GrokEVT
0 (0)
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your network. Installation: The packages are available in the official Microsoft Linux repositories and instructions on how to install the packages for the different Linux distributions can be found in the Installation instructions. Build: Please see build instructions here. Autodiscovery of Offsets: On systems that are BTF enabled, Sysmon will use BTF for accurate kernel offsets. Sysmon also supports specifying standalone BTF files (using /BTF switch). There are several ways to generate BTF files and BTFHub has a number of standalone BTF files for different distributions/kernels. If BTF isn't available, Sysmon attempts to automatically discover the offsets of some members of some kernel structs. If this fails, please provide details of the kernel version (and config if possible).
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
A service that analyzes and visualizes security data to investigate potential security issues.
Python library and command line tools for log visualization with interactive plots.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.