Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Mandiant Highlighter 2 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mandiant Highlighter 2

Published: 2014-02-09
Last Updated: 2014-02-09 18:38:23 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)

In previous dairy I discussed the basic usage of Mandiant Highlighter .In this diary I will discuss some other features.

 

Mandiant Highlighter Graphic

The graphic is an overall view of the whole file. Each line/bar on the graph represents a line in the text, the length are proportional to the line lengths in the file. When you highlight a word on the text it will be highlighted on the graph as well.


If you would like to specify the range of data that you would like to display, you can do that by entering the range in “Zoom Control” section in the right bottom of the screen:


 

Windows Event Viewer:

To view Windows events, you have first to export it to .txt file. Here is the steps to Save the event files to text file:

1-Right click on the event category:


 

2-Select “Save All Events As  ...”

3-Type the file name and select Text from “Save Type As “Drop menu

 


 

 Now you can use Mandiant Highlighter to parse the Windows Events

 

Regular Expressions:

Can you imagine a powerful log parser without regular expression support? To use regular expressions in Mandiant Highlighter enter the regular expression in the Keyword box then select Case Sensitive RegExp/Case Insensitive drop menu




 

0 comment(s)
Diary Archives