userline - Query and report user logons relations from MS Windows Security Events.

userline – Query and report user logons relations from MS Windows Security Events.

userline is a tool automates the process of creating logon relations from MS Windows Security Events by showing a graphical relation among users domains, source and destination logons as well as session duration.
It has the following output modes:
– Standard output
– CSV file
– JSON file
– Neo4J graph
– Graphviz dot file
– Timesketch

userline v0.2.4b

Dependencies:
+ Python 3.4x or higher
+ elasticsearch-dsl>=5.2.0, neo4j-driver>=1.2.1, python_dateutil>=2.6.0, graphviz>=0.7, and redis>=2.10.5 python3 module.

Usage:

Source: https://github.com/THIBER-ORG