|
Reading log isn’t the most enjoyable thing in Network/Security Analysis, sometimes it’s impossible to get something useful from log without using a log parser .In this diary I am going to talk about one of my best log analysis tool.
MANDIANT HIGHLIGHTER “MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed at providing the analyst with mechanisms to weed through irrelevant data and pinpoint relevant data.”[i]
Installation: 1-Download Mandiant Highlighter from https://www.mandiant.com/resources/download/highlighter 2- Launch MandiantHighlighter1.1.3 and click Next 
Highlighter Usage Now let’s have some examples of using Mandiant Highlighter: Let’s say that you have a snort log file and you would like to check for all MS-SQL related alerts:
2-open snortsyslog
3-Type MS-SQL in the keyword field
4-Click on Highlight ,Now Highlighter will highlights MS-SQL in the snortsyslog 6-If you would like to filter the snortsyslog just to display MS-SQL related alerts:
7-Now let say that you are not interested in Priority:3 events a)right click on Priority: 3
b)Select Remove In the next diary I will discuss some other advance options in Mandiant Highlighter [i] Mandiant High-lighter User Guide. |
Basil 60 Posts ISC Handler Jan 27th 2014 |
| Thread locked Subscribe |
Jan 27th 2014 7 years ago |
|
Nice tool. This will come in handy. Thanks!
|
JeffSoh 31 Posts |
| Quote |
Jan 28th 2014 7 years ago |
|
It is a good tool, would be useful
|
dowboy 1 Posts |
| Quote |
Jan 29th 2014 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
