Python bindings for https://github.com/omerbenamram/evtx

Project description

pyevtx-rs

Python bindings for https://github.com/omerbenamram/evtx/.

Installation

Available on PyPi - https://pypi.org/project/evtx/.

To install from PyPi - pip install evtx

Wheels

Wheels are currently automatically built for python 3.6,3.7,3.8,3.9 for all 64-bit platforms (Windows, macOS, and manylinux).

Installation from sources

Installation is possible for other platforms by installing from sources, this requires a rust compiler and setuptools-rust.

Run python setup.py install

Usage

The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.

This will print each record as an XML string.

from evtx import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

And this will print each record as a JSON string.

from evtx.parser import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

File-like objects are also supported.

from evtx.parser import PyEvtxParser


def main():
    a = open("./samples/Security_short_selected.evtx", 'rb')

    # io.BytesIO is also supported.
    parser = PyEvtxParser(a)
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

Project details

Release history Release notifications | RSS feed

0.8.2

Feb 18, 2023

0.8.1

Oct 2, 2022

0.8.0

Aug 31, 2022

0.7.3

Feb 13, 2022

This version

0.7.2

Jul 9, 2021

0.6.11

Oct 1, 2020

0.6.10

Jul 13, 2020

0.6.9

Jul 13, 2020

0.6.8

Jun 28, 2020

0.6.7

Jun 28, 2020

0.6.6

Jan 22, 2020

0.6.5

Jan 14, 2020

0.6.3

Jan 11, 2020

0.6.2

Dec 17, 2019

0.5.1

Oct 30, 2019

0.4.0

Jun 2, 2019

0.3.2

May 20, 2019

0.3.0

May 15, 2019

0.2.7

May 4, 2019

0.2.6

May 4, 2019

0.2.5

May 3, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release. See tutorial on generating distribution archives.

Built Distributions

evtx-0.7.2-cp39-none-win_amd64.whl (672.7 kB view hashes)

Uploaded Jul 9, 2021 cp39

evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl (756.6 kB view hashes)

Uploaded Jul 9, 2021 cp39

evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl (711.0 kB view hashes)

Uploaded Jul 9, 2021 cp39

evtx-0.7.2-cp38-none-win_amd64.whl (672.7 kB view hashes)

Uploaded Jul 9, 2021 cp38

evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl (754.5 kB view hashes)

Uploaded Jul 9, 2021 cp38

evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl (711.0 kB view hashes)

Uploaded Jul 9, 2021 cp38

evtx-0.7.2-cp37-none-win_amd64.whl (672.7 kB view hashes)

Uploaded Jul 9, 2021 cp37

evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl (754.5 kB view hashes)

Uploaded Jul 9, 2021 cp37

evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl (711.1 kB view hashes)

Uploaded Jul 9, 2021 cp37

evtx-0.7.2-cp36-none-win_amd64.whl (672.7 kB view hashes)

Uploaded Jul 9, 2021 cp36

evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl (756.8 kB view hashes)

Uploaded Jul 9, 2021 cp36

evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl (711.1 kB view hashes)

Uploaded Jul 9, 2021 cp36

Hashes for evtx-0.7.2-cp39-none-win_amd64.whl

Hashes for evtx-0.7.2-cp39-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`7ba3cbb1b416a1c81e0629c400655ef79668265accaef358db05acae469092fe`
MD5	`eb3188d6c3b3bf49abd5aa7f173de5cc`
BLAKE2b-256	`37e8fd2fe146c70fc2acd11e9d37b7dac7f1433b33270c16dafc701baa1c27dd`

Hashes for evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp39-cp39-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`7860efe4d6ab656ad2f34282424cfc5fb3617a85ce258c23f8c152f36dcb285e`
MD5	`56457e02d2075399bfa9bb478c4ee3ec`
BLAKE2b-256	`fe7e8a750a6664fa729b6be406ef47e533f06344c62bf31950deafe1f5f780a1`

