Windows Events Attack Samples
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
Pure Python parser for Windows Event Log files (.evtx)
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
Graph Visualization for windows event logs
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Parse evtx files and detect use of the DanderSpritz eventlogedit module
ThreatSeeker: Threat Hunting via Windows Event Logs
A library for fast parse & import of Windows Eventlogs into Elasticsearch.
Triaging Windows event logs based on SANS Poster
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
Powershell scripts
This is a PySimpleGUI-based Python software tool for processing and visualising selected Windows Event Security.evtx log files that meet a condition in Event ID 4688.
