| APT-Hunter |
Git |
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity. |
event-log, threat-hunting |
.evtx |
|
| EVTX-ATTACK-SAMPLES |
Git |
Windows Events Attack Samples. |
event-log, mitre-attack |
.evtx |
|
| Elastic Stack (ELK + Beats) |
HTTP |
Downloads Elasticsearch, Kibana, Logstash, Elastic Agent, and Beats. |
siem, log-analysis, search, visualization |
.json, .log |
Full only |
| LUMEN |
npm |
Your Browser-based EVTX Companion. |
log-analysis, event-log, forensics, visualization |
.evtx |
|
| LogBoost |
GitHub Release |
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches. |
log-analysis, event-log |
.evtx, .csv, .json |
Full only |
| MasterParser |
Git |
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs |
log-analysis, linux, security-testing |
.log |
|
| ToolAnalysisResultSheet |
Git |
This repository summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network. |
forensics, documentation, security-testing |
.evtx |
|
| YAMAGoya |
GitHub Release |
Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA |
yara, detection-rules |
.yar, .yara |
Full only |
| Zircolite |
GitHub Release |
Zircolite is a standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux, XML or JSONL,NDJSON Logs |
log-analysis, sigma, detection, incident-response |
.evtx, .json |
|
| chainsaw |
GitHub Release |
Rapidly Search and Hunt through Windows Forensic Artefacts |
log-analysis, incident-response, sigma, detection |
.evtx |
|
| dfir-toolkit |
Cargo |
The dfir-toolkit is a collection of command-line tools for digital forensics and incident response (DFIR) tasks. It includes various utilities for analyzing log files, registry hives, MFT files, and other artifacts commonly encountered in DFIR investigations. |
forensics, timeline, log-analysis, event-log, registry, bodyfile |
.evtx, .reg, .dat, .lnk, .pf, .mft, .zip |
|
| evtx |
Python |
|
log-analysis, event-log, windows |
.evtx |
|
| evtx_dump |
GitHub Release |
A Fast (and safe) parser for the Windows XML Event Log (EVTX) format |
log-analysis, event-log, windows |
.evtx |
|
| flatten_json |
Python |
Flatten JSON objects |
python, json |
.json |
|
| fx |
GitHub Release |
fx is a terminal JSON viewer and processor. |
json, data-processing, visualization |
.json, .jsonl |
|
| gron |
GitHub Release |
gron makes JSON greppable by transforming it into discrete assignments that can be easily searched and filtered using standard command-line tools. |
json, data-processing, search |
.json |
|
| hayabusa |
GitHub Release |
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. |
log-analysis, event-log, sigma, detection, timeline, incident-response |
.evtx |
|
| hayabusa-rules |
Git |
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor. |
event-log, detection-rules, sigma |
.evtx |
|
| takajo |
GitHub Release |
Takajō (鷹匠) is a Hayabusa results analyzer. |
log-analysis, timeline |
.json |
|
| toolong |
Python |
|
log-analysis, tui |
.log, .txt |
|