LORG
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
nfdump is a toolset for collecting and processing netflow/ipfix and sflow data, sent from netflow/sflow compatible devices. It contains several collectors to collect flow data and can process and list flows in many different output formats, creating a wide range of statistics. It also has a powerful flow filter and can aggregate flows according to a user-defined number of elements. nfdump can enrich the listing of flows with geo location information and AS information, and can read and write flow files in various formats. It is compatible with nfdump-1.6.18 and can read files created with earlier versions. nfdump is now a multi-threaded program and uses parallel threads for reading, writing, and processing flows, as well as for sorting. It supports flexible length fields for netflow v9 and IPFIX, and has improved packet processing with nfpcapd. nfdump has new programs such as geolookup, which allows enriching IP addresses with country codes/locations and adding potential missing AS information. It also supports NSEL/ASA and NEL/NAT event logging.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.