An investigator has been assigned to analyze network activity and user interactions on a corporate IIS web server after a suspected security breach. The task requires the investigator to process large volumes of IIS log data, focusing on identifying suspicious traffic trends, user access, and potential exploitation attempts. The tool used must allow for efficient log parsing, anomaly detection, and the generation of detailed reports to help reconstruct the event timeline. Given these requirements, which tool should the investigator choose to analyze the IIS logs effectively?
Submit