ELAT (Event Log Analysis Tool) Logo

ELAT (Event Log Analysis Tool)

0
Free
Visit Website

I ripped off the idea for EventShot from the tool regshot (takes snapshots of the registry), and applied that same thought to the event logs. The EventShot script simply takes a snapshot of the event log(s) you select, then takes a second snapshot after you're done with your analysis, diffs the two files and parses the output. EventScan can either scan the live system event logs against the EventLogIndicators directory of yara sigs or you can place event log files in the SCAN dir and search it with your yara sigs. Both the tools and the yara sigs together create a way for the analyst to fully scope and detect malware via the windows event logs. I recommend using the windows executable code versions of EventScan and EventShot, which are found in both the EventScan dir and the EventShot dir. Both need to be run as admin. EventShot - root directory contains a file called whitelist.txt. Already has a few processes that I added from performing my own malware analysis. You can add noisy processes to this file using python regex (i.e. Windows\system32\svchost.exe or you could just specify svchost.exe). It then searches the data= line.

FEATURES

ALTERNATIVES

A method for log volume reduction without losing analytical capability.

Free

Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.

Free

Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.

Free

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

Commercial

Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.

Free

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

Free

Serverless, real-time data analysis framework for incident detection and response.

Free

Logdissect is a CLI utility and Python library for analyzing log files and other data.

Free