python-evtx
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Alterix is a tool that converts Sigma and Yara rules to the query language of CRYPTTECH's next-generation SIEM product. Sigma is an open-source project that provides a rule format and tools for sharing detection rules for security operations. Yara helps malware researchers identify and classify malware samples. Alterix acts as a bridge between Sigma, Yara, and CRYPTTECH's SIEM, enabling security teams to use their existing rule sets with the SIEM's advanced capabilities.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
A service that analyzes and visualizes security data to investigate potential security issues.
A collection of detections for Panther SIEM with detailed setup instructions.
Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.