LogonTracer

Logon Analyzer

An investigation tool for analyzing Windows logon events to identify potential security threats

Investigate malicious Windows logon by visualizing and analyzing Windows event log

GitHub

3k stars
135 watching
446 forks
Language: Python
last commit: 6 months ago
Linked from 3 awesome lists

active-directoryblueteamdfirevent-logjavascriptpython-3securityvisualization

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
thiber-org/userline Automates analysis of Windows Security Events to identify user logon relations 241
jpcertcc/sysmonsearch Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. 419
reed1713/elat A toolset for analyzing Windows event logs to detect and analyze malware 29
airbus-cert/timeliner A tool for filtering and analyzing Windows event logs based on complex time-based conditions 37
sans-blue-team/deepbluecli A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. 2,203
illusivenetworks-labs/historicprocesstree Analyzes Windows event log data to visualize historic process execution evidence in a tree view. 59
yamato-security/wela Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. 769
ahmedkhlief/apt-hunter A tool to analyze Windows event logs for signs of APT attacks and malware activity. 1,265
jpcertcc/toolanalysisresultsheet An HTML-based tool for analyzing and visualizing log data from Windows execution of malicious tools to detect lateral movement. 345
cgosec/blauhaunt A tool collection for analyzing and visualizing logon events to help answer security-related questions 164
developer-guy/falco-analyze-audit-log-from-k3s-cluster This project teaches how to analyze Kubernetes Audit logs using Falco and detect intrusions in a Kubernetes cluster. 63
keithjjones/visualize_logs Interactive log visualization tool for malware analysis 139
uschtwill/docker_monitoring_logging_alerting A comprehensive monitoring and alerting suite for Docker environments 532
nshalabi/sysmontools Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. 1,492
bitsadmin/fakelogonscreen Utility to display a fake Windows logon screen to obtain user credentials 1,301