CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities.
RedEye, available on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision-making in response to a Red Team assessment.
The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use RedEye’s presentation mode to present findings and workflow to stakeholders.
RedEye can assist an operator to efficiently:
- Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text.
- Display and evaluate complex assessment data to enable effective decision-making.
- Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.
- Ubuntu 18 and newer
- Kali Linux 2020.1 and newer
- Others may be supported but are untested
ARM support is experimental.