Top 8 evtx Open-Source Projects

EVTX-ATTACK-SAMPLES

1 2,126 0.0 HTML

Windows Events Attack Samples
Microsoft-eventlog-mindmap

4 988 3.9

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
python-evtx

2 670 1.6 Python

Pure Python parser for Windows Event Log files (.evtx)
Zircolite

4 596 7.5 Python

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
EVTX-to-MITRE-Attack

2 476 3.7

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
evtx

2 238 7.3 C#

C# based evtx parser with lots of extras (by EricZimmerman)

Project mention: Suspicious batch file | /r/cybersecurity | 2023-05-01

Can also pull Windows Event logs, chuck it through a tool like EvtxECmd and then open the output file in TimelineExplorer and go digging for events occuring plus minus a few minutes from that alert. Also can look at anomalous RDP connections or use of explicit creds but it seems like you might have done this already.

evtx-hunter

2 137 0.0 Python

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
evtx2es

1 78 6.9 Python

A library for fast parse & import of Windows Eventlogs into Elasticsearch.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).