airbus-cert / etl-parser
Event Trace Log file parser in pure Python
☆139Updated 4 years ago
Alternatives and similar repositories for etl-parser:
Users that are interested in etl-parser are comparing it to the libraries listed below
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated 9 months ago
- A repository that maps API calls to Sysmon Event ID's.☆118Updated 2 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Signature engine for all your logs☆166Updated last year
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- A tool for de-obfuscating PowerShell scripts☆68Updated 5 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 4 years ago
- Yet another registry parser☆131Updated 2 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 3 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆108Updated 6 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- ☆82Updated 8 years ago
- Invoke-LiveResponse☆147Updated 3 years ago
- Parser for Windows PowerShell script block logs☆95Updated 7 months ago
- ☆39Updated 2 years ago
- Random hunting ordiented yara rules☆95Updated 2 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆289Updated 10 months ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Static based decoders for malware samples☆92Updated 4 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆72Updated last year
- Windows Registry Knowledge Base☆173Updated 5 months ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs☆42Updated 6 years ago