A command-line tool and Python library for parsing Windows Event Logs and importing the results into Elasticsearch.
☆89Jun 2, 2026Updated last week
Alternatives and similar repositories for evtx2es
Users that are interested in evtx2es are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Sigma Engine implementation in TypeScript☆28Mar 5, 2023Updated 3 years ago
- Code and Slides of my BSides London 2019 presentation about Attacker Emulation using CALDERA☆22Jun 9, 2019Updated 7 years ago
- An ELK environment containing interesting security datasets.☆136May 11, 2020Updated 6 years ago
- A command-line tool and Python library for parsing Windows Master File Table ($MFT) and importing the results into Elasticsearch.☆13Jun 3, 2026Updated last week
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Misc Threat Hunting Resources☆379Jan 26, 2023Updated 3 years ago
- A modern Python-3-based alternative to RegRipper☆215May 12, 2026Updated 3 weeks ago
- Collection of useful, up to date, Carbon Black Response Queries☆86Oct 23, 2020Updated 5 years ago
- A list of Mitre Caldera compatible emulation-plans☆14Feb 1, 2021Updated 5 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Repo containing docker-compose files and setup scripts without having to clone the individual reternal components☆111Mar 25, 2021Updated 5 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- Tracking APT IOCs☆25Nov 16, 2020Updated 5 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- PowerAvails is a unit of collection of Powershell modules that help you get done many things☆118May 31, 2019Updated 7 years ago
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 3 months ago
- ☆152Jun 5, 2024Updated 2 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆32Nov 25, 2019Updated 6 years ago
- Random hunting ordiented yara rules☆96Mar 27, 2023Updated 3 years ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Apr 10, 2020Updated 6 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆516Jul 15, 2022Updated 3 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Nov 6, 2020Updated 5 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 7 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Golang Parser for Microsoft Event Logs☆109Apr 27, 2026Updated last month
- Windows Events Attack Samples☆2,567Jan 24, 2023Updated 3 years ago
- ☆28Mar 29, 2022Updated 4 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,077Nov 28, 2024Updated last year
- ☆16Dec 16, 2020Updated 5 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆822May 30, 2026Updated last week
- PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpo…☆51Aug 15, 2019Updated 6 years ago
- Purple Team Security☆75Mar 24, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Port of Invoke-Excel4DCOM☆104Oct 12, 2019Updated 6 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆48Jan 2, 2022Updated 4 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆572Dec 12, 2021Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 5 years ago
- Kerberoast Detection Script☆30Oct 31, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆148Sep 2, 2025Updated 9 months ago