{"id":29710,"date":"2023-08-24T05:20:26","date_gmt":"2023-08-24T05:20:26","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=29710"},"modified":"2023-08-24T05:21:48","modified_gmt":"2023-08-24T05:21:48","slug":"wela","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/wela\/","title":{"rendered":"WELA (Windows Event Log Analyzer)"},"content":{"rendered":"\n<p>Windows Event Log Analyzer wants to be the Swiss Army knife of Windows event logs. At the moment, WELA&#8217;s best feature is that it can make an easy-to-understand timeline of logins to help with fast forensics and incident reaction. WELA&#8217;s logon timeline generator will combine only the useful information from multiple logon log entries (4624, 4634, 4647, 4672, 4776) into a single event, reduce the amount of data by ignoring about 90% of the noise, and turn any hard to read data (like hex status codes) into a format that people can understand.<\/p>\n\n\n\n<p>Tested on Windows PowerShell version 5.1, but it may also work with older versions. It won&#8217;t work with Powershell Core because it doesn&#8217;t have any built-in way to read Windows event logs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Features<\/strong><\/h2>\n\n\n\n<p>Note: &#8220;The last time WELA will follow the SIGMA rule is in July 2021.Please use \u00a0<a href=\"https:\/\/github.com\/Yamato-Security\/hayabusa\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Hayabusa<\/a> if you want to use the most up-to-date SIGMA rules for evtx detection.&#8221;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Written in PowerShell so is easy to read and customize.<\/li>\n\n\n\n<li>Fast Forensics Logon Timeline Generator\n<ul class=\"wp-block-list\">\n<li>Detect lateral movement, system usage, suspicious logons, vulnerable protocol usage, etc&#8230;<\/li>\n\n\n\n<li>90%+ noise reduction for logon events<\/li>\n\n\n\n<li>Calculate Logon Elapsed Time<\/li>\n\n\n\n<li>GUI analysis<\/li>\n\n\n\n<li>Logon Type Summary<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Live Analysis and Offline Analysis<\/li>\n\n\n\n<li>Japanese support<\/li>\n\n\n\n<li>Event ID Statistics<\/li>\n\n\n\n<li>Output to CSV to analyze in Timeline Explorer, etc&#8230;<\/li>\n\n\n\n<li>Analyze NTLM usage before disabling NTLM<\/li>\n\n\n\n<li>Sigma rules<\/li>\n\n\n\n<li>Custom attack detection rules<\/li>\n\n\n\n<li>Remote analysis<\/li>\n\n\n\n<li>Logon Statistics<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Yamato-Security\/WELA#usage\"><\/a><strong>Usage<\/strong><\/h2>\n\n\n\n<p>At the moment, please use a Windows Powershell 5.1. You will need local Administrator access for live analysis.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>    Analysis Source (Specify one):\r\n        -LiveAnalysis : Creates a timeline based on the live host's log\r\n        -LogFile &lt;path-to-logfile> : Creates a timelime from an offline .evtx file\r\n        -LogDirectory &lt;path-to-logfiles> (Warning: not fully implemented.) : Analyze offline .evtx files\r\n        -RemoteLiveAnalysis : Creates a timeline based on the remote host's log\r\n\r\n    Analysis Type (Specify one):\r\n        -AnalyzeNTLM_UsageBasic : Returns basic NTLM usage based on the NTLM Operational log\r\n        -AnalyzeNTLM_UsageDetailed : Returns detailed NTLM usage based on the NTLM Operational log\r\n        -SecurityEventID_Statistics : Output event ID statistics\r\n        -EasyToReadSecurityLogonTimeline : Output essy to read event ID statics\r\n        -SecurityLogonTimeline : Output a condensed timeline of user logons based on the Security log\r\n        -SecurityAuthenticationSummary : Output a summary of authentication events for each logon type based on the Security log\r\n\r\n    Analysis Options:\r\n        -StartTimeline \"&lt;YYYY-MM-DD HH:MM:SS>\" : Specify the start of the timeline\r\n        -EndTimeline \"&lt;YYYY-MM-DD HH:MM:SS>\" : Specify the end of the timeline\r\n\r\n    -LogonTimeline Analysis Options:\r\n        -IsDC : Specify if the logs are from a DC\r\n\r\n    Output Types (Default: Standard Output):\r\n        -SaveOutput &lt;outputfile-path> : Output results to a text file\r\n        -OutputCSV : Outputs to CSV\r\n        -OutputGUI : Outputs to the Out-GridView GUI\r\n\r\n    General Output Options:\r\n        -USDateFormat : Output the dates in MM-DD-YYYY format (Default: YYYY-MM-DD)\r\n        -EuropeDateFormat : Output the dates in DD-MM-YYYY format (Default: YYYY-MM-DD)\r\n        -UTC : Output in UTC time (default is the local timezone)\r\n        -Japanese : Output in Japanese\r\n\r\n    -LogonTimeline Output Options:\r\n        -HideTimezone : Hides the timezone\r\n        -ShowLogonID : Show logon IDs\r\n\r\n    Other:\r\n        -ShowContributors : Show the contributors\r\n        -QuietLogo : Do not display the WELA logo<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Useful Options<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Yamato-Security\/WELA#show-event-id-statistics-to-get-a-grasp-of-what-kind-of-events-there-are\"><\/a><strong>Show Event ID Statistics To Get a Grasp Of What Kind Of Events There Are:<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/WELA.ps1 -LogFile .