airbus-cert / etl-parserLinks
Event Trace Log file parser in pure Python
☆144Updated 4 years ago
Alternatives and similar repositories for etl-parser
Users that are interested in etl-parser are comparing it to the libraries listed below
Sorting:
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated last month
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- Signature engine for all your logs☆171Updated last year
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 5 months ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- Random hunting ordiented yara rules☆97Updated 2 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆75Updated last month
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- An advanced memory forensics framework☆96Updated 5 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year
- Yet another registry parser☆133Updated 3 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Updated 4 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆157Updated 3 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆57Updated 3 years ago
- A tool for de-obfuscating PowerShell scripts☆69Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- ☆98Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- YARA rules for use with ProcFilter☆87Updated 8 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- ☆41Updated 2 years ago
- ☆45Updated 2 years ago
- Carve NTFS USN records from binary data☆26Updated 8 years ago
- Automatic YARA rule generation for Malpedia☆161Updated 2 years ago
- A YARA Rule Performance Measurement Tool☆59Updated last year