windows-event-logs

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Cross-Platform Universal Log Viewer.

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs

Search Windows event log and output results to a text file

A Python script that parses CPER-formatted raw data contained in error event log provided by WHEA-Logger

Convert Windows Event Log .evtx files to other formats.

Python 3-based multithreaded Windows Event monitoring program

Purpose: analyze Windows Security Logs using Splunk to develop a behavioral baseline and investigate host activity patterns.

*This simulation captures core, widely observed attacker behaviors aligned with common enterprise intrusion patterns. From brute-force access to obfuscated execution, persistence, recon, and privilege assessment, each step reflects actions that threat actors commonly execute after compromising a host.

This case study captures a classic example of attacker persistence using a built-in operating system feature: the Windows service framework. Through the lens of Event ID 7045, the attacker installed a background service named WinUpdateHelper, masked to resemble a legitimate update utility.

Event Tracing for Windows

Detection engineering lab using Splunk, Sigma, and Windows logs — mapped to MITRE ATT&CK

Parses and imports a Windows Log File (CSV) into a Microsoft SQL Server Database.

Parses and Analyse Authentication on Windows Event Log

Observe introduction: building a SIEM with Observe.

Shows how to write entries to Windows Event Log

Console Windows event log viewer