[tags]authentication,windows,defense[/tags]
[short_descr]Investigate malicious Windows logon by visualizing and analyzing Windows event log.[/short_descr]
[link] https://github.com/JPCERTCC/LogonTracer [/link]
[long_descr]
LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used.
This tool can visualize the following event id related to Windows logon:
[tags]authentication,windows,defense[/tags] [short_descr]Investigate malicious Windows logon by visualizing and analyzing Windows event log.[/short_descr] [link] https://github.com/JPCERTCC/LogonTracer [/link] [long_descr] LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used.
This tool can visualize the following event id related to Windows logon: