Alternatives and similar repositories for winevt

Users that are interested in winevt are comparing it to the libraries listed below

• CIRCL / PyPDNS
  Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.
  ☆81Updated 4 months ago
• InQuest / sandboxapi
  Minimal, consistent Python API for building integrations with malware sandboxes.
  ☆139Updated last year
• ion-storm / emotet-malware-killer
  ☆39Updated 5 years ago
• rosehgal / HoneySMB
  Simple High Interaction Honeypot Solution for SMB protocol
  ☆49Updated 4 years ago
• tenable / yara-rules
  Repository of yara rules
  ☆60Updated 2 years ago
• reed1713 / ELAT
  Event Log Analysis Tools
  ☆29Updated 8 years ago
• StamusNetworks / surimisp
  Check IOC provided by a MISP instance on Suricata events
  ☆17Updated 6 years ago
• IllusiveNetworks-Labs / HistoricProcessTree
  An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…
  ☆60Updated 7 years ago
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• inguardians / toms_honeypot
  Tom's Honey Pot as seen in Applied Network Security Monitoring.
  ☆26Updated 10 years ago
• 0xrawsec / gene-rules
  ☆41Updated 2 years ago
• decalage2 / exefilter
  ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats…
  ☆70Updated 3 years ago
• RamadhanAmizudin / python-icap-yara
  An ICAP Server with yara scanner for URL and content.
  ☆59Updated 6 months ago
• socprime / SigmaRulesIntegration
  ☆15Updated 7 years ago
• bro / bro-osquery
  Bro integration with osquery
  ☆15Updated 2 years ago
• swisscom / PowerGRR
  PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
  ☆56Updated 3 years ago
• regit / suriwire
  Wireshark plugin to display Suricata analysis info
  ☆95Updated 3 years ago
• aarju / Kibana_ForensicDashboards
  Dashboards for conducting forensic investigation using windows events in Kibana
  ☆17Updated 6 years ago
• ciscocsirt / dhp
  Simple Docker Honeypot server emulating small snippets of the Docker HTTP API
  ☆30Updated 4 years ago
• RUB-NDS / MS-RMS-Attacks
  Breaking the security of Microsoft's RMS
  ☆55Updated 5 years ago
• brakmic / Sinkholes
  Malware Sinkhole List in various formats
  ☆103Updated 3 years ago
• joesecurity / jbxapi
  Python API wrapper for the Joe Sandbox API.
  ☆67Updated last year
• dgunter / evtxtoelk
  A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
  ☆117Updated 4 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆65Updated 5 months ago
• nccgroup / yaml2yara
  Generate bulk YARA rules from YAML input
  ☆22Updated 5 years ago
• williballenthin / python-evt
  Pure Python parser for classic Windows Event Log files (.evt)
  ☆50Updated 2 years ago
• corelight / http-stalling-detector
  Detect HTTP stalling attacks like slowloris with Bro
  ☆19Updated 7 years ago
• joesecurity / Joe-Sandbox-Bro
  JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox
  ☆45Updated 6 years ago
• Cymmetria / ciscoasa_honeypot
  A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
  ☆52Updated 6 years ago
• mohlcyber / MISP-STIX-ESM
  Exports MISP events to STIX and ingest into McAfee ESM
  ☆15Updated 5 years ago