Hashes for evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp39-cp39-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`e6c70f131d8cd2f3924558e1353af26526c7f2f0e8b995fc46c8c8a3295455dc`
MD5	`c214a2472955471fe7b89382ccc11d0f`
BLAKE2b-256	`82b19196a4c5891ee4804ef2415c6e52e381c738329ab6fbfc5f181a46b96e59`

Hashes for evtx-0.7.2-cp38-none-win_amd64.whl

Hashes for evtx-0.7.2-cp38-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`2e0ea37f8959e29332fa1603cf133b88592d47c3d09ac5e4e3f5482ab34efed2`
MD5	`94e8d00c826611aedf992aeb6b8f5e1b`
BLAKE2b-256	`7750c75a94c6c164119ea77269c260739c7db22a0a3bff6b18627a18e3e6d0c1`

Hashes for evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp38-cp38-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`8a6ca51697ff58e17e048479bff87525c4cff17be54f24a889381e9699e68f20`
MD5	`ee463ab8a6c7b6b68f5f5e27f485a97a`
BLAKE2b-256	`9bd3c805e6634e51c61c862587148d5547c516e49ffdc56e038005d4f5478054`

Hashes for evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp38-cp38-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`dcbc0288fead6ab38624b0bd0681daf294746fd45c10759396de5f7d66dec01c`
MD5	`b74d850ebc345db6ae297cc6f05b9a88`
BLAKE2b-256	`1c60d1520b22f1852677098ef79f9a258f36accc6cb065bf19a2a9e2db59564d`

Hashes for evtx-0.7.2-cp37-none-win_amd64.whl

Hashes for evtx-0.7.2-cp37-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`48485fe7c643ce9e615467677fcced59bdb22148ffa0d325901e9f4aa4ff761d`
MD5	`f85c1734121f8ef1dc55374a013aa72f`
BLAKE2b-256	`fcc6cf1f123c1a444adac081bae8d5ea623fa33ba71aee62a8902f24ee458f85`

Hashes for evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp37-cp37m-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`0d05552bdfeefb97c439f105da6b62863eea2d4ec4e78893b408452cfe0f56bd`
MD5	`18b160b7158478d33ab8327030bb21a4`
BLAKE2b-256	`81be9fe0963d899261bf2a6bf17739034cf05c559f6e96b60da911444ba1a069`

Hashes for evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp37-cp37m-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`3923968aceaf7bef727ee31a083fd0724f0ef2d2514badb4e5c215342c695721`
MD5	`ef1de07d6f0f5fd8bab2ca3cb8bb87e6`
BLAKE2b-256	`14fd4d78f7ba8622b5fac12930f7e013f9ceafc942305e693100e9d4f857b607`

Hashes for evtx-0.7.2-cp36-none-win_amd64.whl

Hashes for evtx-0.7.2-cp36-none-win_amd64.whl
Algorithm	Hash digest
SHA256	`f2348a55e500a74d587bc9915bdb8af83d063293f6f56e5f9be697ff88bbcd9c`
MD5	`455e31843aca359928f3d5d1b2d8efca`
BLAKE2b-256	`fa5f8d0c0a1fe0be0ed5ebaa1cf44ff510a677a8f29d80ed0ff3ed7ed1bd6fed`

Hashes for evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl

Hashes for evtx-0.7.2-cp36-cp36m-manylinux_2_24_x86_64.whl
Algorithm	Hash digest
SHA256	`89adcca7a24eecd14eff49648b5f2f322802aebad6d51ad71493707c62019065`
MD5	`70804be85ade9500182e63d1f6034535`
BLAKE2b-256	`6764f359236c8700387dd2711a7f59a16467b02e7a8bcd1a098d8794a5c590b3`

Hashes for evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl

Hashes for evtx-0.7.2-cp36-cp36m-macosx_10_7_x86_64.whl
Algorithm	Hash digest
SHA256	`17d4c0833a0cc5e68153d03816576d5d629cc1d63aa96ff5ecd2aaacf07fe10b`
MD5	`e5ddc259b07bba2e288e98277050cb41`
BLAKE2b-256	`653f68822c35e19cd76448cb71bd63cb95b77bd969392f805a5e14fbcd057cc2`