Biapy's Bookmarks

evtx

Zircolite

https://wagga40.github.io/Zircolite/#/

Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on : MS Windows EVTX (EVTX, XML and JSONL format), Auditd logs, Sysmon for Linux and EVTXtract logs.

Zircolite @ GitHub.

data-analytics evtx logs open-source security windows

Added 11 months ago

Zircolite

https://github.com/wagga40/Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs.

Comment effectuer une investigation numérique sur les journaux d’évènements Windows avec Zircolite ? @ IT-Connect :fr:.

auditd command-line evtx linux open-source security sigma sysmon

Added 1 year ago