About WELA

WELA (Windows Event Log Analyzer, ゑ羅) is a tool for auditing Windows event log settings. Windows event logs are a vital source of information for Digital Forensics and Incident Response (DFIR), providing visibility into system activity and security events. Unfortunately, default configurations often lead to problems such as limited log retention, insufficient audit policies, and blind spots that reduce detection capability. WELA helps uncover these weaknesses and offers practical recommendations to improve audit settings and enhance security visibility. WELA also assesses log configurations based on real-world Sigma rule coverage, allowing users to evaluate what can or cannot be detected under current the settings.