LogonTracer Logo

LogonTracer

0
Free
SIEM
event-logs
windows-security
machine-learning
Visit Website

LogonTracer is a tool designed to investigate malicious logons by visualizing and analyzing Windows Active Directory event logs. It associates host names or IP addresses with account names found in logon-related events, displaying them as a graph to identify the account where login attempts occur and the host used. LogonTracer can visualize event IDs related to Windows logon, such as 4624 for successful logon, 4625 for logon failure, 4768 for Kerberos Authentication (TGT Request), 4769 for Kerberos Service Ticket (ST Request), 4776 for NTLM Authentication, and 4672 for assigning special privileges. The tool utilizes PageRank, Hidden Markov model, and ChangeFinder for detecting malicious hosts and accounts from event logs, and can display event logs chronologically. LogonTracer can be used by installing it via docker and referring to its documentation for further details.

FEATURES

ALTERNATIVES

Elastic Security Logo
Elastic Security

Elastic is a search-powered AI company that enables users to find answers from all data in real-time at scale.

Commercial
SIEM
LORG Logo
LORG

A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.

Free
SIEM
Amazon Detective Logo
Amazon Detective

A service that analyzes and visualizes security data to investigate potential security issues.

Free
SIEM
StreamAlert Logo
StreamAlert

Serverless, real-time data analysis framework for incident detection and response.

Free
SIEM
LogSlash Logo
LogSlash

A method for log volume reduction without losing analytical capability.

Free
SIEM
NodeSecure Logo
NodeSecure

Cybersecurity project for security monitoring of Node.js applications.

Free
SIEM
MongoDB-HoneyProxy Logo
MongoDB-HoneyProxy

A logging proxy tool created in response to the 'MongoDB Apocalypse', with Docker support.

Free
SIEM
Logdissect Logo
Logdissect

Logdissect is a CLI utility and Python library for analyzing log files and other data.

Free
SIEM

PINNED

Fabric Platform by BlackStork Logo

Fabric Platform by BlackStork

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

Free
Security Operations
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.

Free
Blogs and News
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial
Cloud Security
Adversa AI Logo

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial
AI Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved

LINKS
Blog
LEGAL
Terms of servicesPrivacy policy