APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Cross-Platform Universal Log Viewer.
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
Open source HIDS tailored for Microsoft Windows and Active Directory
A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
Convert Windows Event Log .evtx files to other formats.
Search Windows event log and output results to a text file
A Python script that parses CPER-formatted raw data contained in error event log provided by WHEA-Logger
LogLens is a universal log explorer that runs entirely in your browser. Drop any log file in, query it with KQL, visualize it on a timeline, and analyze it with a local AI - all without a single byte of your data touching the internet.
Python 3-based multithreaded Windows Event monitoring program
Client-side Windows event log forensics — Sigma rule matching, PowerShell decode, ransomware chain correlation, credential access detection, and process lineage reconstruction. No backend required.
Splunk SPL reference and detection query library for SOC analysts — brute force, lateral movement, persistence, and threat hunting queries ready to use.
Console Windows event log viewer
Event Tracing for Windows
End-to-end SOC detection lab built on Splunk Enterprise - simulating a multi-stage attack across Kali, Windows 10, and Ubuntu, with SPL detection queries, a 4-panel dashboard, and formal incident report mapped to MITRE ATT&CK.
Menu-based scanner for Hayabusa intended for scanning mounted images and folders with EVTX files.
Parses and Analyse Authentication on Windows Event Log
End-to-end phishing simulation and SOC investigation lab - deploying GoPhish credential harvesting infrastructure and detecting execution via Windows EventID 4688 parent-child process analysis in Splunk.
SOC Analyst threat detection lab with log analysis, phishing investigation, MITRE mapping, and incident response documentation.
End-to-end attack detection lab using Wazuh SIEM, Sysmon, and Windows event log analysis with MITRE ATT&CK mapping.
Add a description, image, and links to the windows-event-logs topic page so that developers can more easily learn about it.
To associate your repository with the windows-event-logs topic, visit your repo's landing page and select "manage topics."