Alternatives and similar repositories for winevt:

Users that are interested in winevt are comparing it to the libraries listed below

• ion-storm / emotet-malware-killer
  ☆38Updated 4 years ago
• ExodusIntelligence / cpe_utils
  A simple python library to assist in working with cpes
  ☆18Updated 11 months ago
• dgunter / evtxtoelk
  A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
  ☆115Updated 4 years ago
• omerbenamram / pyevtx-rs
  Python bindings for https://github.com/omerbenamram/evtx/
  ☆50Updated last month
• Neo23x0 / sysmon-version-history
  An Inofficial Sysmon Version History (Change Log)
  ☆32Updated 4 years ago
• h3x2b / yara-rules
  Yara rules for detecting malware
  ☆23Updated 4 months ago
• InQuest / sandboxapi
  Minimal, consistent Python API for building integrations with malware sandboxes.
  ☆138Updated 11 months ago
• Silv3rHorn / ArtifactExtractor
  Extract common Windows artifacts from source images and VSCs
  ☆66Updated 3 years ago
• tenable / yara-rules
  Repository of yara rules
  ☆59Updated 2 years ago
• jjo-sec / pynetsim
  ☆17Updated 7 years ago
• EmergingThreats / log4shell-detection
  ☆12Updated 3 years ago
• joesecurity / jbxapi
  Python API wrapper for the Joe Sandbox API.
  ☆64Updated 9 months ago
• PaloAltoNetworks / tcpsession
  A python library to extract TCP sessions from PCAPs.
  ☆22Updated 4 years ago
• williballenthin / python-evt
  Pure Python parser for classic Windows Event Log files (.evt)
  ☆48Updated last year
• lprat / static_file_analysis
  Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
  ☆50Updated last year
• zshehri / MITRE_EDR_Eval
  Parsing MITRE EDR Evaluation results
  ☆12Updated 6 years ago
• swisscom / detections
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆53Updated 4 years ago
• mitre-attack / evals_caldera
  A CALDERA plugin for ATT&CK Evaluations Round 1
  ☆33Updated last year
• dwestgard / threat_hunting_tables
  Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs
  ☆42Updated 6 years ago
• IllusiveNetworks-Labs / HistoricProcessTree
  An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…
  ☆59Updated 6 years ago
• mohlcyber / OpenDXL-MISP-IntelMQ-Output
  Automated OpenDXL Output information via IntelMQ
  ☆14Updated 7 years ago
• cbcommunity / cbapi-examples
  Repository for all cbapi example scripts
  ☆16Updated 6 years ago
• DCSO / MISP-dockerized
  ☆33Updated 4 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆65Updated 2 months ago
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• matonis / yara_tools
  Create an entire YARA rule via Python? Whhhhhhaatttt?
  ☆72Updated 6 years ago
• ioc-fang / ioc-fanger
  Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
  ☆57Updated last year
• brakmic / Sinkholes
  Malware Sinkhole List in various formats
  ☆102Updated 2 years ago
• ANSSI-FR / bits_parser
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆74Updated 6 months ago