DeepBlueCLI

DeepBlueCLI is an open-source tool that analyzes Windows event logs automatically on Linux/Unix systems running ELK (Elasticsearch, Logstash, and Kibana) or Windows (PowerShell version) (Python version). Eric Conrad created it, and it is available on GitHub.

DeepBlueCLI enables rapid detection of specific events found in Windows Security, System, Application, PowerShell, and Sysmon logs. Moreover, DeepBlueCLI is quick when working with saved or archived EVTX files. Querying the active event log service takes slightly longer but is just as efficient.

Resources