\\Security.evtx -SecurityEventID_Statistics<\/code><\/pre>\n\n\n\n<p>Create a timeline via offline analysis outputted to a GUI in UTC time:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\\WELA.ps1 -LogFile .\\Security.evtx -SecurityLogonTimeline -OutputGUI -UTC<\/code><\/pre>\n\n\n\n<p>Analyze NTLM Operational logs for NTLM usage before disabling it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\\WELA.ps1 -LogFile .\\DC1-NTLM-Operational.evtx -AnalyzeNTLM_UsageBasic<\/code><\/pre>\n\n\n\n<p>Security logon statistics on a live machine:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\\WELA.ps1 -LiveAnalysis -SecurityAuthenticationSummary<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Screenshots<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Yamato-Security\/WELA#logon-timeline-gui\"><\/a><strong>Logon Timeline GUI:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiFQNI8MM6rx-HW69FxCIp7i-tmD91NIhDUMep5GEvjJv7YQ1hXfW2Ra1GaIo7kjrt5HGJpDJ-Ry_JUz9asev3yLgxmgg5SZv5eb2jVjeJae9jPPpdzHeTI7x-dPSaQgGMLTVSX9aIpMDHtsJyY-U1IO1B_PxxIleJ47OH_6vpde7DqVkX77HE0PAAFmA\/s16000\/Screenshot-LogonTimelineGUI.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"td_text_columns_two_cols\"><strong>Human Readable Timeline:<\/strong><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiFkNAhAW-i2KGCARSh2fuRQx35cRQLiyU6KrdgIRLjEMmc79bEGyNtbGd2inFW8Bzf9RN_MWOGVT0GwfHlKcVqsGZ2x_SeziO0qhR2MdQ2CYPPZApMMrx7DP9IFSokPSehZvm8rEEb1QfRQRYyUA1BI7fgXuq1vdXTGxyQrhcwhVIHN8hG8zNFfbB-cw\/s16000\/Screenshot-HumanReadableTimeline.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Logon Type Statistics:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgHPDuJUWzfUqAMjgmbH0rOvZFcuWESpEYfAEXa9S5dpVJ7G4Qdpklfwerxdj2iTRAQ3P7D3plsZ-s4OCf2MZeCSA0PwR9N5sDx_pYGoQO-RXHddvTUDPBkIJ2XnBVPbgtVRjiS4_m6cLcRJ8-a-IOiFnGeLVfwrdgP92hG3iF9lu-k417XVVnyB7aMLA\/s16000\/Screenshot-LogonStatistics.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Event ID Statistics:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjv3z-Ed9mjGMn2SnDikuj-mZUN7IlJl42QYlTPftUrZJjHTMCw5lNkOJXcZUlOAPLlN22NHhPfrDOxSaTw5MIQhIXcICBV0c3Z1wW44UCCAjAxR2YHc7gxw_jA4l9cpVZJdNfS0jwhtdB6D9NyBU4IsVoTJ8SZBpSCC4Gf-3mSR0OSlkd1bPZPoLPtEw\/s16000\/Screenshot-EventIDStatistics.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Logon Type Summary:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrUurKbiAs-mylqxRkyIFu7DOomgwbcums7CdxEldifjjqWMvVobhuyhUq5JgfqIWY7EQCu-Or7kRIQLP8eBEk-Kpq0M4DEdCA0TEigaQaM6jltllKIViIfHZBHh7riaFSju8clWLBaNzYFswr3Oyf9a7xSjN0rXDsfkRhbc7k8prNRxUFb73jmihZoQ\/s16000\/Screenshot-LogonTypeSummary.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>NTLM Authentication Analysis:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgCiQ2aMO7QJ5rpoWhzKpqYwXoaQI3sbvxeQwoZeohzPJ3qxV9V15BD4UJNH2gxTgsRX5KDgJJAH4D7gGK9aYBB7erfroboQDY3r3UKKBtMLyZ3r5f75c6If3_BXbj1E8AnoEM2Mbj3YeVlmonWTschd__E1i_uuCCRgoP83CGckbNJPzizNvs42tLjIw\/s16000\/Screenshot-NTLM-Statistics-EN.png\" alt=\"\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Windows Event Log Threat Hunting Projects<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/ahmedkhlief\/APT-Hunter\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">APT-Hunter<\/a>\u00a0&#8211; Attack detection tool written in Python.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/countercept\/chainsaw\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Chainsaw<\/a>\u00a0&#8211; Sigma-based attack detection tool written in Rust.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/sans-blue-team\/DeepBlueCLI\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">DeepBlueCLI<\/a>\u00a0&#8211; Attack detection tool written in Powershell.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/sbousseaden\/EVTX-ATTACK-SAMPLES\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">EVTX ATTACK Samples<\/a>\u00a0&#8211; EVTX Attack sample event log files.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/Yamato-Security\/hayabusa\/blob\/main\/README-English.md\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Hayabusa<\/a>\u00a0&#8211; Sigma-based attack detection and fast forensics timeline generator by\u00a0<a href=\"https:\/\/github.com\/Yamato-Security\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Yamato Security<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/Yamato-Security\/RustyBlue\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">RustyBlue<\/a>\u00a0Rust port of DeepBlueCLI.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/SigmaHQ\/sigma\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sigma<\/a>\u00a0&#8211; generic SIEM rules.<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.securityonion.net\/en\/2.3\/so-import-evtx.