Mandiant Highlighter – Log and Text File Viewer Review

Product Review - Mandiant Highlighter

Today we are looking at Mandiant Highlighter; Log and Text File Viewer

Product home page can be found here

Cost: Free!

Overview

MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log
analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed
at providing the analyst with mechanisms to weed through irrelevant data and pinpoint relevant data.

Features

MANDIANT Highlighter can:
• Display an overview of a text file in a graphical representation.
• Highlight strings in corresponding locations within the graphical representation.
• Remove lines from being displayed based upon content within the line.
• Generate a time-based histogram of activity when date/time stamps are available.
• Save the “state” of highlight and removal selections.

What is it used for?

If you are manually reviewing a text or log file this tool helps filter out the noise and recognize patterns

Let’s take it for a spin!

 Slicing up an apache error.log file

  1. Remove lines that are informational
  2. Highlight known malicious requests (ex: \htdocs\admin)
  3. Enable “Cumulative” feature to highlight multiple items!
highlighter1 Mandiant Highlighter   Log and Text File Viewer Review

Removing lines from the log file

highlighter2 1024x319 Mandiant Highlighter   Log and Text File Viewer Review

Highlighting a Malicious IP Address

 

highlighter3 1024x471 Mandiant Highlighter   Log and Text File Viewer Review

How to highlight multiple items

 

 

 

 

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>