Alternatives and similar repositories for winevt:

Users that are interested in winevt are comparing it to the libraries listed below

• IntegralDefense / ACE
  Analysis Correlation Engine
  ☆26Updated 5 years ago
• DCSO / MISP-dockerized
  ☆33Updated 4 years ago
• ExodusIntelligence / cpe_utils
  A simple python library to assist in working with cpes
  ☆19Updated last year
• rosehgal / HoneySMB
  Simple High Interaction Honeypot Solution for SMB protocol
  ☆48Updated 4 years ago
• tribalchicken / postfix-cuckoolyse
  A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox
  ☆11Updated 8 years ago
• RUB-NDS / MS-RMS-Attacks
  Breaking the security of Microsoft's RMS
  ☆54Updated 5 years ago
• MISP / PyMISPWarningLists
  Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists
  ☆32Updated last month
• Neo23x0 / sysmon-version-history
  An Inofficial Sysmon Version History (Change Log)
  ☆32Updated 4 years ago
• mnemonic-no / dnscache
  Volatility memory forensics plugin for extracting Windows DNS Cache
  ☆29Updated 8 years ago
• DearBytes / Opensource-Endpoint-Monitoring
  This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
  ☆34Updated 5 years ago
• MotiBa / Sysmon
  Sysmon configuration
  ☆66Updated 6 years ago
• h3x2b / yara-rules
  Yara rules for detecting malware
  ☆23Updated 6 months ago
• reed1713 / ELAT
  Event Log Analysis Tools
  ☆29Updated 8 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆65Updated last month
• ion-storm / emotet-malware-killer
  ☆38Updated 5 years ago
• joesecurity / DocBleachShell
  DocBleachShell is the integration of the great DocBleach, https://github.com/docbleach/DocBleach Content Disarm and Reconstruction tool i…
  ☆21Updated 3 years ago
• bromiley / pollen
  pollen - A command-line tool for interacting with TheHive
  ☆35Updated 5 years ago
• williballenthin / python-evt
  Pure Python parser for classic Windows Event Log files (.evt)
  ☆48Updated last year
• decalage2 / exefilter
  ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats…
  ☆70Updated 3 years ago
• iAbdullahMughal / dscan
  D-Scan project for office document analysis and generating flow diagram of macro in documents. For demo visit
  ☆29Updated 4 months ago
• spitfire55 / MegaDev
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Updated 6 years ago
• PaloAltoNetworks / tcpsession
  A python library to extract TCP sessions from PCAPs.
  ☆22Updated 4 years ago
• defensivedepth / Pertinax
  Integrating Sysinternals Autoruns’ logs into Security Onion
  ☆31Updated last year
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• tenable / yara-rules
  Repository of yara rules
  ☆59Updated 2 years ago
• Neo23x0 / ti-falsepositives
  A collection of typical false positive indicators
  ☆55Updated 4 years ago
• bro / bro-osquery
  Bro integration with osquery
  ☆15Updated 2 years ago
• joesecurity / jbxapi
  Python API wrapper for the Joe Sandbox API.
  ☆66Updated 11 months ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆51Updated last year
• DFIRnotes / rules
  Some rules, scripts of some use to us
  ☆9Updated 5 months ago