RedEye is a tool that both red and blue teams may use to quickly assess data and make useful decisions.
RedEye, an interactive open source analytical tool to visualise and report Red Team command and control actions, it is a cooperative effort between CISA and the DOE’s Pacific Northwest National Laboratory that can read attack framework logs (such those from Cobalt Strike) and show complex data in a more palatable manner. RedEye allows users to access historical records of each campaign log by correlating the servers and hosts involved in a graphical form.
An operator can review mitigation tactics, interpret complex data, and make informed decisions in response to a Red Team evaluation using RedEye, which is available on GitHub. The application analyses logs, including those from Cobalt Strike, and provides the information in a way that is simple to understand. Then, users can tag and comment on the activities that are shown in the tool. RedEye’s presentation mode allows users to show stakeholders findings and workflow.
RedEye can assist an operator to efficiently:
Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text. Display and evaluate complex assessment data to enable effective decision-making. Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.
Platform support
Linux:
- Ubuntu 18 and newer
- Kali Linux 2020.1 and newer
Others may be supported but are untested
macOS:
- El Capitan and newer
Windows:
- Windows 7 and newer
- ARM support is experimental.
It can be downloaded from here.
