurity skills.
Open source framework for network traffic analysis with advanced features.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A method for log volume reduction without losing analytical capability.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.
A community-led project focused on standardizing security event logs.
Serverless, real-time data analysis framework for incident detection and response.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
Search AWS CloudWatch logs on the command line with aws-sdk-for-go.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
Full-featured C2 framework for stealthy communication and control on web servers.
A collection of tools that can be used with Honeyd for data analysis or other purposes
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
