converts Windows Event Logs (EVTX) into pandas DataFrames / CSV files

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hansalemao from gravatar.com hansalemao

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

converts Windows Event Logs (EVTX) into pandas DataFrames / CSV files

pip install evtx2df

Tested against Windows 10 / Python 3.10 / Anaconda

This script provides a convenient way to convert EVTX data into a structured DataFrame format using Pandas, which can facilitate further data analysis, exploration, and visualization.

To extract strings from individual files:

# Converts evtx into csv from the command line:
python path_to_the_package\__init__.py "C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx" "C:\Microsoft-Windows-AppReadinessAdmin.csv"

# as well as in a python script, and ...
from evtx2df import dataframe_from_evtx
df = dataframe_from_evtx(
    evtx_file_path=r"C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx"
)


print(df[19:25].to_string())
                                                 aa_value aa_key_0     aa_key_1     aa_key_2     aa_key_3    aa_key_4  aa_event_record_id                     aa_timestamp aa_kind_of_event
19                                                      1    Event       System         Task         <NA>        <NA>                1298 2023-03-25 03:07:30.497541+00:00             <NA>
20                            2023-03-25T03:07:30.497541Z    Event       System  TimeCreated  #attributes  SystemTime                1298 2023-03-25 03:07:30.497541+00:00             <NA>
21                                                      0    Event       System      Version         <NA>        <NA>                1298 2023-03-25 03:07:30.497541+00:00             <NA>
22  http://schemas.microsoft.com/win/2004/08/events/event    Event  #attributes        xmlns         <NA>        <NA>                1297 2023-03-25 03:07:30.497538+00:00             <NA>
23                                                     72    Event    EventData    TaskCount         <NA>        <NA>                1297 2023-03-25 03:07:30.497538+00:00             <NA>
24         install::Microsoft.MicrosoftEdge_8wekyb3d8bbwe    Event    EventData       TaskId         <NA>        <NA>                1297 2023-03-25 03:07:30.497538+00:00             <NA>

# ... finds all evtx files on your HDD

evtxdf=list_all_evtx_files_in_path(hdd='c:\\')

print(evtxdf[11:15].to_string())
                                                                       aa_path                                     aa_name                     aa_path_only   aa_size  aa_size_on_disk              aa_created         aa_last_written        aa_last_accessed  aa_descendents  aa_read_only  aa_archive  aa_system  aa_hidden  aa_offline  aa_not_content_indexed_file  aa_no_scrub_file  aa_integrity  aa_pinned  aa_unpinned  aa_directory_flag  aa_compressed  aa_encrypted  aa_sparse  aa_reparse  aa_attributes
11                          C:\Windows\System32\winevt\Logs\Visual Studio.evtx                          Visual Studio.evtx  C:\Windows\System32\winevt\Logs     69632            69632  b'2023-03-30 19:39:28'  b'2023-03-31 19:54:38'  b'2023-03-31 19:54:38'               0             0           1          0          0           0                            0                 0             0          0            0                  0              0             0          0           0             32
12                      C:\Windows\System32\winevt\Logs\Squid Service Log.evtx                      Squid Service Log.evtx  C:\Windows\System32\winevt\Logs     69632            69632  b'2023-03-25 05:52:15'  b'2023-03-25 12:53:59'  b'2023-03-25 12:53:59'               0             0           1          0          0           0                            0                 0             0          0            0                  0              0             0          0           0             32
13  C:\Windows\System32\winevt\Logs\Microsoft-Windows-Sysmon%4Operational.evtx  Microsoft-Windows-Sysmon%4Operational.evtx  C:\Windows\System32\winevt\Logs  18944000         18944000  b'2023-05-17 23:15:01'  b'2023-05-18 00:59:07'  b'2023-05-18 00:59:07'               0             0           1          0          0           0                            0                 0             0          0            0                  0              0             0          0           0             32
14                                  C:\Windows\System32\winevt\Logs\State.evtx                                  State.evtx  C:\Windows\System32\winevt\Logs     69632            69632  b'2023-03-24 23:46:26'  b'2023-03-25 00:06:45'  b'2023-03-25 00:06:45'               0             0           1          0          0           0                            0                 0             0          0            0                  0              0             0          0           0             32

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hansalemao from gravatar.com hansalemao

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.10

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

evtx2df-0.10.tar.gz (12.9 kB view details)

Uploaded Source

Built Distribution

evtx2df-0.10-py3-none-any.whl (13.0 kB view details)

Uploaded Python 3

File details

Details for the file evtx2df-0.10.tar.gz.

File metadata

  • Download URL: evtx2df-0.10.tar.gz
  • Upload date:
  • Size: 12.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.10

File hashes

Hashes for evtx2df-0.10.tar.gz
Algorithm Hash digest
SHA256 e7aa33eda4c499d525ae925d0930abe8afa0ba2eec4f50e3710439ed8b4edccd
MD5 83d0d4abec92103d29c6b6560c06b62a
BLAKE2b-256 5aff34c44fc8dad59c9860c36b64e7d305c38b081d195566fc7312f4d64fde47

See more details on using hashes here.

File details

Details for the file evtx2df-0.10-py3-none-any.whl.

File metadata

  • Download URL: evtx2df-0.10-py3-none-any.whl
  • Upload date:
  • Size: 13.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.10

File hashes

Hashes for evtx2df-0.10-py3-none-any.whl
Algorithm Hash digest
SHA256 b536ce183610ebcc0ce270e216d7befc9ae1b1a9c4257fffd07c37a186ba3987
MD5 15053f7d2e563228b2efa11bfdea8f91
BLAKE2b-256 393724da68e7f658ebc875632b023da0661e378c6cf71fa0e2785b12cb2b78ee

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page