Security

EVTX NOM

EVTX NOM is a Windows event log (evtx) ingest python script for Elasticsearch or Splunk. Event message string reconstruction and optional mappings. Was created based on experience of having to quickly deal with large volumes of EVTX files with some enrichment to help analysis vs the bare XML fields.