airbus-cert / etl-parser
Event Trace Log file parser in pure Python
☆137Updated 4 years ago
Alternatives and similar repositories for etl-parser:
Users that are interested in etl-parser are comparing it to the libraries listed below
- Documentation and supporting script sample for Windows Exploit Guard☆155Updated 3 years ago
- Signature engine for all your logs☆167Updated last year
- Yet another registry parser☆130Updated 2 years ago
- Random hunting ordiented yara rules☆95Updated last year
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 4 years ago
- Static based decoders for malware samples☆92Updated 4 years ago
- A repository that maps API calls to Sysmon Event ID's.☆117Updated 2 years ago
- Windows Registry Knowledge Base☆172Updated 5 months ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 2 months ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated 8 months ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated last year
- An advanced memory forensics framework☆94Updated 5 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 6 years ago
- A tool for de-obfuscating PowerShell scripts☆67Updated 5 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Invoke-LiveResponse☆146Updated 3 years ago
- A YARA Rule Performance Measurement Tool☆58Updated last year
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆72Updated 2 months ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 2 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆286Updated 10 months ago
- c2 traffic☆189Updated 2 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆159Updated 2 months ago
- ☆53Updated 6 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago