![Windows EVTX Samples [200 EVTX examples] Logo](/_next/image?url=https%3A%2F%2Fkcjlih8bwjd7vpzd.public.blob.vercel-storage.com%2Fgithub-pNnWZrsWcngjHtgmLcqC9TLc5g3tJS.webp&w=128&q=75)
Windows EVTX Samples [200 EVTX examples]
This container provides 200 Windows events samples related to specific attack and post-exploitation techniques, useful for testing detection scripts, training on DFIR and threat hunting, and designing detection use cases using Windows and Sysmon event logs. It includes a PowerShell script for parsing and replaying EVTX files with Winlogbeat.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Maltego transform pack for analyzing and graphing Honeypots using MySQL data.
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.