Python bindings for https://github.com/omerbenamram/evtx
Project description
pyevtx-rs
Python bindings for https://github.com/omerbenamram/evtx/
.
Installation
Available on PyPi - https://pypi.org/project/evtx/.
To install from PyPi - pip install evtx
Wheels
Wheels are currently automatically built for python3.6 python3.7 for all 64-bit platforms (Windows, macOS, and manylinux
).
Installation from sources
Installation is possible for other platforms by installing from sources, this requires a nightly rust compiler and setuptools-rust
.
Run python setup.py install
Usage
The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.
This will print each record as an XML string.
from evtx import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
And this will print each record as a JSON string.
from evtx.parser import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
File-like objects are also supported.
from evtx.parser import PyEvtxParser
def main():
a = open("./samples/Security_short_selected.evtx", 'rb')
# io.BytesIO is also supported.
parser = PyEvtxParser(a)
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for evtx-0.6.7-cp38-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b83c6f936218c8da8192bd504251c2e5c2b7233d70f2f39cdf51a51bb9ef9a7a |
|
MD5 | e038ba0649877f1354713b53e64136b6 |
|
BLAKE2b-256 | 352d65316eedecc77dd00b46bf66c153177f3900ad297809999314112f9dd51e |
Hashes for evtx-0.6.7-cp37-cp37m-manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 52d70c5acecdf9e94693b5120ce0dbe373836817d3c9cb9a62317631c4f22e1e |
|
MD5 | 402757baa0d08b08c45e2985864c9399 |
|
BLAKE2b-256 | fa07d9fbfde973114fc89244e58f879edfade701bd90cb5ac9932ef0c295ddd4 |
Hashes for evtx-0.6.7-cp37-cp37m-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c9f36f58990077daa95ce92245fe49b157516c51f58f40d216a95e7f8f806092 |
|
MD5 | fc499e7bff0ffaa838db3bc6724c9c91 |
|
BLAKE2b-256 | e7f8affb972ade3816944e8b62ce5f63ccb1a1f47975f3c2729f208f33fa6562 |
Hashes for evtx-0.6.7-cp36-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 93cc3ad4c7ebcc11c92e7028a9f9bcfff3cd6acb87d87987e563c624b758f2a0 |
|
MD5 | d3cd65046ec563e787fe8cb42751acf4 |
|
BLAKE2b-256 | dd81ad52ed26b9a69248d894ded4be7978943e0e6fd4026c5c227feb56b23b38 |
Hashes for evtx-0.6.7-cp36-cp36m-manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1dcf7e6530a023a4a4dea3ce9454db62ada8f0948d4d62804a5cfb77f230c16b |
|
MD5 | f713a8d181a1a583d711a4414368d9b4 |
|
BLAKE2b-256 | e7d0fe7b512c5345cc57b2b9b354f5cf61aa458947ba0c363ceee7809db28217 |
Hashes for evtx-0.6.7-cp36-cp36m-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b2a57179a46bf8ad1037d95a018079aaa79b9ebf79575b65468533836b6897e4 |
|
MD5 | 7d563f6b6efed69a62fd5d0bdfec7050 |
|
BLAKE2b-256 | ad933189f55f4d4fbfd95ba369b67658dcb2aa9b85a9bd7acbe0e0d4bc2d32a3 |
Hashes for evtx-0.6.7-cp35-cp35m-manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 00b4b72dcfcc25ef315bd1487a51d5f2ccb32507d7ed8d794c5cba82fc7ae4d7 |
|
MD5 | 4701bce2958c6f2499fdc860726162d4 |
|
BLAKE2b-256 | f0cdb445d93e0a4e1f10634dcdc239f6d791c692ae5759402c239dfba7359146 |