CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making.

The RedEye open- source tool allows Red Team and Blue Team users to digest/ingest Cobalt Strike logs from a penetration test or Red Team engagement that uses Cobalt Strike, make them queryable, and present them in a graphical/timeline format. This allows for users to see relevant information about the campaign, campaign playback, explore key events and penetration paths in a campaign, allow for collaboration among users during and after the campaign, creation of presentations, and export of reports on a given campaign.

Link: CISA’s RedEye Tool Overview Video.

Link: CISA RedEye on GitHub