LogonTracer Versions Save

New

• Added --host option to specify an address to bind to web

Update

• Updated requirements.txt

Bug fix

• Fixed a bug hides the download menu in timeline

New

• Added a function to time series search
• Added diff function

Update

• Changed js cdn rawgit to jsdelivr
• Updated Dockerfile

Bug fix

• Fixed a bug that filters IPv6

Fix vulnerability

• Multiple vulnerabilities in LogonTracer [JVN#98026636] (English) (Japanese)

New

• Added a function to detect DCShadow
• Added a function to detect DCSync
• Added a function to highlight the searched node
• Added tree graph mode
• Added a function to investigate the possibility of accessing the host using the administrator account from the infected host
• Added a function to rank the visualization
• Added logo images

Update

• Updated warning message that loading of web page is slow
• Changed the root node of the tree graph to searched node
• Remove a function to add status value

Bug fix

• Fixed a performance issue of HMM function
• Fixed a bug in function to detect MS14-068 Exploit Failure
• Fixed a bug that can not detect add and delete group at the same time
• Fixed a bug that can not detect delete account
• Fixed a bug that caused an error when logs to be visualized in the event log were not included

Bug fix

• Fixed a bug that ignored event with blank IP address
• Fixed an issue where namespace does not match when parsing xml file

New

• Added a function to graph the timeline.
• Added a function to detect policy change.
• Added a function to detect added/removed groups.
• Added a function to detect deletion of event log.
• Added a function to associate hostname and IP address.
• Added a function to check suspicious domains.
• Added a function to parse XML file for event log.
• Added a function to detect NTLM remote logon.
• Added a function to detect malicious account using HMM.

Update

• Changed to connect to neo4j server just before uploading data.
• Updated graph loading function.

Bug fix

• Fixed issue where host name and account name conflict in PageRank calculation.
• Fixed a bug global name 'fh' is not defined.
• Fixed a bug in graph loading function.
• Fixed a bug when importing large files.
• Fixed performance issue of rank view.
• Fixed a bug that failed to load number of records.
• Fixed a bug status 500 error after uploading Event log.

Update

• Updated timeline view.
• Changed neo4j-driver script from local directory to CDN.

Bug fix

• Removed UTC from Timezone select.

New

• Supported importing multiple EVTX files.
• Added three modes for graph view.
• Added tooltip to graph view.

Bug fix

• Fixed an issue caused by the limitation of the number of simultaneous accesses of neo4j.

New

• Added function to display EVTX file import log.

Bug fix

• Fixed issue where upload status of web UI was not displayed.
• Fixed the connection to remote Neo4J server.
• Fixed exception handling when Flask is not installed.
• Fixed port value str to int.
• Fixed a bug where the parse status over 100%.

First released version.