Alternatives and similar repositories for winevt:

Users that are interested in winevt are comparing it to the libraries listed below

• InQuest / sandboxapi
  Minimal, consistent Python API for building integrations with malware sandboxes.
  ☆138Updated last year
• dgunter / evtxtoelk
  A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
  ☆115Updated 4 years ago
• IntegralDefense / ACE
  Analysis Correlation Engine
  ☆26Updated 5 years ago
• reed1713 / ELAT
  Event Log Analysis Tools
  ☆29Updated 8 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆65Updated 2 weeks ago
• grierforensics / officedissector
  Static analysis tools for Microsoft Office Open XML files and documents
  ☆68Updated 7 years ago
• hvs-consulting / ioc_signatures
  Repository with selected IOCs and YARA rules for threat hunting.
  ☆35Updated last month
• jjo-sec / pynetsim
  ☆17Updated 7 years ago
• vavarachen / evtx2json
  A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
  ☆54Updated 2 years ago
• EmergingThreats / log4shell-detection
  ☆12Updated 3 years ago
• cedricbonhomme / pyHIDS
  A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
  ☆59Updated this week
• RUB-NDS / MS-RMS-Attacks
  Breaking the security of Microsoft's RMS
  ☆53Updated 5 years ago
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• ion-storm / emotet-malware-killer
  ☆38Updated 5 years ago
• williballenthin / python-ntfs
  Open source Python library for NTFS analysis
  ☆80Updated 7 years ago
• atc-project / atc-mitigation
  Actionable analytics designed to combat threats based on MITRE's ATT&CK.
  ☆22Updated 5 years ago
• pcbje / pyad1
  Python library for parsing AccessData AD1 images
  ☆30Updated last year
• SafeBreach-Labs / AltFS
  The Alternative Fileless File System
  ☆55Updated 5 years ago
• bromiley / pollen
  pollen - A command-line tool for interacting with TheHive
  ☆35Updated 5 years ago
• dwestgard / threat_hunting_tables
  Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs
  ☆42Updated 6 years ago
• spitfire55 / MegaDev
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Updated 6 years ago
• forensicmatt / PancakeViewer
  A DFVFS Backed Forensic Viewer
  ☆40Updated 4 years ago
• DCSO / MISP-dockerized
  ☆33Updated 4 years ago
• socprime / SigmaRulesIntegration
  ☆15Updated 6 years ago
• DidierStevens / etl2pcapng
  Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.
  ☆46Updated 5 years ago
• williballenthin / python-evt
  Pure Python parser for classic Windows Event Log files (.evt)
  ☆47Updated last year
• omerbenamram / pyevtx-rs
  Python bindings for https://github.com/omerbenamram/evtx/
  ☆50Updated 2 months ago
• Neo23x0 / sysmon-version-history
  An Inofficial Sysmon Version History (Change Log)
  ☆32Updated 4 years ago
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆65Updated 3 years ago
• att / docker-forensics
  Tools to assist in forensicating docker
  ☆81Updated last week