A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Pure Python parser for Windows Event Log files (.evtx)

Graph Visualization for windows event logs

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Parse evtx files and detect use of the DanderSpritz eventlogedit module

ThreatSeeker: Threat Hunting via Windows Event Logs

A fast library for parsing and importing Windows Event Logs into Elasticsearch.

Active Directory Forensic Toolkit : Detect & reconstruct AD attacks from Windows event logs (EVTX)

EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

Autonomous agentic threat hunting playbook executor for SOC/DFIR pros. Runs YAML playbooks against forensic logs with local LLMs (Ollama) for intelligent correlation, triage, ATT&CK mapping, and automated reporting. Offline-first, DuckDB-powered.

This is a PySimpleGUI-based Python software tool for processing and visualising selected Windows Event Security.evtx log files that meet a condition in Event ID 4688.

Convert Windows Event Log .evtx files to other formats.

Simple Python script to convert, enrich and upload an EVTX file to Palo Alto Networks Cortex XDR using an HTTP Custom Collector.

A command line wrapper for the python-evtx library.

Fast Analysis For Powershell logs

Windows EVTX to XML and JSON converter

ThreatLens is a free, open-source AI assistant that analyses Windows Event Logs and Linux logs like a senior SOC analyst --- powered by Groq LLaMA 3.3 and local embeddings.

Windows service to collect print events and save them to MSSQL DB

Advanced Log Intelligence & Threat Detection Engine - 115+ rules, 97 MITRE ATT&CK techniques, STIX 2.1 export, Sigma support, CLI + GUI

CLI python parser for windows event log (.evtx) files