Python bindings for https://github.com/omerbenamram/evtx

Navigation

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT/Apache-2.0)

Author: Omer Ben-Amram <omerbenamram@gmail.com>

Requires: Python >=3.7

Maintainers

Avatar for OmerBA from gravatar.com OmerBA

Classifiers

Project description

pyevtx-rs

Python bindings for https://github.com/omerbenamram/evtx/.

Installation

Available on PyPi - https://pypi.org/project/evtx/.

To install from PyPi - pip install evtx

Wheels

Wheels are currently automatically built for Python 3.7+ using abi3 tag (which means they are compatible with all version from 3.7 onwards).

Supported platforms are:

  • Linux x86_64
  • macOS x86_64
  • macOS arm64 (m1)
  • Windows x86_64

Installation from sources

Installation is possible for other platforms by installing from sources.

This requires a Rust compiler and a recent enough Setuptools and Pip.

Run pip install -e .

Usage

The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.

This will print each record as an XML string.

from evtx import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

And this will print each record as a JSON string.

from evtx.parser import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

File-like objects are also supported.

from evtx.parser import PyEvtxParser


def main():
    a = open("./samples/Security_short_selected.evtx", 'rb')

    # io.BytesIO is also supported.
    parser = PyEvtxParser(a)
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

Project details

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT/Apache-2.0)

Author: Omer Ben-Amram <omerbenamram@gmail.com>

Requires: Python >=3.7

Maintainers

Avatar for OmerBA from gravatar.com OmerBA

Classifiers


Release history Release notifications | RSS feed

This version

0.8.1

0.8.0

0.7.3

0.7.2

0.6.11

0.6.10

0.6.9

0.6.8

0.6.7

0.6.6

0.6.5

0.6.3

0.6.2

0.5.1

0.4.0

0.3.2

0.3.0

0.2.7

0.2.6

0.2.5

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release. See tutorial on generating distribution archives.

Built Distributions

evtx-0.8.1-cp37-abi3-win_amd64.whl (723.1 kB view hashes)

Uploaded cp37

evtx-0.8.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.8 MB view hashes)

Uploaded cp37

evtx-0.8.1-cp37-abi3-macosx_11_0_arm64.whl (1.7 MB view hashes)

Uploaded cp37

evtx-0.8.1-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl (1.7 MB view hashes)

Uploaded cp37

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page