WELA (Windows Event Log Analyzer) Logo

WELA (Windows Event Log Analyzer)

0
Free
SIEM
windows
event-log
forensics
incident-response
Visit Website

WELA (Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA's greatest functionality is creating an easy-to-analyze logon timeline in order to aid in fast forensics and incident response. WELA's logon timeline generator will consolidate only the useful information in multiple logon log entries (4624, 4634, 4647, 4672, 4776) into single events, perform data reduction by ignoring around 90% of the noise, and will convert any hard to read data (such as hex status codes) into human-readable format. Tested on Windows PowerShell 5.1 but may work with previous versions. It will unfortunately NOT work with PowerShell Core as there is no built-in functionality to read Windows event logs. Features: - The last SIGMA rule compliance in WELA is July 2021. If you want to use the latest SIGMA rules for evtx detection, please use Hayabusa. - Written in PowerShell so is easy to read and customize. - Fast Forensics Logon Timeline Generator. - Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc... - 90%+ noise reduction for logon events. - Calculate Logon Elapsed Time.

FEATURES

ALTERNATIVES

HoneyView Logo
HoneyView

HoneyView is a tool for analyzing honeyd logfiles graphically and textually.

Free
SIEM
Elastic Logo
Elastic

Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.

Free
SIEM
aws-logsearch Logo
aws-logsearch

Search AWS CloudWatch logs on the command line with aws-sdk-for-go.

Free
SIEM
Starbase Logo
Starbase

Democratizing graph-based security analysis by collecting assets and relationships from services and systems into an intuitive graph view.

Free
SIEM
Synthetic Adversarial Log Objects (SALO) Logo
Synthetic Adversarial Log Objects (SALO)

A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.

Free
SIEM
Apache Metron Logo
Apache Metron

Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.

Free
SIEM
Sysmon for Linux Logo
Sysmon for Linux

Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.

Free
SIEM
nfdump Logo
nfdump

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

Free
SIEM

PINNED

Fabric Platform by BlackStork Logo

Fabric Platform by BlackStork

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

Free
Security Operations
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.

Free
Blogs and News
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial
Cloud Security
Adversa AI Logo

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial
AI Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved

LINKS
Blog
LEGAL
Terms of servicesPrivacy policy