NeoShield Security logo NeoShield Security Quantum X

// tool reference · Monitoring & Detection

Log Analyzer Free + Pro

Paste logs to detect brute-force, privilege escalation and malware indicators with MITRE mapping.

Open Log Analyzer →


What it does

Paste raw logs and get correlated findings: brute force, privilege escalation, port scanning and malware indicators, each mapped to MITRE ATT&CK. This is the platform's most-used tool and the one with the strongest privacy guarantee — your logs are analysed and discarded.

When to use it

Inputs

Field names are the actual form parameters, verified against source.

FieldTypeRequiredNotes
logtext textarea required Raw log lines. Any common format — auth.log, syslog, web access logs, Windows events.
kind select optional Log type hint. Improves parsing when the format is ambiguous.

What you get back

Findings with severity, evidence lines, MITRE technique ID, and remediation. Pro adds IOC enrichment on source IPs.

Worked example

Input

Jan 15 10:22:01 srv sshd[1234]: Failed password for root from 203.0.113.45 port 22 ssh2
Jan 15 10:22:03 srv sshd[1235]: Failed password for root from 203.0.113.45 port 22 ssh2
Jan 15 10:22:05 srv sshd[1236]: Failed password for admin from 203.0.113.45 port 22 ssh2
Jan 15 10:22:07 srv sshd[1237]: Failed password for admin from 203.0.113.45 port 22 ssh2
Jan 15 10:22:09 srv sshd[1238]: Accepted password for admin from 203.0.113.45 port 22 ssh2

Output (abridged)

HIGH  Brute-force followed by SUCCESS — 203.0.113.45
      T1110 Brute Force → T1078 Valid Accounts
      4 failures then an accepted password for 'admin' within 8s.
      This is a likely compromise, not a failed attempt.

  → Isolate the host. Rotate 'admin' credentials NOW.
  → Audit what the session did after 10:22:09.
  → Restrict SSH source, enforce keys, deploy fail2ban.

How it works

Deterministic correlation engine — pattern detection, thresholding, and IP/actor grouping. Severity scales with attempt count and source spread, so three failures do not read like three hundred.

Limits

Read live from the platform configuration.

Free— runs · — lines
Pro— runs · — lines
Counted againstyour account when signed in; a hashed IP otherwise

Privacy

Your logs are NEVER persisted. Analysis is ephemeral: lines are parsed in memory, findings returned, and the input discarded. Nothing is written to the database or to disk.

Standards

MITRE ATT&CKNIST CSF (DE.AE)

Related tools

← All tools Manual home