Windows Events Attack Samples
-
Updated
Jan 24, 2023 - HTML
#
evtx
Here are 62 public repositories matching this topic...
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
-
Updated
Nov 8, 2025
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
detection logs python3 forensics dfir sysmon auditd sigma evtx sigma-rules dfir-automation forensics-tools pysigma dfir-tools evtxtract
-
Updated
May 15, 2026 - Python
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
-
Updated
May 21, 2026
Graph Visualization for windows event logs
security forensics threat-hunting hunting blueteam security-tools evtx dfir-automation forensics-tools
-
Updated
Jan 15, 2025 - Python
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
-
Updated
Nov 30, 2021 - Python
Parse evtx files and detect use of the DanderSpritz eventlogedit module
-
Updated
Dec 15, 2017 - Python
ThreatSeeker: Threat Hunting via Windows Event Logs
-
Updated
May 16, 2023 - Python
Active Directory Forensic Toolkit : Detect & reconstruct AD attacks from Windows event logs (EVTX)
python incident-response active-directory forensics dfir threat-hunting siem blue-team evtx windows-security
-
Updated
Mar 17, 2026 - Python
Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.
log-analysis dfir digital-forensics session-reconstruction forensic-analysis security-tools timeline-analysis blue-team evtx windows-event-logs windows-forensics blue-team-tool evtx-analysis dfir-tools event-log-analysis incident-response-tool evtx-parser event-log-parser powershell-forensics
-
Updated
May 20, 2026 - Python
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows analytics analysis dotnet powershell detection logging logs cybersecurity sysmon siem hunting forwarder defense eventlog log-forwarder evtx logging-framework logging-agent windowsevents
-
Updated
May 13, 2026 - C#
Logpresso Mini and community contents for incident response
-
Updated
Oct 21, 2021
Rust DFIR tool that massively parses cross-platform evidence, even deleted logs, into a lateral movement timeline and graph database.
rust neo4j vss incident-response dfir graph-database event-log threat-hunting digital-forensics cypher ual evtx kape lateral-movement velociraptor memgraph digital-forensics-incident-response windows-forensics digital-forensic-tool forensic-tool
-
Updated
May 21, 2026 - Rust
Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersecuritynews.com/windows-event-log-analysis/, to quickly highlight key forensic artifacts.
-
Updated
Jul 19, 2025 - C#
EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
-
Updated
Nov 7, 2021 - Python
Improve this page
Add a description, image, and links to the evtx topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the evtx topic, visit your repo's landing page and select "manage topics."