CISA, PNNL publish log analyser for security tests

By

RedEye open sourced on Github.

America’s Cyber and Infrastructure Security Agency has open sourced a security log analytics tool called RedEye.

CISA, PNNL publish log analyser for security tests

As CISA explained on GitHub, RedEye was co-developed in partnership with the Department of Energy’s Pacific Northwest National Laboratory.

RedEye is an analytics tool for visualising and reporting command and control activities, CISA said, which “allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a red team assessment”.

Currently, RedEye focuses on analysing Cobalt Strike logs.

It offers both blue team and red team modes.

Red team mode lets users “upload campaign logs, explore, and create presentations”, while the blue team mode allows the user to review a campaign uploaded by a red team.

It parses logs, presents data in an easily digestible format, and lets users tag and add comments to the activities it displays.

For example, the UI shows a graphical representation of a campaign log showing the correlation between the hosts involved in the campaign.

A user can identify key events in a a campaign, such as examining payload activity, identifying an attackers penetration path, and so on.

The tool runs on Linux (Ubuntu 18 and newer, Kali 2020.1 and newer), macOS El Capitan, and Windows from Windows 7 on.

CISA has also published this video to YouTube.

RedEye log visualisation. Image: CISA
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?