├── .gitignore ├── LICENSE ├── README.md ├── chart ├── chart.go ├── configuration.go ├── statistics.go └── struct.go ├── cmd └── EvtxHussar │ └── EvtxHussar.go ├── common ├── art.go ├── common.go ├── const.go ├── evtx.go ├── extractors.go ├── logging.go ├── path_manipulation.go ├── socket_parser.go ├── structures.go ├── time.go └── xor.go ├── engine ├── engine.go ├── layer1.go ├── layer2.go └── logic.go ├── eventmap ├── attrib_extraction.go └── event_map.go ├── evtxhussar_chart_demo.gif ├── go.mod ├── go.sum ├── icon ├── icons8-forensics-96.ico ├── icons8-forensics-96.png └── readme.txt ├── maps ├── AV_SymantecNetworkProtection.yaml ├── Accounts_UserRelatedOperations_Security.yaml ├── Antivirus_Microsoft_Windows_Windows_Defender.yaml ├── Audit_Log_Cleared_Security.yaml ├── Audit_Log_Cleared_System.yaml ├── Audit_Log_Policy_Change.yaml ├── BootupRestartShutdown_Security.yaml ├── BootupRestartShutdown_System.yaml ├── Common.yaml ├── Firewall_Microsoft-Windows-WindowsFirewallWithAdvancedSecurity.yaml ├── Firewall_Security.yaml ├── Logons_Security.yaml ├── Microsoft-Windows-PowerShellOperational_General.yaml ├── Microsoft-Windows-PowerShellOperational_ScriptBlock.yaml ├── Microsoft-Windows-SmbClientAudit_SMB_ClientDestinations.yaml ├── Microsoft-Windows-SmbClientConnectivity_SMB_ClientDestinations.yaml ├── Microsoft-Windows-SmbClientOperational_SMB_ClientDestinations.yaml ├── Microsoft-Windows-SmbClientSecurity_SMB_ClientDestinations.yaml ├── Microsoft-Windows-SmbServerAudit_SMB_ServerAccessAudit.yaml ├── Microsoft-Windows-SmbServerConnectivity_SMB_ServerModifications.yaml ├── Microsoft-Windows-SmbServerOperational_SMB_ServerAccessAudit.yaml ├── Microsoft-Windows-SmbServerOperational_SMB_ServerModifications.yaml ├── Microsoft-Windows-SmbServerSecurity_SMB_ServerAccessAudit.yaml ├── Process_Creation_Security.yaml ├── Process_Creation_Sysmon.yaml ├── RDP_RemoteDesktopServices_RdpCoreTS_Operational.yaml ├── RDP_Security.yaml ├── RDP_TerminalServices_LocalSessionManager_Operational.yaml ├── RDP_TerminalServices_RDPClient_Operational.yaml ├── RDP_TerminalServices_RemoteConnectionManager_Admin.yaml ├── RDP_TerminalServices_RemoteConnectionManager_Operational.yaml ├── SMB_ServerAccessAudit_Security.yaml ├── SMB_ServerModifications_Security.yaml ├── ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_CreationModification.yaml ├── ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_Execution.yaml ├── ScheduledTasks_Security.yaml ├── Services_Security.yaml ├── Services_System.yaml ├── WinRM_Operational_WinRM.yaml ├── Windows PowerShell.yaml ├── layer2 │ ├── AV_SymantecNetwork.yaml │ ├── AV_WindowsDefender.yaml │ ├── AccountsUserRelatedOperations.yaml │ ├── AuditLogCleared.yaml │ ├── AuditPolicyChanged.yaml │ ├── FirewallUniversal.yaml │ ├── General_BootupRestartShutdown.yaml │ ├── LogonsUniversal.yaml │ ├── PowerShellScriptBlock.yaml │ ├── PowerShellUniversal.yaml │ ├── ProcessCreation.yaml │ ├── RDPUniversal.yaml │ ├── SMB_ClientDestinations.yaml │ ├── SMB_ServerAccessAudit.yaml │ ├── SMB_ServerModifications.yaml │ ├── ScheduledTasks_CreationModification.yaml │ ├── ScheduledTasks_Execution.yaml │ ├── ServicesUniversal.yaml │ └── WinRMUniversal.yaml └── params │ ├── ConnectionTypeSMB.yaml │ ├── DefenderDoubleQuotes.yaml │ ├── DefenderScanSource.yaml │ ├── FW_Action.yaml │ ├── FW_Boolean.yaml │ ├── FW_Direction.yaml │ ├── FW_EdgeTraversal.yaml │ ├── FW_IPVersion.yaml │ ├── FW_Origin.yaml │ ├── FW_Profile.yaml │ ├── FW_Protocol.yaml │ ├── FW_ReasonCode.yaml │ ├── FW_SecurityOptions.yaml │ ├── FW_SettingType.yaml │ ├── LogonType.yaml │ ├── LogonTypeUseCase.yaml │ ├── MandatoryLabel.yaml │ ├── NTStatus.yaml │ ├── NTStatusSMB.yaml │ ├── PreAuthType.yaml │ ├── ReasonSMB.yaml │ ├── SIDList.yaml │ ├── Security.yaml │ ├── ServiceStartType.yaml │ ├── ServiceType.yaml │ ├── TicketEncryptionType.yaml │ ├── TicketOptions.yaml │ └── UacValue.yaml ├── output_manager ├── csv.go ├── excel.go ├── json.go ├── jsonl_internal.go └── output_manager.go ├── special_transformations ├── av_symantec.go ├── powershell.go ├── rdp_cracker.go ├── scheduled_tasks.go └── winrm.go ├── templates └── apache_echarts.tmpl └── tests ├── accounts_groups_test.go ├── audit_log_cleared_test.go ├── audit_policy_change_test.go ├── audit_smb_test.go ├── av_defender_test.go ├── av_symantec_test.go ├── chart_test.go ├── common_functions.go ├── events ├── Application_400.json ├── Microsoft-Windows-PowerShell_Operational_24577.json ├── Microsoft-Windows-PowerShell_Operational_4100.json ├── Microsoft-Windows-PowerShell_Operational_53504.json ├── Microsoft-Windows-PowerShell_Operational_8193.json ├── Microsoft-Windows-PowerShell_Operational_8194.json ├── Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_131.json ├── Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_168.json ├── Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_65.json ├── Microsoft-Windows-SMBServer_Audit_3000.json ├── Microsoft-Windows-SMBServer_Operational_1016.json ├── Microsoft-Windows-SMBServer_Security_1006.json ├── Microsoft-Windows-SMBServer_Security_1007.json ├── Microsoft-Windows-SMBServer_Security_551.json ├── Microsoft-Windows-SmbClient_Audit_32002.json ├── Microsoft-Windows-SmbClient_Connectivity_30803.json ├── Microsoft-Windows-SmbClient_Connectivity_30806.json ├── Microsoft-Windows-SmbClient_Security_31000.json ├── Microsoft-Windows-SmbClient_Security_31013.json ├── Microsoft-Windows-SmbClient_Security_31019.json ├── Microsoft-Windows-Sysmon_Operational_1.json ├── Microsoft-Windows-Sysmon_Operational_5.json ├── Microsoft-Windows-TaskScheduler_Operational_100.json ├── Microsoft-Windows-TaskScheduler_Operational_129.json ├── Microsoft-Windows-TaskScheduler_Operational_201.json ├── Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_17.json ├── Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_21.json ├── Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_36.json ├── Microsoft-Windows-TerminalServices-RDPClient_Operational_1024.json ├── Microsoft-Windows-TerminalServices-RDPClient_Operational_1027.json ├── Microsoft-Windows-TerminalServices-RDPClient_Operational_226.json ├── Microsoft-Windows-TerminalServices-RemoteConnectionManager_Operational_1149.json ├── Microsoft-Windows-WinRM_Operational_11.json ├── Microsoft-Windows-WinRM_Operational_161.json ├── Microsoft-Windows-WinRM_Operational_41.json ├── Microsoft-Windows-WinRM_Operational_44.json ├── Microsoft-Windows-WinRM_Operational_47.json ├── Microsoft-Windows-WinRM_Operational_6.json ├── Microsoft-Windows-WinRM_Operational_7.json ├── Microsoft-Windows-WinRM_Operational_91.json ├── Microsoft-Windows-Windows_Defender_Operational_1000.json ├── Microsoft-Windows-Windows_Defender_Operational_1010.json ├── Microsoft-Windows-Windows_Defender_Operational_1116.json ├── Microsoft-Windows-Windows_Defender_Operational_1117.json ├── Microsoft-Windows-Windows_Defender_Operational_2000.json ├── Microsoft-Windows-Windows_Defender_Operational_2050.json ├── Microsoft-Windows-Windows_Defender_Operational_3002.json ├── Microsoft-Windows-Windows_Defender_Operational_5007.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2002.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2003.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2004.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2006.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2010.json ├── Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2011.json ├── Security_1102.json ├── Security_4624.json ├── Security_4625.json ├── Security_4648.json ├── Security_4674.json ├── Security_4688.json ├── Security_4689.json ├── Security_4697.json ├── Security_4698.json ├── Security_4719.json ├── Security_4720.json ├── Security_4724.json ├── Security_4728.json ├── Security_4738.json ├── Security_4741.json ├── Security_4743.json ├── Security_4768.json ├── Security_4769.json ├── Security_4776.json ├── Security_4778.json ├── Security_4781.json ├── Security_4945.json ├── Security_4946.json ├── Security_4953.json ├── Security_4964.json ├── Security_5031.json ├── Security_5140.json ├── Security_5143.json ├── Security_5145.json ├── Security_5152.json ├── Security_5154.json ├── Security_5156.json ├── Security_5157.json ├── Security_6406.json ├── System_104.json ├── System_6008.json ├── System_6013.json ├── System_7024.json ├── System_7034.json ├── System_7040.json ├── System_7045.json ├── System_7046.json ├── System_Microsoft-Windows-Kernel-Boot_16.json ├── System_Microsoft-Windows-Kernel-General_12.json ├── System_Microsoft-Windows-Kernel-General_13.json ├── System_Microsoft-Windows-WER-SystemErrorReporting_1001.json ├── System_User32_1073.json ├── System_User32_1074.json ├── Windows_PowerShell_400.json ├── Windows_PowerShell_600.json └── Windows_PowerShell_800.json ├── evtxparsing_test.go ├── files ├── Application15.evtx ├── Security4624.evtx └── chart │ └── vss │ ├── Security4624vss1.evtx │ └── Security4624vss2.evtx ├── firewall_test.go ├── general_bootup_restart_shutdown_test.go ├── generic_fields_test.go ├── logic_engine_test.go ├── logons_logons_test.go ├── powershell_test.go ├── process_creation_test.go ├── rdp_test.go ├── scheduled_tasks_test.go ├── services_test.go ├── time_conversion_test.go ├── winrm_test.go └── xor_test.go /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/README.md -------------------------------------------------------------------------------- /chart/chart.