Mandiant Highlighter – Log and Text File Viewer Review

Product Review – Mandiant Highlighter

Today we are looking at Mandiant Highlighter; Log and Text File Viewer

Product home page can be found here

Cost: Free!

Overview

MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log
analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed
at providing the analyst with mechanisms to weed through irrelevant data and pinpoint relevant data.

Features

MANDIANT Highlighter can:
• Display an overview of a text file in a graphical representation.
• Highlight strings in corresponding locations within the graphical representation.
• Remove lines from being displayed based upon content within the line.
• Generate a time-based histogram of activity when date/time stamps are available.
• Save the “state” of highlight and removal selections.

What is it used for?

If you are manually reviewing a text or log file this tool helps filter out the noise and recognize patterns

Let’s take it for a spin!

 Slicing up an apache error.log file

  1. Remove lines that are informational
  2. Highlight known malicious requests (ex: \htdocs\admin)
  3. Enable “Cumulative” feature to highlight multiple items!
Removing lines from the log file

Removing lines from the log file

Highlighting a Malicious IP Address

Highlighting a Malicious IP Address

 

How to highlight multiple items

How to highlight multiple items

 

 

 

 

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>