airbus-cert / etl-parserLinks
Event Trace Log file parser in pure Python
☆141Updated 4 years ago
Alternatives and similar repositories for etl-parser
Users that are interested in etl-parser are comparing it to the libraries listed below
Sorting:
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- Signature engine for all your logs☆170Updated last year
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated last week
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- A tool for de-obfuscating PowerShell scripts☆68Updated 6 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆162Updated 6 months ago
- Telsy CTI Research Team☆57Updated 4 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- Yet another registry parser☆132Updated 3 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Updated 6 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆74Updated 3 weeks ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆113Updated 5 months ago
- Windows Registry Knowledge Base☆175Updated 8 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆75Updated 5 months ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 4 months ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Static based decoders for malware samples☆93Updated 4 years ago
- Community modules for FAME☆65Updated 4 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆73Updated last year
- Reconstruct process trees from event logs☆146Updated 4 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago