airbus-cert / etl-parser
Event Trace Log file parser in pure Python
☆138Updated 4 years ago
Alternatives and similar repositories for etl-parser:
Users that are interested in etl-parser are comparing it to the libraries listed below
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- Signature engine for all your logs☆167Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 2 months ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated 8 months ago
- A tool for de-obfuscating PowerShell scripts☆67Updated 5 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 6 years ago
- Random hunting ordiented yara rules☆95Updated last year
- A repository that maps API calls to Sysmon Event ID's.☆118Updated 2 years ago
- Static based decoders for malware samples☆92Updated 4 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated last month
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆84Updated 2 years ago
- Windows Registry Knowledge Base☆172Updated 5 months ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 4 years ago
- ☆82Updated 8 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆95Updated 3 weeks ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- A YARA Rule Performance Measurement Tool☆58Updated last year
- Automatic YARA rule generation for Malpedia☆158Updated 2 years ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆72Updated 2 months ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆132Updated 2 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 2 years ago
- Parser for Windows PowerShell script block logs☆95Updated 7 months ago
- ☆53Updated 6 years ago
- Invoke-LiveResponse☆146Updated 3 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year