├── CMakeLists.txt
├── LICENSE
├── README.md
├── Splunk-ETW
    ├── CMakeLists.txt
    ├── README
    │   └── inputs.conf.spec
    ├── default
    │   └── app.conf
    ├── src
    │   ├── ETWWriter.cs
    │   ├── Forwarder.cs
    │   ├── Manifest.cs
    │   ├── ManifestParser.cs
    │   ├── NullParser.cs
    │   ├── Parser.cs
    │   ├── ProviderGuid.cs
    │   ├── SplunkETW.cs
    │   ├── TraceLoggingParser.cs
    │   └── TraceManager.cs
    ├── test
    │   ├── EventRecord.cs
    │   ├── Forwarder.cs
    │   ├── ManifestParser.cs
    │   ├── NullParser.cs
    │   ├── ProviderGuid.cs
    │   ├── TestWriter.cs
    │   ├── TraceLoggingParser.cs
    │   └── TraceManager.cs
    └── third_party
    │   ├── Microsoft.Diagnostics.Tracing.TraceEvent
    │       ├── Dia2Lib.dll
    │       ├── Microsoft.Diagnostics.FastSerialization.dll
    │       ├── Microsoft.Diagnostics.FastSerialization.xml
    │       ├── Microsoft.Diagnostics.Tracing.TraceEvent.dll
    │       ├── Microsoft.Diagnostics.Tracing.TraceEvent.xml
    │       ├── OSExtensions.dll
    │       └── TraceReloggerLib.dll
    │   ├── Microsoft.O365.Security.Native.ETW
    │       ├── Microsoft.O365.Security.Native.ETW.dll
    │       ├── Microsoft.O365.Security.Native.ETW.pdb
    │       └── Microsoft.O365.Security.Native.ETW.xml
    │   ├── Newtonsoft.Json
    │       ├── Newtonsoft.Json.dll
    │       └── Newtonsoft.Json.xml
    │   ├── Splunk.Client
    │       └── Splunk.Client.dll
    │   ├── Splunk.ModularInputs
    │       └── Splunk.ModularInputs.dll
    │   └── ini-parser
    │       └── INIFileParser.dll
└── profile
    └── cert.ini


/CMakeLists.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/CMakeLists.txt


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/README.md


--------------------------------------------------------------------------------
/Splunk-ETW/CMakeLists.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/CMakeLists.txt


--------------------------------------------------------------------------------
/Splunk-ETW/README/inputs.conf.spec:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/README/inputs.conf.spec


--------------------------------------------------------------------------------
/Splunk-ETW/default/app.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/default/app.conf


--------------------------------------------------------------------------------
/Splunk-ETW/src/ETWWriter.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/ETWWriter.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/Forwarder.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/Forwarder.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/Manifest.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/Manifest.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/ManifestParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/ManifestParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/NullParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/NullParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/Parser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/Parser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/ProviderGuid.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/ProviderGuid.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/SplunkETW.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/SplunkETW.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/TraceLoggingParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/TraceLoggingParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/src/TraceManager.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/src/TraceManager.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/EventRecord.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/EventRecord.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/Forwarder.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/Forwarder.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/ManifestParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/ManifestParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/NullParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/NullParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/ProviderGuid.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/ProviderGuid.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/TestWriter.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/TestWriter.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/TraceLoggingParser.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/TraceLoggingParser.cs


--------------------------------------------------------------------------------
/Splunk-ETW/test/TraceManager.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/test/TraceManager.cs


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Dia2Lib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Dia2Lib.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.FastSerialization.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.FastSerialization.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.FastSerialization.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.FastSerialization.xml


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.Tracing.TraceEvent.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.Tracing.TraceEvent.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.Tracing.TraceEvent.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/Microsoft.Diagnostics.Tracing.TraceEvent.xml


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/OSExtensions.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/OSExtensions.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/TraceReloggerLib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.Diagnostics.Tracing.TraceEvent/TraceReloggerLib.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.pdb


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Microsoft.O365.Security.Native.ETW/Microsoft.O365.Security.Native.ETW.xml


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Newtonsoft.Json/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Newtonsoft.Json/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Newtonsoft.Json/Newtonsoft.Json.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Newtonsoft.Json/Newtonsoft.Json.xml


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Splunk.Client/Splunk.Client.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Splunk.Client/Splunk.Client.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/Splunk.ModularInputs/Splunk.ModularInputs.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/Splunk.ModularInputs/Splunk.ModularInputs.dll


--------------------------------------------------------------------------------
/Splunk-ETW/third_party/ini-parser/INIFileParser.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/Splunk-ETW/third_party/ini-parser/INIFileParser.dll


--------------------------------------------------------------------------------
/profile/cert.ini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/airbus-cert/Splunk-ETW/HEAD/profile/cert.ini


--------------------------------------------------------------------------------