WELA
Event log analyzer
Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response.
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
763 stars
18 watching
82 forks
Language: PowerShell
last commit: almost 2 years ago
Linked from 1 awesome list
analysisdfireventforensicshuntingincidentloglogsresponsesigmathreattimelinewindows
meirwah/awesome-incident-responseRelated projects:
| Repository | Description | Stars |
|---|---|---|
| yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 556 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,188 |
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,255 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 36 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 roma-glushko/tango | Analyzes access logs to provide detailed reports on requests and IP information. | 108 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 bromiley/olaf | An O365 investigation framework providing tools and analysis techniques for analyzing Office 365 logs to aid in security investigations. | 81 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
 webpod/red | An analysis tool for monitoring server logs in real-time. | 1,475 |
 jensvoid/lorg | A tool to analyze and detect security incidents in web application logs | 209 |
 wrayjustin/yaids | An intrusion detection system utilizing Yara and multi-threading for real-time network analysis | 22 |