Log Analysis
Explore 46 curated tools and resources
LATEST ADDITIONS
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
A module for loading Bro logs as tables in Osquery
A tool that collects and displays user activity and system events on a Windows system.
A tool for analyzing Android applications in local storage with various functionalities.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
Logdissect is a CLI utility and Python library for analyzing log files and other data.
A forensics tool for tracking USB device artifacts on Linux machines.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
Blue-team capture the flag competition for improving cybersecurity skills.
Open source framework for network traffic analysis with advanced features.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A method for log volume reduction without losing analytical capability.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.
A community-led project focused on standardizing security event logs.
Serverless, real-time data analysis framework for incident detection and response.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
Search AWS CloudWatch logs on the command line with aws-sdk-for-go.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
Full-featured C2 framework for stealthy communication and control on web servers.
A collection of tools that can be used with Honeyd for data analysis or other purposes
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.
Honey-Pod for SSH that logs username and password tries during brute-force attacks.
Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security