Home / Operations Management / SIEM / ELAT (Event Log Analysis Tool)
ELAT (Event Log Analysis Tool)

ELAT (Event Log Analysis Tool)

Pricing: Free
Write a Review Visit Website
ELAT (Event Log Analysis Tool)

What is ELAT (Event Log Analysis Tool)

A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.

I drew inspiration from an existing idea...

I drew inspiration for EventShot from the tool regshot, which takes snapshots of the registry, and I applied that same concept to the event logs.

The EventShot Script Overview and Usage

The EventShot script captures a snapshot of the selected event log(s) and then takes a second snapshot after you complete your analysis. It compares the two files and parses the output to highlight differences. EventScan can either scan live system event logs against the EventLogIndicators directory containing YARA signatures, or you can place event log files in the SCAN directory and search them using your YARA signatures. Together, these tools and YARA signatures provide analysts with a comprehensive method to scope and detect malware using Windows event logs. I recommend using the Windows executable versions of EventScan and EventShot, which can be found in both the EventScan directory and the EventShot directory. Please ensure both tools are run with administrative privileges. EventShot - The root directory includes a file named whitelist.txt. This file already contains several processes that I have added based on my own malware analysis. You can add noisy processes to this file using Python regex (e.g., Windows\system32\svchost.exe or simply svchost.exe).
 

ELAT (Event Log Analysis Tool) Reviews

Write a Review

No reviews yet. Be the first to review this tool!

Write a Review

Share your experience with ELAT (Event Log Analysis Tool) tool and help others make informed decisions.

Featured

Specops Software
Free
Password Management

Specops Software View Specops Software

Specops Software empowers organizations to fortify their IT security by addressing the critical vulnerability of password management and authentication. As a premier vendor, Specops Software provides advanced solutions designed to proactively block weak passwords, enforce robust authentication protocols, and ensure compliance with stringent industry standards like CJIS and HITRUST. With deep native integration into Active Directory and on-premises data storage, Specops Software offers unparalleled security and control for sensitive business data.

Active Directory password policy auditing against compliance standards
Breached password detection for over 900 million known compromised passwords
Zero-trust access evaluation and enhancement
Infisical
Free
Password Management

Infisical View Infisical

Infisical is the premier open-source platform designed for unified management of secrets, certificates, and configurations across your entire organization. It seamlessly integrates into your development workflows, CI/CD pipelines, and cloud infrastructure, ensuring secure storage and automated injection of sensitive information. Empower your team with robust features like versioning, point-in-time recovery, comprehensive audit logging, and automated secret rotation for enhanced security and operational efficiency.

Open-source secrets management platform
Unified management of secrets, certificates, and configs
Seamless integration with development workflows and CI/CD
Click Studios
Free
Password Management

Click Studios View Click Studios

Click Studios is an Australian-based Agile software development company dedicated to evolving Passwordstate, their robust Enterprise Password Management solution. Continuously refined through customer insights and cybersecurity advancements, Passwordstate offers advanced features for secure sensitive information management and stringent compliance. Click Studios provides scalable, secure, and user-friendly password management solutions, empowering businesses globally with affordable and reliable access control.

Secure Enterprise Password Management
Continuous Feature Enhancement
Customer Feedback Driven Development

Similar Tools

Sysdig
Free
SIEM

Sysdig View Sysdig

Sysdig empowers organizations to achieve robust cloud and container security and reliability. By offering a unified platform, Sysdig enables security teams to proactively identify and remediate software vulnerabilities, detect and respond to sophisticated threats, and maintain essential cloud configurations, permissions, and compliance. Gain unparalleled visibility from code to production, eliminating blind spots and guesswork for a truly secure cloud environment.

Unified Cloud and Container Security Platform
Vulnerability Management and Prioritization
Real-time Threat Detection and Response
Graylog
Free
SIEM

Graylog View Graylog

Graylog is a leading centralized log management solution designed for modern log analytics, empowering teams to efficiently consolidate, enrich, correlate, query, and visualize all log data in a single, cost-effective platform. It provides IT professionals with scalable, real-time insights into machine data, enabling faster resolution of security, compliance, operational, and DevOps challenges. Purpose-built to remove complexity, Graylog facilitates streamlined data exploration, threat hunting, and compliance audits, ensuring teams can quickly extract meaning and act decisively.

Centralized Log Management
Real-time Data Analysis
Rich Data Enrichment and Correlation
Elastic
Free
SIEM

Elastic View Elastic

Elastic is the premier provider of software enabling real-time usability of structured and unstructured data for search, logging, security, and analytics. At its core, Elasticsearch, a distributed, RESTful search and analytics engine, powers the Elastic Stack, centralizing data for both predictable insights and unexpected discoveries. Elastic Security offers a comprehensive, free, and open solution for SIEM, endpoint security, threat hunting, and cloud monitoring, empowering teams to proactively defend against threats and secure sensitive information.

Real-time search and analytics engine
Unified platform for log management and observability
Comprehensive security information and event management (SIEM)
zeek2es.py
Free
SIEM

zeek2es.py View zeek2es.py

SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.

Zentral
Free
SIEM

Zentral View Zentral

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Zircolite
Free
SIEM

Zircolite View Zircolite

Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.