In this blog post, I am going to show you some ways to review data that have been collected with the Mandiant Redline™ tool, without using the Redline interface. I will be using Mandiant's AuditParser™ tool in order to transform the Redline audit XML into tab separated data. This will let you take data and view it in different ways, as well as perform timeline analysis on data you have collected. I will focus on using data collected by a Redline Portable collector, which was configured to perform a Comprehensive Collection. The AuditParser tool will also work with audit data that have been collected with the MIR Agent, or with IOCFinder™.Read more...
Entries filed under 'AuditParser'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.