WELA (Windows Event Log Analyzer)

Windows Event Log Analyzer wants to be the Swiss Army knife of Windows event logs. At the moment, WELA’s best feature is that it can make an easy-to-understand timeline of logins to help with fast forensics and incident reaction. WELA’s logon timeline generator will combine only the useful information from multiple logon log entries (4624, …

SIEM – Security Information and Event Management Tools – A Beginner’s Guide

What is a SIEM? SIEM, when expanded, becomes Security Information Event Management. As its name suggests,  the primary function of a SIEM is Event management. The SIEM solution, once implemented completely & effectively, will have complete visibility over an organization’s network. This helps administrators and SIEM operators to monitor network activity in their infrastructure. But …

Laurel : Transform Linux Audit Logs For SIEM Usage

LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead of audit events that look like this… type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0=”perl” a1=”-e” a2=75736520536F636B65743B24693D2231302E302E302E31223B24703D313233343B736F636B65742… …turn them into JSON logs where the mess that your pen testers/red teamers/attackers are trying to make becomes apparent at first glance: { … …

Bantam : A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

Bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection …

Nethive Project : Restructured & Collaborated SIEM & CVSS Infrastructure

The Nethive Project provides a Security Information and Event Management (SIEM) insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome’s XSS Auditor Post-exploitation Detection powered by Auditbeat Bash Command History Tracker CVSS Measurement on Detected Attacks Realtime Log Storing powered by Elasticsearch and Logstash Basic …