CISA Releases The Open Source “RedEye” C2 Log Visualisation Tool

0
389

RedEye is a tool that both red and blue teams may use to quickly assess data and make useful decisions.

RedEye, an interactive open source analytical tool to visualise and report Red Team command and control actions, it is a cooperative effort between CISA and the DOE’s Pacific Northwest National Laboratory that can read attack framework logs (such those from Cobalt Strike) and show complex data in a more palatable manner. RedEye allows users to access historical records of each campaign log by correlating the servers and hosts involved in a graphical form.

An operator can review mitigation tactics, interpret complex data, and make informed decisions in response to a Red Team evaluation using RedEye, which is available on GitHub. The application analyses logs, including those from Cobalt Strike, and provides the information in a way that is simple to understand. Then, users can tag and comment on the activities that are shown in the tool. RedEye’s presentation mode allows users to show stakeholders findings and workflow.

RedEye can assist an operator to efficiently:

Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text. Display and evaluate complex assessment data to enable effective decision-making. Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.

Platform support

Linux:

  • Ubuntu 18 and newer
  • Kali Linux 2020.1 and newer

Others may be supported but are untested

macOS:

  • El Capitan and newer

Windows:

  • Windows 7 and newer
  • ARM support is experimental.

It can be downloaded from here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here