Python bindings for https://github.com/omerbenamram/evtx

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OmerBA from gravatar.com OmerBA

Unverified details

These details have not been verified by PyPI
Meta

Project description

Build Status

pyevtx-rs

Python bindings for https://github.com/omerbenamram/evtx/.

Installation

Available on PyPi - https://pypi.org/project/evtx/.

To install from PyPi - pip install evtx

Wheels

Wheels are currently automatically built for python3.6 python3.7 for all 64-bit platforms (Windows, macOS, and manylinux).

Installation from sources

Installation is possible for other platforms by installing from sources, this requires a nightly rust compiler and setuptools-rust.

Run python setup.py install

Usage

The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.

This will print each record as an XML string.

from evtx import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

And this will print each record as a JSON string.

from evtx.parser import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

File-like objects are also supported.

from evtx.parser import PyEvtxParser


def main():
    a = open("./samples/Security_short_selected.evtx", 'rb')
    
    # io.BytesIO is also supported.
    parser = PyEvtxParser(a)
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OmerBA from gravatar.com OmerBA

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.8.7

0.8.6

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.6.11

0.6.10

This version

0.6.9

0.6.8

0.6.7

0.6.6

0.6.5

0.6.3

0.6.2

0.5.1

0.4.0

0.3.2

0.3.0

0.2.7

0.2.6

0.2.5

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

evtx-0.6.9-cp38-none-win_amd64.whl (691.4 kB view hashes)

Uploaded CPython 3.8 Windows x86-64

evtx-0.6.9-cp38-cp38-manylinux1_x86_64.whl (756.6 kB view hashes)

Uploaded CPython 3.8

evtx-0.6.9-cp38-cp38-macosx_10_7_x86_64.whl (689.1 kB view hashes)

Uploaded CPython 3.8 macOS 10.7+ x86-64

evtx-0.6.9-cp37-cp37m-manylinux1_x86_64.whl (756.6 kB view hashes)

Uploaded CPython 3.7m

evtx-0.6.9-cp37-cp37m-macosx_10_7_x86_64.whl (689.1 kB view hashes)

Uploaded CPython 3.7m macOS 10.7+ x86-64

evtx-0.6.9-cp36-cp36m-manylinux1_x86_64.whl (756.9 kB view hashes)

Uploaded CPython 3.6m

evtx-0.6.9-cp36-cp36m-macosx_10_7_x86_64.whl (689.5 kB view hashes)

Uploaded CPython 3.6m macOS 10.7+ x86-64

evtx-0.6.9-cp35-cp35m-manylinux1_x86_64.whl (756.6 kB view hashes)

Uploaded CPython 3.5m

evtx-0.6.9-cp35-cp35m-macosx_10_7_x86_64.whl (688.7 kB view hashes)

Uploaded CPython 3.5m macOS 10.7+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page