Mandiant Highlighter – Log and Text File Viewer Review

March 25, 2013

Product Review – Mandiant Highlighter

Today we are looking at Mandiant Highlighter; Log and Text File Viewer

Product home page can be found here

Cost: Free!

Overview

MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log
analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed
at providing the analyst with mechanisms to weed through irrelevant data and pinpoint relevant data.

Features

MANDIANT Highlighter can:
• Display an overview of a text file in a graphical representation.
• Highlight strings in corresponding locations within the graphical representation.
• Remove lines from being displayed based upon content within the line.
• Generate a time-based histogram of activity when date/time stamps are available.
• Save the “state” of highlight and removal selections.

What is it used for?

If you are manually reviewing a text or log file this tool helps filter out the noise and recognize patterns

Let’s take it for a spin!

 Slicing up an apache error.log file

  1. Remove lines that are informational
  2. Highlight known malicious requests (ex: \htdocs\admin)
  3. Enable “Cumulative” feature to highlight multiple items!
Removing lines from the log file

Removing lines from the log file

Highlighting a Malicious IP Address

Highlighting a Malicious IP Address

 

How to highlight multiple items

How to highlight multiple items