Home

WELA (Windows Event Log Analyzer, ゑ羅), created by Yamato Security, is a tool for auditing Windows event log settings. Windows event logs are a vital source of information for DFIR — WELA helps you make sure you are actually recording the events that matter.

Get Started Command Reference View on GitHub

---

Why WELA?

• Audit log policy settings

  ---

  Audit your Windows event log audit policy settings to confirm the right events are being logged.

• Based on guidelines

  ---

  Checks against the major Windows event log audit configuration guidelines.

• Sigma detectability

  ---

  Evaluates your settings against real-world Sigma rule detectability — will your logs actually catch attacks?

• File-size auditing

  ---

  Audits Windows event log file sizes and suggests recommended sizes.

• Auto-configure

  ---

  Apply the recommended audit policy and log file sizes with the configure command.

• Flexible output

  ---

  View results in the terminal, a GUI, a table, or as a MITRE ATT&CK Navigator heatmap.

Quick links

• New here?

  Start with the Overview, then head to Getting Started to install and run WELA.

• Working with the CLI?

  Browse the Command List and the Command Usage reference (audit-settings, audit-filesize, configure, update-rules).

• Going further?

  Explore the Companion Projects, the Changelog, and how to contribute.