Python bindings for https://github.com/omerbenamram/evtx
Project description
pyevtx-rs
Python bindings for https://github.com/omerbenamram/evtx/
.
Installation
Available on PyPi - https://pypi.org/project/evtx/.
To install from PyPi - pip install evtx
Wheels
Wheels are currently automatically built for Python 3.7+ using abi3 tag (which means they are compatible with all version from 3.7 onwards).
Supported platforms are:
- Linux x86_64
- macOS x86_64
- macOS arm64 (m1)
- Windows x86_64
Installation from sources
Installation is possible for other platforms by installing from sources.
This requires a Rust compiler and a recent enough Setuptools and Pip.
Run pip install -e .
Usage
The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.
This will print each record as an XML string.
from evtx import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
And this will print each record as a JSON string.
from evtx.parser import PyEvtxParser
def main():
parser = PyEvtxParser("./samples/Security_short_selected.evtx")
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
File-like objects are also supported.
from evtx.parser import PyEvtxParser
def main():
a = open("./samples/Security_short_selected.evtx", 'rb')
# io.BytesIO is also supported.
parser = PyEvtxParser(a)
for record in parser.records_json():
print(f'Event Record ID: {record["event_record_id"]}')
print(f'Event Timestamp: {record["timestamp"]}')
print(record['data'])
print(f'------------------------------------------')
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for evtx-0.8.1-cp37-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c0bed71c7cb92369d2ff126fe10867786fee63fe8ddbfce62e9c1c57da149bbb |
|
MD5 | fa011b7a0e249c8be2d66382fc2aa60b |
|
BLAKE2b-256 | 1bacb7011d433be15cd8aae2dfc74f216a9f86e503b535a99ebd037e6d3f9f79 |
Hashes for evtx-0.8.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a00a193d59ec4916effe6dd82623c93d03077ab699b837932f3ed4bd74c3c742 |
|
MD5 | 3c033eefbabd203b3001bf7d3febac39 |
|
BLAKE2b-256 | bde5a872b54529b27a3655194b1866a3c4d69025221c0adacab7d3d9a4f8d492 |
Hashes for evtx-0.8.1-cp37-abi3-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a558e9d2b75b881509f2a8eabcf07ead502b657fb16b0fa03cdd9bad182af6f6 |
|
MD5 | f4bcf97d8c7dd27327d50a4e27e52fc6 |
|
BLAKE2b-256 | 21eb0d69d15b41ae87326adb75cd09d593d3283f6ba2355489c819c0c05d49c8 |
Hashes for evtx-0.8.1-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 91840951e2fa74e30c0efa1f91b5afab38214aeb4238ede9601b3ba369450ba3 |
|
MD5 | a5aab0e51c352ab599e5ca22f8a6b36a |
|
BLAKE2b-256 | c2d554b7b003c6b65076750a7587bf10155e601b3900d2eb52e16ab901a85dca |