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">so-import-evtx<\/a>\u00a0&#8211; Import evtx files into Security Onion.<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/wagga40\/Zircolite\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Zircolite<\/a>\u00a0&#8211; Sigma-based attack detection tool written in Python.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Yamato-Security\/WELA#contribution\"><\/a><strong>Contribution<\/strong><\/h2>\n\n\n\n<p>We would love any form of contributing. Pull requests are the best but feature requests, notifying us of bugs, etc&#8230; are also very welcome.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Windows Event Log Analyzer wants to be the Swiss Army knife of Windows event logs. At the moment, WELA&#8217;s best feature is that it can make an easy-to-understand timeline of logins to help with fast forensics and incident reaction. WELA&#8217;s logon timeline generator will combine only the useful information from multiple logon log entries (4624, [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":29713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20,43],"tags":[731,6124,2998,3014,3103],"class_list":["post-29710","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-vulnerability-analysis-tools","tag-cyber-security","tag-log-analysis-tools","tag-security","tag-security-monitoring","tag-siem"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>WELA - Windows Event Log Analyzer<\/title>\n<meta name=\"description\" content=\"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/wela\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WELA - Windows Event Log Analyzer\" \/>\n<meta property=\"og:description\" content=\"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/wela\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-24T05:20:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-24T05:21:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"WELA (Windows Event Log Analyzer)\",\"datePublished\":\"2023-08-24T05:20:26+00:00\",\"dateModified\":\"2023-08-24T05:21:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/\"},\"wordCount\":423,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\",\"keywords\":[\"Cyber Security\",\"Log Analysis Tools\",\"security\",\"Security Monitoring\",\"siem\"],\"articleSection\":[\"Cyber security\",\"Vulnerability Analysis\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/wela\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wela\/\",\"name\":\"WELA - Windows Event Log Analyzer\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\",\"datePublished\":\"2023-08-24T05:20:26+00:00\",\"dateModified\":\"2023-08-24T05:21:48+00:00\",\"description\":\"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/wela\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WELA - Windows Event Log Analyzer","description":"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/wela\/","og_locale":"en_US","og_type":"article","og_title":"WELA - Windows Event Log Analyzer","og_description":"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.","og_url":"https:\/\/kalilinuxtutorials.com\/wela\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2023-08-24T05:20:26+00:00","article_modified_time":"2023-08-24T05:21:48+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/wela\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/wela\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"WELA (Windows Event Log Analyzer)","datePublished":"2023-08-24T05:20:26+00:00","dateModified":"2023-08-24T05:21:48+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/wela\/"},"wordCount":423,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","keywords":["Cyber Security","Log Analysis Tools","security","Security Monitoring","siem"],"articleSection":["Cyber security","Vulnerability Analysis"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/wela\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/wela\/","url":"https:\/\/kalilinuxtutorials.com\/wela\/","name":"WELA - Windows Event Log Analyzer","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","datePublished":"2023-08-24T05:20:26+00:00","dateModified":"2023-08-24T05:21:48+00:00","description":"WELA is your Swiss Army knife for Windows event logs, with easy-to-understand timelines of logins for quick forensics and incident response.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/wela\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/wela\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjZg1s0TfkL9sBbJBlVpoGzu44d15voLxRw0uxxI18jGGDT_kE0gv4pmaaFNbjh323gCQmSkXHylpNG8oZdQiKfRVq0LF8Qgt2pugqn-8xizEikSPVACwBC4orhRML5DpzqNYnRdX_r7xcsJ9HyFTNq0mH5D1gFjBue0eWQ4cs7JRDkZMvx-O687uNfcg\/s16000\/WELA.