A community-led project focused on standardizing security event logs.
GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. The scripts work together on one or more mounted Windows® partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
A community-led project focused on standardizing security event logs.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
Cybersecurity project for security monitoring of Node.js applications.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
A Command Line Map-Reduce tool for analyzing cowrie log files over time and creating visualizations and statistics.