CISA, PNNL publish log analyser for security tests

By

RedEye open sourced on Github.

America’s Cyber and Infrastructure Security Agency has open sourced a security log analytics tool called RedEye.

CISA, PNNL publish log analyser for security tests

As CISA explained on GitHub, RedEye was co-developed in partnership with the Department of Energy’s Pacific Northwest National Laboratory.

RedEye is an analytics tool for visualising and reporting command and control activities, CISA said, which “allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a red team assessment”.

Currently, RedEye focuses on analysing Cobalt Strike logs.

It offers both blue team and red team modes.

Red team mode lets users “upload campaign logs, explore, and create presentations”, while the blue team mode allows the user to review a campaign uploaded by a red team.

It parses logs, presents data in an easily digestible format, and lets users tag and add comments to the activities it displays.

For example, the UI shows a graphical representation of a campaign log showing the correlation between the hosts involved in the campaign.

A user can identify key events in a a campaign, such as examining payload activity, identifying an attackers penetration path, and so on.

The tool runs on Linux (Ubuntu 18 and newer, Kali 2020.1 and newer), macOS El Capitan, and Windows from Windows 7 on.

CISA has also published this video to YouTube.

RedEye log visualisation. Image: CISA
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?