Zircolite¶

Category: Files and apps / Log

Source: Python

Profiles: Full, Basic

File Extensions: .evtx, .json

Tags: log-analysis, sigma, detection, incident-response

Zircolite is a standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux, XML or JSONL,NDJSON Logs

Tips¶

Use zircolite.ps1 to run the tool, as it ensures the correct Python environment is used.