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/chart/chart.go -------------------------------------------------------------------------------- /chart/configuration.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/chart/configuration.go -------------------------------------------------------------------------------- /chart/statistics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/chart/statistics.go -------------------------------------------------------------------------------- /chart/struct.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/chart/struct.go -------------------------------------------------------------------------------- /cmd/EvtxHussar/EvtxHussar.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/cmd/EvtxHussar/EvtxHussar.go -------------------------------------------------------------------------------- /common/art.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/art.go -------------------------------------------------------------------------------- /common/common.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/common.go -------------------------------------------------------------------------------- /common/const.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/const.go -------------------------------------------------------------------------------- /common/evtx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/evtx.go -------------------------------------------------------------------------------- /common/extractors.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/extractors.go -------------------------------------------------------------------------------- /common/logging.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/logging.go -------------------------------------------------------------------------------- /common/path_manipulation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/path_manipulation.go -------------------------------------------------------------------------------- /common/socket_parser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/socket_parser.go -------------------------------------------------------------------------------- /common/structures.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/structures.go -------------------------------------------------------------------------------- /common/time.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/time.go -------------------------------------------------------------------------------- /common/xor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/common/xor.go -------------------------------------------------------------------------------- /engine/engine.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/engine/engine.go -------------------------------------------------------------------------------- /engine/layer1.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/engine/layer1.go -------------------------------------------------------------------------------- /engine/layer2.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/engine/layer2.go -------------------------------------------------------------------------------- /engine/logic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/engine/logic.go -------------------------------------------------------------------------------- /eventmap/attrib_extraction.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/eventmap/attrib_extraction.go -------------------------------------------------------------------------------- /eventmap/event_map.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/eventmap/event_map.go -------------------------------------------------------------------------------- /evtxhussar_chart_demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/evtxhussar_chart_demo.gif -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/go.sum -------------------------------------------------------------------------------- /icon/icons8-forensics-96.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/icon/icons8-forensics-96.ico -------------------------------------------------------------------------------- /icon/icons8-forensics-96.