Transform Linux Audit logs for SIEM usage

Explore Kernel Objects on Windows

A Fast (and safe) parser for the Windows XML Event Log (EVTX) format

Snoopy Command Logger is a small library that logs all program executions on your Linux/BSD system.

Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider

A log pattern analyzer CLI

Expose a lot of MDE telemetry that is not easily accessible in any searchable form

Event Tracing For Windows (ETW) Resources

SSH Session Monitoring Daemon

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

A Splunk Technology Add-on to forward filtered ETW events.

A Fast (and safe) parser for the Windows XML Event Log (EVTX) format

Evtx to Splunk ingestor

Sysmon for Linux

This project aims to compare and evaluate the telemetry of various EDR products.

A repository of curated datasets from various attacks

Generate datasets of cloud audit logs for common attacks

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Documentation and scripts to properly enable Windows event logs.

Re-play Security Events

Windows Events Attack Samples

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Deep Linux runtime visibility meets Wireshark

Linux Runtime Security and Forensics using eBPF