Windows Event Log Auditor
☆91Mar 5, 2026Updated this week
Alternatives and similar repositories for WELA
Users that are interested in WELA are comparing it to the libraries listed below
Sorting:
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- ☆21May 8, 2022Updated 3 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- ☆11Dec 9, 2025Updated 2 months ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Aug 6, 2025Updated 7 months ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆11Jun 12, 2023Updated 2 years ago
- Field guide to gather low-hanging fruits☆14Mar 20, 2025Updated 11 months ago
- Sample evtx files to use for testing hayabusa detection rules☆65Nov 5, 2025Updated 4 months ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- Threat Hunt Investigation Methodology and Procedure☆15Jul 11, 2022Updated 3 years ago
- Brew Local Privilege Escalation exploit on Intel macOS☆19Mar 6, 2024Updated 2 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆18Oct 7, 2016Updated 9 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆66Jan 27, 2023Updated 3 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 5 months ago
- Identifies metadata of .NET binary files.☆21Apr 3, 2024Updated last year
- Recurse through a registry, identifying values with large data -- a registry malware hunter☆45Sep 12, 2016Updated 9 years ago
- ☆20Jan 10, 2025Updated last year
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 5 years ago
- Maltego transforms to pivot between PE files based on their VirusTotal codeblocks☆19Jul 15, 2021Updated 4 years ago
- Takajō (鷹匠) is a Hayabusa results analyzer.☆151Feb 23, 2026Updated last week
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆90Aug 12, 2025Updated 6 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Jan 13, 2026Updated last month
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆23Dec 18, 2024Updated last year
- ☆58Apr 30, 2025Updated 10 months ago