Sign in Create account

#evtx — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #evtx, aggregated by home.social.

hasamba @[email protected] · 2026-04-29 · 05:51 UTC

----------------
🛠️ Tool
===================
Opening: Tool purpose and capabilities overview
EventLogExpert is a Windows-focused Event Log viewer designed for technical support, IT professionals, and DFIR practitioners. The project emphasizes performance with the ability to load very large .evtx files, support multiple concurrent files, and present an interleaved combined view that helps correlate events across servers.
Key Features
• Fast bulk loading of large .evtx files and concurrent multi-file handling.
• Interleaved combined view for correlating events from multiple hosts in a single timeline.
• Inline event description previews within the table to reduce the need for opening individual records.
• Friendly UI filters via drop-downs and an Advanced Filter option that accepts LINQ expressions for precise querying.
• Ability to create an event database to enable viewing of product-specific logs (for example, Exchange or SQL Server logs) on machines that lack those products.
• Live log viewing mode that functions as a usable replacement for Event Viewer by continuously updating and showing new events in real time.
Technical Implementation (conceptual)
The tool centers on efficient parsing and indexing of .evtx files to support rapid random access and merged timelines. The combined view implies an internal timestamp-based merging mechanism and a lightweight local database capability for normalized event storage and cross-host lookups. The Advanced Filter accepting LINQ suggests .NET-based expression parsing and runtime filtering against in-memory or on-disk event objects.
Use Cases
• Incident responders correlating events across multiple servers to reconstruct timelines.
• Support engineers examining large exported log archives without waiting for slow viewers.
• Administrators wanting a lightweight alternative to Event Viewer with richer filtering and preview capabilities.
Limitations and Considerations
• The project distributes as a Windows package (.msix) and targets Windows 10/11 and Server; runtime requirements and auto-update behavior may vary by OS version.
• Creating and using an event database is useful for portability but may require storage and maintenance considerations depending on scale.
Hashtags
🔹 tool #evtx #eventlogs #forensics
🔗 Source: https://github.com/microsoft/EventLogExpert

#forensics #eventlogs #evtx
Josh Lemon @[email protected] · 2024-09-03 · 05:28 UTC

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.
#DFIR #LinuxForensics #SIEM #CSIRT
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

#linux #logging #evtx #auditd #sysmon #dfir
Josh Lemon @[email protected] · 2024-09-03 · 05:28 UTC

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.
#DFIR #LinuxForensics #SIEM #CSIRT
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

#linux #logging #evtx #auditd #sysmon #dfir
Josh Lemon @[email protected] · 2024-09-03 · 05:28 UTC

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.
#DFIR #LinuxForensics #SIEM #CSIRT
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

#linux #logging #evtx #auditd #sysmon #dfir
Josh Lemon @[email protected] · 2024-09-03 · 05:28 UTC

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.
#DFIR #LinuxForensics #SIEM #CSIRT
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

#csirt #siem #linuxforensics #dfir #sysmon #auditd
Josh Lemon @[email protected] · 2024-09-03 · 05:28 UTC

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.
#DFIR #LinuxForensics #SIEM #CSIRT
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

#linux #logging #evtx #auditd #sysmon #dfir
Security Onion 🧅 @[email protected] · 2023-10-24 · 14:38 UTC

#SecurityOnion 2.4 Feature o' the Day
SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

#securityonion #pcap #evtx
Security Onion 🧅 @[email protected] · 2023-10-24 · 14:38 UTC

#SecurityOnion 2.4 Feature o' the Day
SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

#securityonion #pcap #evtx
Security Onion 🧅 @[email protected] · 2023-10-24 · 14:38 UTC

#SecurityOnion 2.4 Feature o' the Day
SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

#securityonion #pcap #evtx
Security Onion 🧅 @[email protected] · 2023-10-24 · 14:38 UTC

#SecurityOnion 2.4 Feature o' the Day
SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

#evtx #pcap #securityonion
Security Onion 🧅 @[email protected] · 2023-10-24 · 14:38 UTC

#SecurityOnion 2.4 Feature o' the Day
SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

#securityonion #pcap #evtx
Florian Roth @[email protected] · 2022-12-21 · 11:44 UTC

I wrote a guide on how to use our evtx-sigma-checker tool
- applies #Sigma rules to #EVTX files
- outputs JSON
- Linux, macOS, Windows binaries
- blazingly fast (cause it uses our private go-sigma library)
- it's a byproduct of our CI checks
#DFIR
https://gist.github.com/Neo23x0/9eb505a00f7ba591645a6246fa6c5246

#sigma #evtx #dfir
Florian Roth @[email protected] · 2022-12-21 · 11:44 UTC

I wrote a guide on how to use our evtx-sigma-checker tool
- applies #Sigma rules to #EVTX files
- outputs JSON
- Linux, macOS, Windows binaries
- blazingly fast (cause it uses our private go-sigma library)
- it's a byproduct of our CI checks
#DFIR
https://gist.github.com/Neo23x0/9eb505a00f7ba591645a6246fa6c5246

#sigma #evtx #dfir
Florian Roth @[email protected] · 2022-12-21 · 11:44 UTC

I wrote a guide on how to use our evtx-sigma-checker tool
- applies #Sigma rules to #EVTX files
- outputs JSON
- Linux, macOS, Windows binaries
- blazingly fast (cause it uses our private go-sigma library)
- it's a byproduct of our CI checks
#DFIR
https://gist.github.com/Neo23x0/9eb505a00f7ba591645a6246fa6c5246

#dfir #evtx #sigma
Florian Roth @[email protected] · 2022-12-21 · 11:44 UTC

I wrote a guide on how to use our evtx-sigma-checker tool
- applies #Sigma rules to #EVTX files
- outputs JSON
- Linux, macOS, Windows binaries
- blazingly fast (cause it uses our private go-sigma library)
- it's a byproduct of our CI checks
#DFIR
https://gist.github.com/Neo23x0/9eb505a00f7ba591645a6246fa6c5246

#sigma #evtx #dfir