Python bindings for https://github.com/omerbenamram/evtx

Project description

pyevtx-rs

Python bindings for https://github.com/omerbenamram/evtx/.

Installation

Available on PyPi - https://pypi.org/project/evtx/.

To install from PyPi - pip install evtx

Wheels

Wheels are currently automatically built for python 3.6,3.7,3.8,3.9 for all 64-bit platforms (Windows, macOS, and manylinux).

Installation from sources

Installation is possible for other platforms by installing from sources, this requires a rust compiler and setuptools-rust.

Run python setup.py install

Usage

The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.

This will print each record as an XML string.

from evtx import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

And this will print each record as a JSON string.

from evtx.parser import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

File-like objects are also supported.

from evtx.parser import PyEvtxParser


def main():
    a = open("./samples/Security_short_selected.evtx", 'rb')

    # io.BytesIO is also supported.
    parser = PyEvtxParser(a)
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

Project details

Release history Release notifications | RSS feed

This version

0.7.2

Jul 9, 2021

0.6.11

Oct 1, 2020

0.6.10

Jul 13, 2020

0.6.9

Jul 13, 2020

0.6.8

Jun 28, 2020

0.6.7

Jun 28, 2020

0.6.6

Jan 22, 2020

0.6.5

Jan 14, 2020

0.6.3

Jan 11, 2020

0.6.2

Dec 17, 2019

0.5.1

Oct 30, 2019

0.4.0

Jun 2, 2019

0.3.2

May 20, 2019

0.3.0

May 15, 2019

0.2.7

May 4, 2019

0.2.6

May 4, 2019

0.2.5

May 3, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for evtx, version 0.7.2
Filename, size	File type	Python version	Upload date	Hashes
Filename, size evtx-0.7.2-cp39-none-win_amd64.whl (672.7 kB)	File type Wheel	Python version cp39	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl (756.6 kB)	File type Wheel	Python version cp39	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl (711.0 kB)	File type Wheel	Python version cp39	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp38-none-win_amd64.whl (672.7 kB)	File type Wheel	Python version cp38	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl (754.5 kB)	File type Wheel	Python version cp38	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl (711.0 kB)	File type Wheel	Python version cp38	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp37-none-win_amd64.whl (672.7 kB)	File type Wheel	Python version cp37	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl (754.5 kB)	File type Wheel	Python version cp37	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl (711.1 kB)	File type Wheel	Python version cp37	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp36-none-win_amd64.whl (672.7 kB)	File type Wheel	Python version cp36	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl (756.8 kB)	File type Wheel	Python version cp36	Upload date Jul 9, 2021	Hashes View
Filename, size evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl (711.1 kB)	File type Wheel	Python version cp36	Upload date Jul 9, 2021	Hashes View

Hashes for evtx-0.7.2-cp39-none-win_amd64.whl

Hashes for evtx-0.7.2-cp39-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`7ba3cbb1b416a1c81e0629c400655ef79668265accaef358db05acae469092fe`
MD5	`eb3188d6c3b3bf49abd5aa7f173de5cc`
BLAKE2-256	`37e8fd2fe146c70fc2acd11e9d37b7dac7f1433b33270c16dafc701baa1c27dd`

Hashes for evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`7860efe4d6ab656ad2f34282424cfc5fb3617a85ce258c23f8c152f36dcb285e`
MD5	`56457e02d2075399bfa9bb478c4ee3ec`
BLAKE2-256	`fe7e8a750a6664fa729b6be406ef47e533f06344c62bf31950deafe1f5f780a1`

Hashes for evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`e6c70f131d8cd2f3924558e1353af26526c7f2f0e8b995fc46c8c8a3295455dc`
MD5	`c214a2472955471fe7b89382ccc11d0f`
BLAKE2-256	`82b19196a4c5891ee4804ef2415c6e52e381c738329ab6fbfc5f181a46b96e59`

Hashes for evtx-0.7.2-cp38-none-win_amd64.whl

Hashes for evtx-0.7.2-cp38-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`2e0ea37f8959e29332fa1603cf133b88592d47c3d09ac5e4e3f5482ab34efed2`
MD5	`94e8d00c826611aedf992aeb6b8f5e1b`
BLAKE2-256	`7750c75a94c6c164119ea77269c260739c7db22a0a3bff6b18627a18e3e6d0c1`

Hashes for evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`8a6ca51697ff58e17e048479bff87525c4cff17be54f24a889381e9699e68f20`
MD5	`ee463ab8a6c7b6b68f5f5e27f485a97a`
BLAKE2-256	`9bd3c805e6634e51c61c862587148d5547c516e49ffdc56e038005d4f5478054`

Hashes for evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`dcbc0288fead6ab38624b0bd0681daf294746fd45c10759396de5f7d66dec01c`
MD5	`b74d850ebc345db6ae297cc6f05b9a88`
BLAKE2-256	`1c60d1520b22f1852677098ef79f9a258f36accc6cb065bf19a2a9e2db59564d`

Hashes for evtx-0.7.2-cp37-none-win_amd64.whl

Hashes for evtx-0.7.2-cp37-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`48485fe7c643ce9e615467677fcced59bdb22148ffa0d325901e9f4aa4ff761d`
MD5	`f85c1734121f8ef1dc55374a013aa72f`
BLAKE2-256	`fcc6cf1f123c1a444adac081bae8d5ea623fa33ba71aee62a8902f24ee458f85`

Hashes for evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`0d05552bdfeefb97c439f105da6b62863eea2d4ec4e78893b408452cfe0f56bd`
MD5	`18b160b7158478d33ab8327030bb21a4`
BLAKE2-256	`81be9fe0963d899261bf2a6bf17739034cf05c559f6e96b60da911444ba1a069`

Hashes for evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`3923968aceaf7bef727ee31a083fd0724f0ef2d2514badb4e5c215342c695721`
MD5	`ef1de07d6f0f5fd8bab2ca3cb8bb87e6`
BLAKE2-256	`14fd4d78f7ba8622b5fac12930f7e013f9ceafc942305e693100e9d4f857b607`

Hashes for evtx-0.7.2-cp36-none-win_amd64.whl

Hashes for evtx-0.7.2-cp36-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`f2348a55e500a74d587bc9915bdb8af83d063293f6f56e5f9be697ff88bbcd9c`
MD5	`455e31843aca359928f3d5d1b2d8efca`
BLAKE2-256	`fa5f8d0c0a1fe0be0ed5ebaa1cf44ff510a677a8f29d80ed0ff3ed7ed1bd6fed`

Hashes for evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`89adcca7a24eecd14eff49648b5f2f322802aebad6d51ad71493707c62019065`
MD5	`70804be85ade9500182e63d1f6034535`
BLAKE2-256	`6764f359236c8700387dd2711a7f59a16467b02e7a8bcd1a098d8794a5c590b3`

Hashes for evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`17d4c0833a0cc5e68153d03816576d5d629cc1d63aa96ff5ecd2aaacf07fe10b`
MD5	`e5ddc259b07bba2e288e98277050cb41`
BLAKE2-256	`653f68822c35e19cd76448cb71bd63cb95b77bd969392f805a5e14fbcd057cc2`