Windows Events Attack Samples
-
Updated
Aug 23, 2021 - HTML
#
evtx
Here are 22 public repositories matching this topic...
A standalone SIGMA-based detection tool for EVTX.
-
Updated
Sep 5, 2021 - Python
Parse evtx files and detect use of the DanderSpritz eventlogedit module
-
Updated
Dec 15, 2017 - Python
Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.
-
Updated
Aug 29, 2021
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
-
Updated
Jul 7, 2021 - Python
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
-
Updated
Sep 17, 2021
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows
analytics
analysis
dotnet
powershell
detection
logging
logs
cybersecurity
sysmon
siem
hunting
forwarder
defense
eventlog
log-forwarder
evtx
logging-framework
logging-agent
windowsevents
-
Updated
Jul 21, 2021 - C#
Logpresso Mini and community contents for incident response
-
Updated
Apr 28, 2021
Program to send logfiles to ELK using winlogbeat.
-
Updated
May 18, 2020 - Visual Basic .NET
Simple Python script to convert, enrich and upload an EVTX file to Palo Alto Networks Cortex XDR using an HTTP Custom Collector.
-
Updated
May 4, 2021 - Python
Convert Windows Event Log .evtx files to other formats.
-
Updated
Sep 25, 2019 - Python
Fast Analysis For Powershell logs
-
Updated
Sep 7, 2021 - Python
Windows service to collect print events and save them to MSSQL DB
-
Updated
Jul 27, 2021 - Python
Improve this page
Add a description, image, and links to the evtx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the evtx topic, visit your repo's landing page and select "manage topics."
@hyuunnn @forensenellanebbia and anyone else looking for something to contribute. I want to make sure all the events covered in the link below have maps. These are very common attackers TTPs so the goal is to have the Map Description and as much relevant information mapped out so these events are not overlooked.
https://jpcertcc.github.io/ToolAnalysisResultSheet/
It's simple enough to find