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":31437,"url":"https:\/\/kalilinuxtutorials.com\/hayabusa\/","url_meta":{"origin":29710,"position":0},"title":"Hayabusa: Revolutionizing Windows Event Log Analysis with Rapid Forensics and Advanced Threat Hunting Capabilities","author":"Varshini","date":"December 1, 2023","format":false,"excerpt":"Hayabusa is a\u00a0Windows event log fast forensics timeline generator\u00a0and\u00a0threat hunting tool\u00a0created by the\u00a0Yamato Security\u00a0group in Japan. Hayabusa means\u00a0\"peregrine falcon\"\u00a0in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable. It is written in\u00a0Rust\u00a0and supports multi-threading in order to be as\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEix4Ie7KMb_BMmdkBguchs-OM_rNbwrgVmNIBidW62nHvSX5-jPj_RKzvZjN2CZEfcQ_jylFQYvjmmK81EKWSczf9rucdpHqKLvbfYQte8RiqGJtiQapFybe3noLam4UPLGbmncpQuDgPwuwe3sKVl1jNflr0Hm-PtpIU_ABc0zhjoJ5hAQeoMhla4ZHg\/s16000\/Hayabusa%20%281%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11782,"url":"https:\/\/kalilinuxtutorials.com\/deepbluecli\/","url_meta":{"origin":29710,"position":1},"title":"DeepBlueCLI : A PowerShell Module For Threat Hunting Via Windows Event Logs","author":"R K","date":"November 10, 2020","format":false,"excerpt":"DeepBlueCLI is a PowerShell Module for Threat Hunting via Windows Event Logs. Usage .\\DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a 'running scripts is disabled on this system' error. Process local Windows security event log (PowerShell must be run as Administrator): .\\DeepBlue.ps1or:.\\DeepBlue.ps1 -log security\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":37850,"url":"https:\/\/kalilinuxtutorials.com\/log-analysis-fundamentals\/","url_meta":{"origin":29710,"position":2},"title":"Log Analysis Fundamentals","author":"0xSnow","date":"September 11, 2025","format":false,"excerpt":"Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and incident response. Logs provide timestamped records of system events, helping teams trace user actions, detect intrusions, troubleshoot issues, and meet compliance requirements. From application crashes to failed login attempts, every significant event leaves behind a\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"log analysis fundamentals","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/09\/log-analysis-fundamentals.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":36028,"url":"https:\/\/kalilinuxtutorials.com\/microsoft-analyzer-suite-v1-2-0\/","url_meta":{"origin":29710,"position":3},"title":"Microsoft-Analyzer-Suite v1.2.0 : Enhanced Data Analysis Tools For Microsoft 365 And Entra ID","author":"Varshini","date":"February 3, 2025","format":false,"excerpt":"The Microsoft-Analyzer-Suite v1.2.0 is a powerful collection of PowerShell scripts designed for analyzing data from Microsoft 365 and Microsoft Entra ID. Released on January 20, 2025, this latest version introduces several new features and updates, enhancing its capabilities for IT administrators and cybersecurity professionals. Key Features In v1.2.0 New Analyzers:\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Microsoft-Analyzer-Suite-v1.2.0.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":36948,"url":"https:\/\/kalilinuxtutorials.com\/powershell-hunter\/","url_meta":{"origin":29710,"position":4},"title":"PowerShell-Hunter : A Comprehensive Toolset For Threat Hunting","author":"Varshini","date":"March 10, 2025","format":false,"excerpt":"PowerShell-Hunter is a robust collection of PowerShell-based tools designed to aid security analysts in detecting and investigating malicious activities within Windows environments. This project leverages PowerShell's native capabilities to provide flexible and powerful tools for threat hunting. Key Tools And Features PowerShell 4104 Event Analysis Smart Pattern Detection: Identifies common\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/PowerShell-Hunter.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":28351,"url":"https:\/\/kalilinuxtutorials.com\/latma-lateral-movement-analyzer-tool\/","url_meta":{"origin":29710,"position":5},"title":"Latma : Lateral movement analyzer tool","author":"R K","date":"February 20, 2023","format":false,"excerpt":"Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the logs and one that analyzes them. You can execute\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsc25IYUifQkA7jJvON0HHqi7qjpcYAjpqvE60e8Z3L7cxD9gcNc0Ow3AR-CWKyaXcD8kE7xL0Ifk7VtQV19O8tgYbJA-F7Uu3LSbB-hC6z0Cjl3xaE9aWIqvl7Sfwk6pzwKi47j-nwh_FRMjsDA0U9eWZV1QBcyCtQvXioAFZON-xMCE-v7jLi-4S\/s728\/LATMA.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/29710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=29710"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/29710\/revisions"}],"predecessor-version":[{"id":29716,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/29710\/revisions\/29716"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/29713"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=29710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=29710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=29710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}