WELA (Windows Event Log Analyzer) Logo

WELA (Windows Event Log Analyzer)

0
Free
Updated 11 March 2025
SIEM
Windows
Event Log
Forensics
Incident Response
Visit Website

WELA (Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA's greatest functionality is creating an easy-to-analyze logon timeline in order to aid in fast forensics and incident response. WELA's logon timeline generator will consolidate only the useful information in multiple logon log entries (4624, 4634, 4647, 4672, 4776) into single events, perform data reduction by ignoring around 90% of the noise, and will convert any hard to read data (such as hex status codes) into human-readable format. Tested on Windows PowerShell 5.1 but may work with previous versions. It will unfortunately NOT work with PowerShell Core as there is no built-in functionality to read Windows event logs. Features: - The last SIGMA rule compliance in WELA is July 2021. If you want to use the latest SIGMA rules for evtx detection, please use Hayabusa. - Written in PowerShell so is easy to read and customize. - Fast Forensics Logon Timeline Generator. - Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc... - 90%+ noise reduction for logon events. - Calculate Logon Elapsed Time.

FEATURES

EXPLORE BY TAGS

Windows

Event Log

Forensics

Incident Response

SIMILAR TOOLS

Log-Killer Logo
Log-Killer

Tool for deleting logs on Linux/Windows servers.

Free
SIEM
Matano Open Source Security Data Lake Logo
Matano Open Source Security Data Lake

Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.

Free
SIEM
zeek2es.py Logo
zeek2es.py

Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.

Free
SIEM
Sysmon for Linux Logo
Sysmon for Linux

Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.

Free
SIEM
SysmonSearch Logo
SysmonSearch

SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.

Free
SIEM
OpenSOC Logo
OpenSOC

A centralized tool for security monitoring and analysis that integrates various open source big data technologies.

Free
SIEM
Sysdig Logo
Sysdig

Sysdig is a system visibility tool with native container support.

Free
SIEM
IBM QRadar Logo
IBM QRadar

IBM QRadar is a SIEM solution for real-time threat detection.

Free
SIEM
nfdump Logo
nfdump

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

Free
SIEM

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy