Python bindings for https://github.com/omerbenamram/evtx
Project description
pyevtx-rs
Python bindings for https://github.com/omerbenamram/evtx/
.
Installation
Available on PyPi - https://pypi.org/project/evtx/.
To install from PyPi - pip install evtx
Wheels
Wheels are currently automatically built for Python 3.6, 3.7, 3.8, 3.9, 3.10 for all 64-bit platforms (Windows, macOS, and manylinux
).
Installation from sources
Installation is possible for other platforms by installing from sources.
This requires a Rust compiler and a recent enough Setuptools and Pip.
Run pip install -e .
Usage
The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.
This will print each record as an XML string.
from evtx import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
And this will print each record as a JSON string.
from evtx.parser import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
File-like objects are also supported.
from evtx.parser import PyEvtxParser
def main():
a = open("./samples/Security_short_selected.evtx", 'rb')
# io.BytesIO is also supported.
parser = PyEvtxParser(a)
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for evtx-0.8.0-pp37-pypy37_pp73-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9575bd7c53fdaabba892f0258ad63db54fd34b2707752bf73d3c2b383a6ebadf |
|
MD5 | 594c879dde9752089ae4b78295ce8bc9 |
|
BLAKE2b-256 | e334d0baa5700d2599c2e4248fce3ae921f650b7f45d7da556844ef9d9b4b18f |
Hashes for evtx-0.8.0-cp310-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2391f4dc256dfaf70f16c750422c51e375f6c0e647cac0546446f18fe24822c3 |
|
MD5 | b5236dccf4b950f55bd890e0b043c7f5 |
|
BLAKE2b-256 | 34f1e3ec5569d2b77e603dd1741faf96b9716d53216a81e77c6869f885f20ba1 |
Hashes for evtx-0.8.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1fd51d22e14f66e673ee3c2046eefd11b673f27494b5ee1c9e5df2d655b5f5c9 |
|
MD5 | 6efd74ff8e3c0c534b1a5e742f2576fc |
|
BLAKE2b-256 | 62263a56502de64769e7cbb2033f0b49e22d30df892b85c46df7d8796e1698c3 |
Hashes for evtx-0.8.0-cp310-cp310-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 260b0a69d34b9796d11c3623fe3adaf3a333496ada4f65cdad00b91e541ca058 |
|
MD5 | d4f6af95eb814c660548b763147a4306 |
|
BLAKE2b-256 | 72c37072561c9e3195dd32c8b050652a6c9a96c3984b369638b9e9e19ea7d200 |
Hashes for evtx-0.8.0-cp310-cp310-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 49e5e504528336f1282021fcb9048abbb1d8bb552eacde1ed23184b487f6afad |
|
MD5 | 4f2fca43431447d8aa9d072bf427a63f |
|
BLAKE2b-256 | 4bb9613e42393108d3fc49961c49a98f7719bb066f9003b3b9029cf98ff5030f |
Hashes for evtx-0.8.0-cp39-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 61563b5202fdc297b8fa5ef1952ff91b7021ff7b90292f88ecd87689d25d6f84 |
|
MD5 | 8db9660b40e0d5f04f702c98f613b72e |
|
BLAKE2b-256 | 04c7b3fe84a6083b27d96e7c0ed120af4edbe254fd0c70cada4aab65aa2672f6 |
Hashes for evtx-0.8.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ad0d1458857f9a2836d9d91d66020165f073991576253e7e71e3921e9b25f1ba |
|
MD5 | c99b77746d6c610b02619276e66a0a75 |
|
BLAKE2b-256 | 70e0db6faf1154d59e4b29ee0607fc44a6f37c9440a5489311897f26c4a7d499 |
Hashes for evtx-0.8.0-cp39-cp39-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 925b80f93460967fa12d8eca9965dd2165ecc2f14b63bb8964c0219f79120f6c |
|
MD5 | 1c60dd549fcf7f3f3d02afc823612e4b |
|
BLAKE2b-256 | 2a4e6e1fecab38d172361b7af298f4ac17b6b034719ee737df983ac8d093a5f2 |
Hashes for evtx-0.8.0-cp39-cp39-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 25a76ab37fedb3724a27b7447ef7935a75f2a82719d013c43868e5339965091a |
|
MD5 | 48bc97bea9d5bf569948047478b687a4 |
|
BLAKE2b-256 | 9f1d4ae2a0eee009a1a7a74bcbdc8c5528215106ee811896e5f57465b27793b5 |
Hashes for evtx-0.8.0-cp38-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b0d118c22f9545bb97dadbdab887899999af87480fb699e8e0d9e8070abe95a2 |
|
MD5 | dd8452cd3291a160c9611976a52b4b09 |
|
BLAKE2b-256 | 55df7e1a2aefb841bcb0b7ae4f2126fb826e7b97dd5a4690aa4df2aa539a0c40 |
Hashes for evtx-0.8.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 82cde569fc674659aff776585a698ff756f90630e8768bbc2a9cbc36d8ae300d |
|
MD5 | 02dc432d60c548991d89492dc2631116 |
|
BLAKE2b-256 | c2c6f27f4949fa49d9db7a1e06d121c71ade1f33846b8b798580e5a3676777bb |
Hashes for evtx-0.8.0-cp38-cp38-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 807d0c32218a04a0a18045b3fba63da8a38cc2782f50a87c1daff99c9cc69405 |
|
MD5 | b117de65887764990a0e2381dc8354de |
|
BLAKE2b-256 | a17596efa26c5815654456a784029846333d7a4d7dedbcf521e70f8c78135471 |
Hashes for evtx-0.8.0-cp38-cp38-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8a34722c2b0f2b4ac5fc5722f02a19df60b0ce6f5f1d27fd72834b3273a34d73 |
|
MD5 | fe064b5c868aa84bc28b97232cc02b3e |
|
BLAKE2b-256 | 33f1ecd2d2427bf264937211d426b789d6b5de0de75bf6195ec3b65c5a7d8963 |
Hashes for evtx-0.8.0-cp37-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 629c07d5a188a688a3059b6ead888f647f29de5f85fae1303440dfc579f55c10 |
|
MD5 | ec347eb2a07773376a1511f47136a185 |
|
BLAKE2b-256 | 3993c13aff7a0dd41d73d4a7d62698cbcb6306abe554755f9a9e57866b3bdc4f |
Hashes for evtx-0.8.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | dd391f439b4eb040376798800384d59d0d1229a3797dad3cb1476c4fc0606859 |
|
MD5 | 6139d587397afbc8169aa7169a51aa55 |
|
BLAKE2b-256 | 425fd682746709099a0ce16f386b53c93aeabc49e9a756c266e620d839a5c399 |
Hashes for evtx-0.8.0-cp37-cp37m-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1e9b97e9b5fc7b651513aa497e7f97ae0c258ccf624ede7a2ed76eb728cc8815 |
|
MD5 | bf611810ef41b75c2ae51e2f444c8717 |
|
BLAKE2b-256 | bab9f1e712c40bcdcfc03675e348d61afd7e4fd3e98be52793872f3a18fc2721 |
Hashes for evtx-0.8.0-cp37-cp37m-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 15c15509fe387e23744f3c9d445d39ee8c00ac295ee50fa1c9f8d6f50a965a84 |
|
MD5 | 3330fc476cbd34d2296c599ace9a849e |
|
BLAKE2b-256 | 27b4ee4b6b2ee0b46d29e58ed7b07bf456c76ed1ed7f635e804787f5de9c92ec |