Windows Events Attack Samples
翻译 - Windows 事件攻击示例
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
翻译 - 一组思维导图提供了不同 #Windows 审计能力和事件日志文件的详细概述。
Pure Python parser for Windows Event Log files (.evtx)
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
翻译 - 用于EVTX的基于SIGMA的独立检测工具。
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
Graph Visualization for windows event logs
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Parse evtx files and detect use of the DanderSpritz eventlogedit module
ThreatSeeker: Threat Hunting via Windows Event Logs
A library for fast parse & import of Windows Eventlogs into Elasticsearch.
Triaging Windows event logs based on SANS Poster
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
Powershell scripts
This is a PySimpleGUI-based Python software tool for processing and visualising selected Windows Event Security.evtx log files that meet a condition in Event ID 4688.
