airbus-cert / etl-parser
Event Trace Log file parser in pure Python
☆132Updated 3 years ago
Related projects: ⓘ
- A repository that maps API calls to Sysmon Event ID's.☆116Updated last year
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 2 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆206Updated 5 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆79Updated 2 months ago
- ☆80Updated this week
- A repo to document API functions mapped to security events across diverse platforms☆74Updated 4 years ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 3 years ago
- Signature engine for all your logs☆156Updated 10 months ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 5 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆73Updated 2 months ago
- Log newly created WMI consumers and processes to the Windows Application event log☆123Updated 6 years ago
- Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs☆42Updated 5 years ago
- Telsy CTI Research Team☆57Updated 3 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 3 years ago
- Static based decoders for malware samples☆93Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆104Updated 3 years ago
- Yet another registry parser☆128Updated 2 years ago
- PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.☆56Updated 2 years ago
- Random hunting ordiented yara rules☆95Updated last year
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Invoke-LiveResponse☆145Updated 2 years ago
- Trace ScriptBlock execution for powershell v2☆39Updated 4 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆86Updated 2 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150Updated 4 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆59Updated 6 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆82Updated last year
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆36Updated last year
- Parser for Windows PowerShell script block logs☆94Updated last month
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆59Updated 9 months ago
- A YARA Rule Performance Measurement Tool☆58Updated 6 months ago