This is a Python tool for parsing evtx files, analyzing them, and filtering suspicious events using Sigma rules.
To install the tool, follow these steps:
-
Clone the repository:
git clone https://github.com/scrymastic/windows-log-analyzer.git
-
Install the required dependencies:
pip install -r requirements.txt
To use the tool, run the following command:
python main.py
Configure the tool by editing the config.py
file.
Contributions are welcome. Feel free to open an issue or submit a pull request.
Parts of this project use resources from other open source repositories.
The following is a list of these projects:
-
sigma: a repository of Sigma rules for detecting suspicious events.
-
EVTX-ATTACK-SAMPLES: a repository of evtx files collected from various attack scenarios.