Windows Event Log Killer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
翻译 - 通过可视化和分析Windows事件日志来调查恶意Windows登录
Evade sysmon and windows event logging
翻译 - 逃避sysmon和Windows事件记录
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Pure Python parser for Windows Event Log files (.evtx)
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
翻译 - APT-Hunter是Windows事件日志的威胁搜寻工具,紫色团队的心态使该工具能够检测Windows事件日志中隐藏的APT移动,以减少发现可疑活动的时间
Documentation and scripts to properly enable Windows event logs.
A tool mainly to erase specified records from Windows event logs, with additional functionalities.
Windows notifier tool that detects RDP, SMB and RPC connections by monitoring ETW event logs
Parse PowerShell and Security event logs for sensitive information.
翻译 - 解析PowerShell和安全事件日志以获取敏感信息。
Logs key Windows process performance metrics. #nsacyber
Event Tracing For Windows (ETW) Resources
Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows
翻译 - 适用于Linux,BSD和OSX的快速轻量级日志处理器和转发器
RPC Monitor tool based on Event Tracing for Windows
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
翻译 - Sysmon 事件模拟实用程序,可用于模拟攻击以生成 Sysmon 事件日志,以测试 Blue 团队的 EDR 检测和关联规则。
Remove individual lines from Windows XML Event Log (EVTX) files
Extended Process Monitor-like tool based on Event Tracing for Windows