GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → vavarachen → evtx2json

vavarachen / evtx2json

Licence: Apache-2.0 license
A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

splunksecurity-tools

Projects that are alternatives of or similar to evtx2json

maple
Type-safe, consistently named and formatted, structured logging wrapper for SLF4J that's ideally suited for your logging aggregator.
Stars: ✭ 39 (+2.63%)
Mutual labels:  splunk
vagrant-ids
An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
Stars: ✭ 21 (-44.74%)
Mutual labels:  splunk
TA-bigfix
Splunk technical add-on (TA) for ingesting BigFix client, relay, and server logs. Includes REST inputs for ingesting assets, relevant fixlets, action summaries, and analysis results.
Stars: ✭ 15 (-60.53%)
Mutual labels:  splunk
TA-opnsense
Splunk Add on for OPNsense firewall
Stars: ✭ 13 (-65.79%)
Mutual labels:  splunk
kafka-connect-splunk
Kafka Connect connector for receiving data and writing data to Splunk.
Stars: ✭ 25 (-34.21%)
Mutual labels:  splunk
ansible-splunk-playbook
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
Stars: ✭ 34 (-10.53%)
Mutual labels:  splunk
Splunk TA paloalto
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
Stars: ✭ 15 (-60.53%)
Mutual labels:  splunk
splunk-connect-for-syslog
Splunk Connect for Syslog
Stars: ✭ 111 (+192.11%)
Mutual labels:  splunk
Kong-API-Manager
Kong API Manager with Prometheus And Graylog
Stars: ✭ 78 (+105.26%)
Mutual labels:  splunk
Sigma
Generic Signature Format for SIEM Systems
Stars: ✭ 4,418 (+11526.32%)
Mutual labels:  splunk
sysmon-splunk-app
Sysmon Splunk App
Stars: ✭ 42 (+10.53%)
Mutual labels:  splunk
config explorer
Config viewer and file editor for Splunk. Based on VSCode.
Stars: ✭ 20 (-47.37%)
Mutual labels:  splunk
ansible-role-for-splunk
Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)
Stars: ✭ 75 (+97.37%)
Mutual labels:  splunk
detection-rules
Threat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-10.53%)
Mutual labels:  splunk
fanuc-driver
Configurable Fanuc Focas data collector and post processor.
Stars: ✭ 38 (+0%)
Mutual labels:  splunk
twitter-aws-comprehend
An app to analyze tweets using Amazon Comprehend's Sentiment Analysis service
Stars: ✭ 13 (-65.79%)
Mutual labels:  splunk
splunk-otel-js-web
Splunk distribution of Open Telemetry for browser environment.
Stars: ✭ 23 (-39.47%)
Mutual labels:  splunk
TA ETW
Splunk Technology Add-On (TA) for collecting ETW events from Windows systems
Stars: ✭ 17 (-55.26%)
Mutual labels:  splunk
TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-18.42%)
Mutual labels:  splunk
splunk handler
Python logging handler for sending logs to Splunk Enterprise
Stars: ✭ 44 (+15.79%)
Mutual labels:  splunk
View All Similar Projects ➔

evtx2json

A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.

installation

git clone https://github.com/vavarachen/evtx2json
pip install --user --requirement requirements.txt

Help

$ python evtx2json.py -h
usage: evtx2json.py [--help] [--loglevel {0,10,20,30,40,50}]
                    [--disable_json_tweaks] [--splunk] [--host HOST]
                    [--token TOKEN] [--port PORT] [--proto {http,https}]
                    [--index INDEX] [--source SOURCE]
                    [--sourcetype SOURCETYPE] [--verify]
                    {process_files,process_folder} ...

Convert Windows evtx files to JSON

positional arguments:
  {process_files,process_folder}

optional arguments:
  --help, -h            This help message.
  --loglevel {0,10,20,30,40,50}, -v {0,10,20,30,40,50}
                        Log level
  --disable_json_tweaks
                        Skip customization to time, host, source etc. json
                        fields

Splunk Integration:
  Send JSON output to Splunk

  --splunk              Send JSON output to Splunk
  --host HOST           Splunk host with HEC listener
  --token TOKEN         HEC Token
  --port PORT           Splunk HEC listener port
  --proto {http,https}  Splunk HEC protocol
  --index INDEX         Splunk Index
  --source SOURCE       Event Source. NOTE: Computer name in evtx will
                        overwrite this value
  --sourcetype SOURCETYPE
                        Event Sourcetype
  --verify              SSL certificate verification

process_files module

$ python evtx2json.py process_files --help
usage: evtx2json.py process_files [-h] --files FILES [FILES ...]

optional arguments:
  -h, --help            show this help message and exit

Process evtx files:
  --files FILES [FILES ...], -f FILES [FILES ...]
                        evtx file

process_folder module

$ python evtx2json.py process_folder -h
usage: evtx2json.py process_folder [-h] --folder FOLDER

optional arguments:
  -h, --help       show this help message and exit

Process folder containing evtx files:
  --folder FOLDER  Folder containing evtx files

Usage

Process evtx file(s)

python evtx2json.py process_files --files file1.evtx file2.evtx folder/*.evtx

Process multiple evtx files in a folder

python evtx2json.py process_folder --folder /path/to/evtx_folder

Enable logging to Splunk

python evtx2json.py --splunk --host splunkfw.domain.tld --port 8888 --token BEA33046C-6FEC-4DC0-AC66-4326E58B54C3 \
    process_files -f samples/*.evtx

Enable logging to Splunk but disable JSON modifications

python evtx2json.py --splunk --host splunkfw.domain.tld --port 8888 --token BEA33046C-6FEC-4DC0-AC66-4326E58B54C3 \
    --disable_json_tweaks process_files -f samples/*.evtx

Splunk Output Example

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].