Python bindings for https://github.com/omerbenamram/evtx

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OmerBA from gravatar.com OmerBA

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Project description

pyevtx-rs

Python bindings for https://github.com/omerbenamram/evtx/.

Installation

Available on PyPi - https://pypi.org/project/evtx/.

To install from PyPi - pip install evtx

Wheels

Wheels are currently automatically built for Python 3.7+ using abi3 tag (which means they are compatible with all version from 3.7 onwards).

Supported platforms are:

  • Linux x86_64
  • macOS x86_64
  • macOS arm64 (m1)
  • Windows x86_64

Installation from sources

Installation is possible for other platforms by installing from sources.

This requires a Rust compiler and a recent enough Setuptools and Pip.

Run pip install -e .

Usage

The API surface is currently fairly limited (only yields events as XML/JSON documents), but is planned to be expanded in the future.

This will print each record as an XML string.

from evtx import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

And this will print each record as a JSON string.

from evtx.parser import PyEvtxParser


def main():
    parser = PyEvtxParser("./samples/Security_short_selected.evtx")
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

File-like objects are also supported.

from evtx.parser import PyEvtxParser


def main():
    a = open("./samples/Security_short_selected.evtx", 'rb')

    # io.BytesIO is also supported.
    parser = PyEvtxParser(a)
    for record in parser.records_json():
        print(f'Event Record ID: {record["event_record_id"]}')
        print(f'Event Timestamp: {record["timestamp"]}')
        print(record['data'])
        print(f'------------------------------------------')

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OmerBA from gravatar.com OmerBA

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.8.7

0.8.6

0.8.4

This version

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.6.11

0.6.10

0.6.9

0.6.8

0.6.7

0.6.6

0.6.5

0.6.3

0.6.2

0.5.1

0.4.0

0.3.2

0.3.0

0.2.7

0.2.6

0.2.5

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

evtx-0.8.3-cp37-abi3-win_amd64.whl (735.9 kB view hashes)

Uploaded CPython 3.7+ Windows x86-64

evtx-0.8.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.9 MB view hashes)

Uploaded CPython 3.7+ manylinux: glibc 2.17+ x86-64

evtx-0.8.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (2.0 MB view hashes)

Uploaded CPython 3.7+ manylinux: glibc 2.17+ ARM64

evtx-0.8.3-cp37-abi3-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.7+ macOS 11.0+ ARM64

evtx-0.8.3-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl (1.9 MB view hashes)

Uploaded CPython 3.7+ macOS 10.9+ universal2 (ARM64, x86-64) macOS 10.9+ x86-64 macOS 11.0+ ARM64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page