WELA (Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA's greatest functionality is creating an easy-to-analyze logon timeline in order to aid in fast forensics and incident response. WELA's logon timeline generator will consolidate only the useful information in multiple logon log entries (4624, 4634, 4647, 4672, 4776) into single events, perform data reduction by ignoring around 90% of the noise, and will convert any hard to read data (such as hex status codes) into human-readable format. Tested on Windows PowerShell 5.1 but may work with previous versions. It will unfortunately NOT work with PowerShell Core as there is no built-in functionality to read Windows event logs. Features: - The last SIGMA rule compliance in WELA is July 2021. If you want to use the latest SIGMA rules for evtx detection, please use Hayabusa. - Written in PowerShell so is easy to read and customize. - Fast Forensics Logon Timeline Generator. - Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc... - 90%+ noise reduction for logon events. - Calculate Logon Elapsed Time.
FEATURES
ALTERNATIVES
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
Serverless, real-time data analysis framework for incident detection and response.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
A tool that collects and displays user activity and system events on a Windows system.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.