Windows Events Attack Samples
-
Updated
Jan 24, 2023 - HTML
Windows Events Attack Samples
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
Graph Visualization for windows event logs
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Parse evtx files and detect use of the DanderSpritz eventlogedit module
ThreatSeeker: Threat Hunting via Windows Event Logs
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
Logpresso Mini and community contents for incident response
This is a PySimpleGUI-based Python software tool for processing and visualising selected Windows Event Security.evtx log files that meet a condition in Event ID 4688.
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
Add a description, image, and links to the evtx topic page so that developers can more easily learn about it.
To associate your repository with the evtx topic, visit your repo's landing page and select "manage topics."