top of page

Enhancing Windows Security with Log-MD

What is Log-MD?

Log-MD is a security tool tailored for Windows systems. It audits log settings and advanced audit policy configurations, guiding users to enable and configure these settings for better security and detection. By gathering artifacts from malicious activity, Log-MD speeds up the investigation process, validating the integrity of systems, and facilitating quicker malware analysis.


Key Features

  • Audit Checks: Validates audit settings and ensures they are configured to capture necessary security events.

  • Malicious Discovery: Collects artifacts related to malware, such as process details, file changes, and registry modifications.

  • Enhanced Logging: Provides recommendations to improve Windows logging, capturing more detailed and useful data.

  • Compliance Reporting: Generates audit reports to ensure systems meet compliance standards like WLCS, CIS, USGCB, and AU ACSC.


Comparing Log-MD Versions

Log-MD comes in three versions: Free, Professional, and Consulting. Here’s a breakdown of their features:

Feature

Free

Professional

Consulting

Audit Check

Bypass Audit Check

PowerShell version and audit log checks

WLCS & CIS Compliance

USGCB & AU ACSC Compliance

Create Audit Report

Specify Output Directory


Harvest Windows Log Events

Process Tree of Parent-Child Processes


Custom PowerShell report with configurable settings file to hunt for suspicious PowerShell commands


Harvest Sysmon Service Events


Whitelist Processes, Command Line, and IPs

Whitelist Files, Paths, & Reg Keys

Detailed Log Data Reports

16

30

30

File Hash Baseline

File Hash Compare to Baseline

Whitelist by File, Location, or Hash


Master-Digest


Locked Files Report

Locked Files Compare to Baseline


Registry Baseline

Registry Compare to Baseline

Evaluate Imported Hives

Whitelist Keys & Values


Large Reg Keys Details

Load Hives from other systems

Large Reg Key Summary


WhoIs data for IPs in the IP Connections reports


Command line WhoIs lookups of IPv4 addresses

Harvest SRUM data - Netflow data by Application (Win 8.1 and 10 only)


List of AutoRuns Report

AutoRuns exclude results using Master Digest and Whitelist


AutoRuns of all WMI namespaces

List of Running Processes and Modules Report

Running Process and Modules exclude results using Master Digest and Whitelist


Query only WMI namespaces


VirusTotal lookups of hashes and/or files from reports


Automatic VirusTotal lookups when running Autoruns


Automatic VirusTotal lookups when checking Running Processes and their modules


10 VirusTotal reports can be generated from log reports and Sysmon


For Consultants



Transferrable 90-Day License



Special Artifact Hunting Features


Sticky Key Exploit Interesting Artifact Report


null byte in a registry value Interesting Artifact Report


Unicode character in filename Interesting Artifact Report


Manual pages

23

70

70

LOG-MD-Pro Slack Channel Community



Here is an example of the detailed output you can expect from Log-MD:

Conclusion

Log-MD is an invaluable tool for anyone tasked with Windows system security. Whether you're a small business or a large enterprise, Log-MD offers a cost-effective solution to enhance your malicious discovery and logging capabilities.

Akash Patel

22 views0 comments

Comments


bottom of page