46 tools and resources
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
A module for loading Bro logs as tables in Osquery
A tool that collects and displays user activity and system events on a Windows system.
A tool for analyzing Android applications in local storage with various functionalities.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
A forensics tool for tracking USB device artifacts on Linux machines.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
SSHoney is an SSH honeypot for logging SSH connection attempts.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
Blue-team capture the flag competition for improving cybersecurity skills.
A honeypot for the SSH Service
Open source framework for network traffic analysis with advanced features.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A method for log volume reduction without losing analytical capability.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
A visualization app for hpfeeds logs.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.
A community-led project focused on standardizing security event logs.
Parse Cowrie honeypot logs into a Neo4j database.
Serverless, real-time data analysis framework for incident detection and response.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
Search AWS CloudWatch logs on the command line with aws-sdk-for-go.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
Full-featured C2 framework for stealthy communication and control on web servers.
A collection of tools that can be used with Honeyd for data analysis or other purposes
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
