Compare Features
LOG-MD Versions. |
|||
|---|---|---|---|
| Feature | Free | Professional | Consulting |
| Audit Check | ✔ | ✔ | ✔ |
| Bypass Audit Check | ✔ | ✔ | ✔ |
| PowerShell version and audit log checks | ✔ | ✔ | ✔ |
| WLCS & CIS Compliance | ✔ | ✔ | ✔ |
| USGCB & AU ACSC Compliance | ✔ | ✔ | ✔ |
| Create Audit Report | ✔ | ✔ | ✔ |
| Specify Output Directory | ✔ | ✔ | |
| Harvest Windows Log Events | ✔ | ✔ | ✔ |
| Process Tree of Parent-Child Processes | ✔ | ✔ | |
| Custom PowerShell report with configurable settings file to hunt for suspicious PowerShell commands | ✔ | ✔ | |
| Harvest Sysmon Service Events | ✔ | ✔ | |
| Whitelist Processes, Command Line and IP's | ✔ | ✔ | ✔ |
| Whitelist Files, Paths & Reg Keys | ✔ | ✔ | ✔ |
| Detailed Log Data Reports | 16 | 30 | 30 |
| Specify Output Directory | ✔ | ✔ | |
| File Hash Baseline | ✔ | ✔ | ✔ |
| File Hash Compare to Baseline | ✔ | ✔ | ✔ |
| Whitelist by File, Location or Hash | ✔ | ✔ | |
| Master-Digest | ✔ | ✔ | |
| Locked Files Report | ✔ | ✔ | ✔ |
| Locked Files Compare to Baseline | ✔ | ✔ | |
| Specify Output Directory | ✔ | ✔ | |
| Registry Baseline | ✔ | ✔ | ✔ |
| Registry Compare to Baseline | ✔ | ✔ | ✔ |
| Evaluate Imported Hives | ✔ | ✔ | ✔ |
| Whitelist Keys & Values | ✔ | ✔ | |
| Specify Output Directory | ✔ | ✔ | |
| Large Reg Keys Details | ✔ | ✔ | ✔ |
| Load Hives from other systems | ✔ | ✔ | ✔ |
| Large Reg Key Summary | ✔ | ✔ | |
| Specify Output Directory | ✔ | ✔ | |
| WhoIs data for IP's in the IP Connections reports | ✔ | ✔ | |
| Command line WhoIs lookups of IPv4 addresses | ✔ | ✔ | ✔ |
| Harvest SRUM data - Netflow data by Application (Win 8.1 and 10 only ) | ✔ | ✔ | |
| List of AutoRuns Report | ✔ | ✔ | ✔ |
| AutoRuns exclude results using Master Digest and Whitelist | ✔ | ✔ | |
| AutoRuns of all WMI namespaces | ✔ | ✔ | ✔ |
| List of Running Processes and Modules Report | ✔ | ✔ | ✔ |
| Running Process and Modules exclude results using Master Digest and Whitelist | ✔ | ✔ | |
| Query only WMI namespaces | ✔ | ✔ | |
| VirusTotal lookups of hashes and/or files from reports | ✔ | ✔ | |
| Automatic VirusTotal lookups when running Autoruns | ✔ | ✔ | |
| Automatic VirusTotal lookups when checking Running Processes and their modules | ✔ | ✔ | |
| 10 VirusTotal reports can be generated from log reports and Sysmon | ✔ | ✔ | |
| For Consultants | ✔ | ||
| Transferrable 90 Day License | ✔ | ||
| Special Artifact Hunting Features | ✔ | ✔ | |
| Sticky Key Exploit Interesting Artifact Report | ✔ | ✔ | |
| null byte in a registry value Interesting Artifact Report | ✔ | ✔ | |
| Unicode character in filename Interesting Artifact Report | ✔ | ✔ | |
| Manual pages | 23 | 70 | 70 |
| LOG-MD-Pro Slack Channel Community | ✔ | ✔ | |
Multiple whitelists allow for excluding known good items
Master-Digest is a sorted unique list of hashes used to exclude large amounts of files from the results