https://github.com/abcd1234564499sc/analysisEvtx

解析windows日志文件(.evtx)
https://github.com/abcd1234564499sc/analysisEvtx

Last synced: 3 months ago
JSON representation

解析windows日志文件(.evtx)

• Host: GitHub
• URL: https://github.com/abcd1234564499sc/analysisEvtx
• Owner: abcd1234564499sc
• Created: 2022-03-09T05:28:19.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2022-03-09T08:58:40.000Z (over 2 years ago)
• Last Synced: 2024-06-06T20:03:16.747Z (5 months ago)
• Language: Python
• Size: 11.7 KB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - abcd1234564499sc/analysisEvtx - 解析windows日志文件(.evtx) (Python)

README

        
# analysisEvtx

 

分析windows日志文件（.evtx），通过写定的xml tag值，将对应的日志内容转换为excell，方便进行数据筛选.   

开发语言：python   

主要使用python库：python-evtx    

写定的xml tag值："Provider.Name", "Provider.Guid", "EventID", "Level", "TimeCreated.SystemTime",    

                 "EventRecordID", "Execution.ProcessID", "Execution.ThreadID", "Channel",    

                 "Computer", "ProcessID", "Application", "Direction", "SourceAddress", "SourcePort",    

                 "DestAddress", "DestPort", "Protocol", "RemoteUserID", "RemoteMachineID",    

                 "Security.UserID", "QueryName", "EventSourceName", "Data"    

                 如需修改则修改main.py中__init__函数的requireTagList数组