bannsec / winevt

Related projects ⓘ

Alternatives and complementary repositories for winevt

• dgunter / evtxtoelk
  A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
  ☆115Updated 4 years ago
• williballenthin / python-evt
  Pure Python parser for classic Windows Event Log files (.evt)
  ☆48Updated last year
• Neo23x0 / sysmon-version-history
  An Inofficial Sysmon Version History (Change Log)
  ☆32Updated 4 years ago
• mitre-attack / evals_caldera
  A CALDERA plugin for ATT&CK Evaluations Round 1
  ☆33Updated last year
• CIRCL / PyPDNS
  Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.
  ☆76Updated 3 weeks ago
• cedricbonhomme / pyHIDS
  A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
  ☆57Updated 3 months ago
• RUB-NDS / MS-RMS-Attacks
  Breaking the security of Microsoft's RMS
  ☆53Updated 5 years ago
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆64Updated this week
• reed1713 / ELAT
  Event Log Analysis Tools
  ☆29Updated 8 years ago
• regit / suriwire
  Wireshark plugin to display Suricata analysis info
  ☆91Updated 3 years ago
• vavarachen / evtx2json
  A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
  ☆55Updated 2 years ago
• 0xrawsec / gene-rules
  ☆39Updated 2 years ago
• BreakingMalwareResearch / YetiToElastic
  YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack
  ☆15Updated 3 years ago
• jjo-sec / pynetsim
  ☆17Updated 7 years ago
• MISP / PyMISPWarningLists
  Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists
  ☆31Updated last week
• swisscom / PowerGRR
  PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
  ☆56Updated 2 years ago
• CyCat-project / cycat-service
  CyCAT.org API back-end server including crawlers
  ☆30Updated last year
• mnemonic-no / dnscache
  Volatility memory forensics plugin for extracting Windows DNS Cache
  ☆29Updated 7 years ago
• IntegralDefense / ACE
  Analysis Correlation Engine
  ☆26Updated 5 years ago
• PUNCH-Cyber / stoq-plugins-public
  stoQ Public Plugins
  ☆71Updated last year
• tenable / yara-rules
  Repository of yara rules
  ☆60Updated last year
• DearBytes / Opensource-Endpoint-Monitoring
  This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
  ☆33Updated 5 years ago
• telekom-security / acquire-aws-ec2
  A python script to acquire multiple aws ec2 instances in a forensically sound-ish way
  ☆37Updated 3 years ago
• forensicmatt / PancakeViewer
  A DFVFS Backed Forensic Viewer
  ☆39Updated 4 years ago
• fireeye / HXTool
  HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physic…
  ☆79Updated 4 months ago
• OISF / suricata-intel-index
  Suricata rule and intel index
  ☆29Updated last month
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆41Updated 6 years ago
• IllusiveNetworks-Labs / HistoricProcessTree
  An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…
  ☆59Updated 6 years ago
• fireeye / brocapi
  Bro PCAP Processing and Tagging API
  ☆28Updated 7 years ago