WELA (Windows Event Log Analyzer)

Free

WELA (Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA's greatest functionality is creating an easy-to-analyze logon timeline in order to aid in fast forensics and incident response. WELA's logon timeline generator will consolidate only the useful information in multiple logon log entries (4624, 4634, 4647, 4672, 4776) into single events, perform data reduction by ignoring around 90% of the noise, and will convert any hard to read data (such as hex status codes) into human-readable format. Tested on Windows PowerShell 5.1 but may work with previous versions. It will unfortunately NOT work with PowerShell Core as there is no built-in functionality to read Windows event logs. Features: - The last SIGMA rule compliance in WELA is July 2021. If you want to use the latest SIGMA rules for evtx detection, please use Hayabusa. - Written in PowerShell so is easy to read and customize. - Fast Forensics Logon Timeline Generator. - Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc... - 90%+ noise reduction for logon events. - Calculate Logon Elapsed Time.

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

ALTERNATIVES

StreamAlert

Serverless, real-time data analysis framework for incident detection and response.

Free

SIEM

LogSlash

A method for log volume reduction without losing analytical capability.

Free

SIEM

NodeSecure

Cybersecurity project for security monitoring of Node.js applications.

Free

SIEM

Retraced

A compliant audit log tool that provides a searchable, exportable record of read/write events.

Free

SIEM

Cowralyze

A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.

Free

SIEM

Log-Killer

Tool for deleting logs on Linux/Windows servers.

Free

SIEM

HpfeedsHoneyGraph

A visualization app for hpfeeds logs.

Free

SIEM

GrokEVT

GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.

Free

SIEM

PINNED

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Commercial

Resources

Fabric Platform by BlackStork

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

Free

Security Operations

Mandos Brief Newsletter

Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.

Free

Blogs and News

System Two Security

An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Commercial

Security Operations

Aikido Security

Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Commercial

Application Security

Permiso

Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Commercial

IAM

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial

Cloud Security

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial

AI Security