A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell)
Next-generation log server with AI integration. Turn massive logs into actionable insights using LLMs. Lightweight & Fast.
PowerShell script to audit NTLM authentication events from Windows Security and NTLM Operational logs. Filters by NTLMv1/v2, failed logons, privileged sessions (4672), date ranges, and null sessions. Validates NTLM audit GPO settings. Targets localhost, remote servers, domain controllers, or an entire AD forest.
Workflow event logs to ML-based predictive timelines: deterministic reconstruction, sequence features (waiting/time gaps), and early risk prediction for prioritization.
Add a description, image, and links to the eventlog-analysis topic page so that developers can more easily learn about it.
To associate your repository with the eventlog-analysis topic, visit your repo's landing page and select "manage topics."