Search code, repositories, users, issues, pull requests...
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts.
This tool is designed for experienced DFIR specialists. You may have little to none usage from it without experience in Threat Hunting
open https://cgosec.github.io/Blauhaunt/app/ since there is no backend no data will leave your local system. (third party libraries integrated and I do not take any responsibilities of their communication behavior. Imports are in the index.html file on top)
Some random test data is in the directory test_data to get started. However this is just randomly generated and nothing to start investigate with.
You can use Velociraptors reverse proxy capability to host Blauhaunt directly within your instance. Blauhaunt is Velo Aware. If You do so, Blauhaunt will get the Data automaticall from Velociraptor and you do not have to upload data.
Upload the json export of the velo artifact or the result(s) of the powershell script here. Do not upload the client_info.json or anything in here!
