IBM QRadar
IBM QRadar is a SIEM solution for real-time threat detection.
Blauhaunt is a tool collection for filtering and visualizing logon events, designed to help answer the 'Cotton Eye Joe' question (Where did you come from where did you go) in Security Incidents and Threat Hunts. It provides an interactive user graph, heatmap of user activities, and timeline, and is designed for experienced DFIR specialists. The tool is easy to use, with no backend, and can be run locally by cloning the repository and running a simple HTTP server. Blauhaunt integrates with various tools and services, including PowerShell Script, Velociraptor Artifact, and Defender 365 KUSTO Query, making it a valuable resource for threat hunting and incident response.
IBM QRadar is a SIEM solution for real-time threat detection.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Python library and command line tools for log visualization with interactive plots.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
Serverless, real-time data analysis framework for incident detection and response.
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.