nsacyber/Windows-Event-Log-Messages external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nsacyber/Windows-Event-Log-Messages

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nsacyber/Windows-Event-Log-Messages)

Close

nsacyber / Windows-Event-Log-MessagesView on GitHubMore

• External links
• Readme badge

Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber

☆406Dec 8, 2022Updated 3 years ago

Alternatives and similar repositories for Windows-Event-Log-Messages

Users that are interested in Windows-Event-Log-Messages are comparing it to the libraries listed below

• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆883Nov 17, 2020Updated 5 years ago
• nsacyber / unfetter

  View on GitHub
  Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber
  ☆164May 11, 2020Updated 5 years ago
• nsacyber / Windows-Secure-Host-Baseline

  View on GitHub
  Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
  ☆1,596Dec 24, 2022Updated 3 years ago
• nsacyber / Splunk-Assessment-of-Mitigation-Implementations

  View on GitHub
  Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
  ☆76May 25, 2016Updated 9 years ago
• nsacyber / LOCKLEVEL

  View on GitHub
  A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mit…
  ☆99Jun 8, 2016Updated 9 years ago
• nsacyber / PRUNE

  View on GitHub
  Logs key Windows process performance metrics. #nsacyber
  ☆69Dec 8, 2022Updated 3 years ago
• nsacyber / Pass-the-Hash-Guidance

  View on GitHub
  Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber
  ☆201Nov 25, 2016Updated 9 years ago
• nsacyber / Certificate-Authority-Situational-Awareness

  View on GitHub
  Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber
  ☆114Jun 2, 2016Updated 9 years ago
• nsacyber / WALKOFF-Apps

  View on GitHub
  WALKOFF-enabled applications. #nsacyber
  ☆143Mar 14, 2019Updated 6 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,299Sep 8, 2025Updated 5 months ago
• nsacyber / AppLocker-Guidance

  View on GitHub
  Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber
  ☆232Oct 31, 2025Updated 4 months ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• nsacyber / WALKOFF

  View on GitHub
  A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, t…
  ☆1,229Dec 12, 2022Updated 3 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,573Sep 21, 2025Updated 5 months ago
• zacbrown / hiddentreasure-etw-demo

  View on GitHub
  Basic demo for Hidden Treasure talk.
  ☆49Nov 4, 2017Updated 8 years ago
• nsacyber / nsacyber.github.io

  View on GitHub
  NSA Cybersecurity. Formerly known as NSA Information Assurance and the Information Assurance Directorate
  ☆289Aug 17, 2024Updated last year
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,428Nov 16, 2023Updated 2 years ago
• darkoperator / Posh-Sysmon

  View on GitHub
  PowerShell module for creating and managing Sysinternals Sysmon config files.
  ☆214Mar 29, 2021Updated 4 years ago
• nsacyber / GRASSMARLIN

  View on GitHub
  Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in suppo…
  ☆1,033Feb 24, 2020Updated 6 years ago
• THIBER-ORG / userline

  View on GitHub
  Query and report user logons relations from MS Windows Security Events
  ☆243Aug 9, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,640Nov 22, 2022Updated 3 years ago
• Invoke-IR / Uproot

  View on GitHub
  Currently not updated for WMIEvent module...
  ☆262Feb 23, 2016Updated 10 years ago
• mandiant / flare-wmi

  View on GitHub
  ☆432May 3, 2023Updated 2 years ago
• WiredPulse / Group_Policy

  View on GitHub
  A series of GPO templates
  ☆21Jan 2, 2017Updated 9 years ago
• JPCERTCC / ToolAnalysisResultSheet

  View on GitHub
  Tool Analysis Result Sheet
  ☆356Dec 4, 2017Updated 8 years ago
• nsacyber / netman

  View on GitHub
  A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber
  ☆80Nov 29, 2016Updated 9 years ago
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,136Oct 19, 2025Updated 4 months ago
• PaulSec / awesome-windows-domain-hardening

  View on GitHub
  A curated list of awesome Security Hardening techniques for Windows.
  ☆1,789Jan 7, 2020Updated 6 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,486Jan 12, 2026Updated last month
• mattifestation / PSSysmonTools

  View on GitHub
  Sysmon Tools for PowerShell
  ☆233Aug 17, 2018Updated 7 years ago
• nsacyber / simon-speck

  View on GitHub
  The SIMON and SPECK families of lightweight block ciphers. #nsacyber
  ☆169Nov 12, 2019Updated 6 years ago
• nsacyber / Hardware-and-Firmware-Security-Guidance

  View on GitHub
  Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Stor…
  ☆850Dec 23, 2024Updated last year
• A-mIn3 / WINspect

  View on GitHub
  Powershell-based Windows Security Auditing Toolbox
  ☆573Jan 9, 2019Updated 7 years ago
• DBHeise / VM_Setup

  View on GitHub
  A collection of scripts to initialize a windows VM to run all the malwares!
  ☆107Apr 3, 2020Updated 5 years ago
• nsacyber / BitLocker-Guidance

  View on GitHub
  Configuration guidance for implementing BitLocker. #nsacyber
  ☆127Jul 24, 2019Updated 6 years ago
• mattifestation / CimSweep

  View on GitHub
  CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…
  ☆658Aug 19, 2019Updated 6 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,908Jul 6, 2024Updated last year
• RedSiege / WMIOps

  View on GitHub
  This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.
  ☆388Jun 25, 2024Updated last year