GrokEVT Logo

GrokEVT

0
Free
Visit Website

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. The scripts work together on one or more mounted Windows® partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

FEATURES

ALTERNATIVES

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

Commercial

A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.

Free

An Event Hub to gather, process, and monitor system events and link them to an inventory.

Free

Logdissect is a CLI utility and Python library for analyzing log files and other data.

Free

A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.

Free

HoneyView is a tool for analyzing honeyd logfiles graphically and textually.

Free

A collection of detections for Panther SIEM with detailed setup instructions.

Free

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

Free

PINNED