APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Cross-Platform Universal Log Viewer.

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs

Search Windows event log and output results to a text file

A Python script that parses CPER-formatted raw data contained in error event log provided by WHEA-Logger

Convert Windows Event Log .evtx files to other formats.

Python 3-based multithreaded Windows Event monitoring program

Console Windows event log viewer

Event Tracing for Windows

Menu-based scanner for Hayabusa intended for scanning mounted images and folders with EVTX files.

Parses and imports a Windows Log File (CSV) into a Microsoft SQL Server Database.

Shows how to write entries to Windows Event Log

The write-up for the Holmes CTF 2025. It goes over each flag with a short explanation.

PowerShell Module for Threat Hunting via Windows Event Logs by Eric Conrad.

Parses and Analyse Authentication on Windows Event Log

Detection engineering lab using Splunk, Sigma, and Windows logs — mapped to MITRE ATT&CK

Purpose: analyze Windows Security Logs using Splunk to develop a behavioral baseline and investigate host activity patterns.

This case study captures a classic example of attacker persistence using a built-in operating system feature: the Windows service framework. Through the lens of Event ID 7045, the attacker installed a background service named WinUpdateHelper, masked to resemble a legitimate update utility.

Observe introduction: building a SIEM with Observe.