WELA (Windows Event Log Analyzer)

Free

WELA (Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA's greatest functionality is creating an easy-to-analyze logon timeline in order to aid in fast forensics and incident response. WELA's logon timeline generator will consolidate only the useful information in multiple logon log entries (4624, 4634, 4647, 4672, 4776) into single events, perform data reduction by ignoring around 90% of the noise, and will convert any hard to read data (such as hex status codes) into human-readable format. Tested on Windows PowerShell 5.1 but may work with previous versions. It will unfortunately NOT work with PowerShell Core as there is no built-in functionality to read Windows event logs. Features: - The last SIGMA rule compliance in WELA is July 2021. If you want to use the latest SIGMA rules for evtx detection, please use Hayabusa. - Written in PowerShell so is easy to read and customize. - Fast Forensics Logon Timeline Generator. - Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc... - 90%+ noise reduction for logon events. - Calculate Logon Elapsed Time.

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

ALTERNATIVES

GrokEVT

GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.

Free

SIEM

ELAT (Event Log Analysis Tool)

ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.

Free

SIEM

StreamAlert

Serverless, real-time data analysis framework for incident detection and response.

Free

SIEM

Event Query Language (EQL)

Browse a library of EQL analytics now natively integrated in Elasticsearch.

Free

SIEM

Zentral

An Event Hub to gather, process, and monitor system events and link them to an inventory.

Free

SIEM

syslog-ng

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

Commercial

SIEM

LastActivityView

A tool that collects and displays user activity and system events on a Windows system.

Free

SIEM

python-evtx

A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.

Free

SIEM

PINNED

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Resources

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources

CTIChef.com Detection Feeds

A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

Threat Management

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security