Log Analysis
Browse 85 log analysis tools
FEATURED
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.
CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.
SSHoney is an SSH honeypot for logging SSH connection attempts.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
ElastAlert is a framework for alerting on anomalies in Elasticsearch data.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
Open source framework for network traffic analysis with advanced features.
Open source framework for network traffic analysis with advanced features.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A method for log volume reduction without losing analytical capability.
A method for log volume reduction without losing analytical capability.
CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.
CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
