evtx

Windows Events Attack Samples

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

Pure Python parser for Windows Event Log files (.evtx)

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

C# based evtx parser with lots of extras

Graph Visualization for windows event logs

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Parse evtx files and detect use of the DanderSpritz eventlogedit module

ThreatSeeker: Threat Hunting via Windows Event Logs

A library for fast parse & import of Windows Eventlogs into Elasticsearch.

Evtx Log (xml) Browser

Triaging Windows event logs based on SANS Poster

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Logpresso Mini and community contents for incident response

EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

Powershell scripts

Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersecuritynews.com/windows-event-log-analysis/, to quickly highlight key forensic artifacts.

A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events

This is a PySimpleGUI-based Python software tool for processing and visualising selected Windows Event Security.evtx log files that meet a condition in Event ID 4688.