LogonTracer
Logon Analyzer
An investigation tool for analyzing Windows logon events to identify potential security threats
Investigate malicious Windows logon by visualizing and analyzing Windows event log
3k stars
135 watching
446 forks
Language: Python
last commit: 6 months ago
Linked from 3 awesome lists
active-directoryblueteamdfirevent-logjavascriptpython-3securityvisualization
Related projects:
Repository | Description | Stars |
---|---|---|
thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 241 |
jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 419 |
reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 37 |
sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,203 |
illusivenetworks-labs/historicprocesstree | Analyzes Windows event log data to visualize historic process execution evidence in a tree view. | 59 |
yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 769 |
ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,265 |
jpcertcc/toolanalysisresultsheet | An HTML-based tool for analyzing and visualizing log data from Windows execution of malicious tools to detect lateral movement. | 345 |
cgosec/blauhaunt | A tool collection for analyzing and visualizing logon events to help answer security-related questions | 164 |
developer-guy/falco-analyze-audit-log-from-k3s-cluster | This project teaches how to analyze Kubernetes Audit logs using Falco and detect intrusions in a Kubernetes cluster. | 63 |
keithjjones/visualize_logs | Interactive log visualization tool for malware analysis | 139 |
uschtwill/docker_monitoring_logging_alerting | A comprehensive monitoring and alerting suite for Docker environments | 532 |
nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
bitsadmin/fakelogonscreen | Utility to display a fake Windows logon screen to obtain user credentials | 1,301 |