{"id":43921544,"url":"https://github.com/dfir-iris/iris-evtx-module","last_synced_at":"2026-02-06T22:33:41.411Z","repository":{"id":42627383,"uuid":"440097591","full_name":"dfir-iris/iris-evtx-module","owner":"dfir-iris","description":"Example of IRIS module, handling EVTX files","archived":false,"fork":false,"pushed_at":"2024-05-21T19:39:26.000Z","size":29,"stargazers_count":8,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-05-21T20:46:23.951Z","etag":null,"topics":["forensic","incident-response"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dfir-iris.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-20T08:36:26.000Z","updated_at":"2024-05-21T19:38:00.000Z","dependencies_parsed_at":"2023-02-16T00:45:45.449Z","dependency_job_id":null,"html_url":"https://github.com/dfir-iris/iris-evtx-module","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dfir-iris/iris-evtx-module","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-evtx-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-evtx-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-evtx-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-evtx-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dfir-iris","download_url":"https://codeload.github.com/dfir-iris/iris-evtx-module/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-evtx-module/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29179420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T22:12:24.066Z","status":"ssl_error","status_checked_at":"2026-02-06T22:12:09.859Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["forensic","incident-response"],"created_at":"2026-02-06T22:33:39.276Z","updated_at":"2026-02-06T22:33:41.398Z","avatar_url":"https://github.com/dfir-iris.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IrisEVTXModule\n\nAn interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The module is installed on IRIS by default.\nIn case you needed a procedure to install it by yourself, you can follow the one below.\n\n## How to install\n\n### Install evtx2splunk\n\n- Fetch the remote repository AND checkout the branch called `release_irisevtxmodule`\n```\n$ git clone https://github.com/whikernel/evtx2splunk\n$ cd evtx2splunk\n$ git checkout release_irisevtxmodule\n```\n\n- Install its requirements and the package itself in your IRIS Python environment \n```\n$ source /somewhere/iris_venv/bin/activate\n(iris_venv) $ pip install .\n```\n\n- Copy the `evtxdump_binaries` in your IRIS instance\n```\n(iris_venv) $ cp -R ./evtxdump_binaries /better/path/accessible/from/iris/instance/ \n```\n\n- Modify the file `evtxdump_binaries/event_bind.json` accordingly to point to the binaries (prefer absolute path)\n\n### Then install IrisEVTXModule package : iris_evtx\n\n- Fetch the remote repository\n```\n$ git clone https://github.com/Iris-Tim/IrisEVTXModule\n```\n\n- Install iris_evtx module in your IRIS Python environment\n```\n$ source /somewhere/iris_venv/bin/activate\n(iris_venv) $ cd IrisEVTXModule\n(iris_venv) $ pip install .\n```\n\n## How to import in IRIS instance\n\n- Log-in to your IRIS web instance\n- Go to \"Manage\" -\u003e \"Advanced\" -\u003e \"Modules\" configuration page\n- Add Module\n- In the module name text field, set `iris_evtx`\n- If the import was successful, a new line should appear showing a new module named \"Evtx2Splunk\"\n\n## How to configure the module in IRIS instance\n\n- On the Modules page, click on Evtx2Splunk, and configure at least all the necessary fields\n\n## How to use the Evtx2Splunk module\n\n- (Temporary) Restart Iris instance in order to update the available pipelines\n- Go to Manage Case\n- Create or update a case\n- Pick EVTX files, or archive containing EVTX files\n- Set Splunk index and optionnaly a hostname\n- Import\n\n\n## License\n\nThe contents of this repository is available under [LGPL3 license](LICENSE.txt).\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfir-iris%2Firis-evtx-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdfir-iris%2Firis-evtx-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfir-iris%2Firis-evtx-module/lists"}