We have been hard at work here at IMF Security since demonstrating LOG-MD at BlackHat Arsenal 2016. We have added more data, reports and features to make LOG-MD a tool anyone doing Auditing, IT, Information Security, Incident Response and Forensics should have. Whether you select the Free Edition or Professional version, it will speed things up for your investigations.
All versions of LOG-MD assist you with assessing the advanced audit settings and provide guidance on what to configure to collect the right things. LOG-MD also harvests security relevant log data, performs a full file system hash of all files, snapshot of the registry and white-lists to compare good baselines to suspect systems.
LOG-MD-Pro 1.00 adds additional items over the Free Edition;
- More log events collected to discover APT type attacks and artifiacts
- 24 reports to assist in discovering malicious activity faster
- 2 additional white-lists to filter out files and/or hashes from the hash compare report and registry keys and values from the registry compare and large registry keys reports
- Option to perform WhoIs lookups of all IP's in the connection reports providing you the owner, network, country and IP ranges of the IP's in the log data
- Harvest Sysinternals Sysmon log data if installed
- An 'Interesting Artifact' report to help point out known exploitation of a system like the Sticky Keys exploit
- The option to save reports to other locations like a file share
- Speeds up analysis to make it quicker to come to a conclusion
- Saves you valuable time!
The whole goal of LOG-MD is to discover malicious activity faster. LOG-MD is a standalone compiled binary with no additional dependencies, requirements or installation that can be deployed with existing software distribution tools, scripted or run manually as needed. So take a look at the updates send us your thoughts or comments.
Happy Hunting
The IMF Security team