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/icon/icons8-forensics-96.png -------------------------------------------------------------------------------- /icon/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/icon/readme.txt -------------------------------------------------------------------------------- /maps/AV_SymantecNetworkProtection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/AV_SymantecNetworkProtection.yaml -------------------------------------------------------------------------------- /maps/Accounts_UserRelatedOperations_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Accounts_UserRelatedOperations_Security.yaml -------------------------------------------------------------------------------- /maps/Antivirus_Microsoft_Windows_Windows_Defender.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Antivirus_Microsoft_Windows_Windows_Defender.yaml -------------------------------------------------------------------------------- /maps/Audit_Log_Cleared_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Audit_Log_Cleared_Security.yaml -------------------------------------------------------------------------------- /maps/Audit_Log_Cleared_System.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Audit_Log_Cleared_System.yaml -------------------------------------------------------------------------------- /maps/Audit_Log_Policy_Change.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Audit_Log_Policy_Change.yaml -------------------------------------------------------------------------------- /maps/BootupRestartShutdown_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/BootupRestartShutdown_Security.yaml -------------------------------------------------------------------------------- /maps/BootupRestartShutdown_System.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/BootupRestartShutdown_System.yaml -------------------------------------------------------------------------------- /maps/Common.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Common.yaml -------------------------------------------------------------------------------- /maps/Firewall_Microsoft-Windows-WindowsFirewallWithAdvancedSecurity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Firewall_Microsoft-Windows-WindowsFirewallWithAdvancedSecurity.yaml -------------------------------------------------------------------------------- /maps/Firewall_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Firewall_Security.yaml -------------------------------------------------------------------------------- /maps/Logons_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Logons_Security.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-PowerShellOperational_General.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-PowerShellOperational_General.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-PowerShellOperational_ScriptBlock.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-PowerShellOperational_ScriptBlock.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbClientAudit_SMB_ClientDestinations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbClientAudit_SMB_ClientDestinations.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbClientConnectivity_SMB_ClientDestinations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbClientConnectivity_SMB_ClientDestinations.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbClientOperational_SMB_ClientDestinations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbClientOperational_SMB_ClientDestinations.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbClientSecurity_SMB_ClientDestinations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbClientSecurity_SMB_ClientDestinations.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbServerAudit_SMB_ServerAccessAudit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbServerAudit_SMB_ServerAccessAudit.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbServerConnectivity_SMB_ServerModifications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbServerConnectivity_SMB_ServerModifications.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbServerOperational_SMB_ServerAccessAudit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbServerOperational_SMB_ServerAccessAudit.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbServerOperational_SMB_ServerModifications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbServerOperational_SMB_ServerModifications.yaml -------------------------------------------------------------------------------- /maps/Microsoft-Windows-SmbServerSecurity_SMB_ServerAccessAudit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Microsoft-Windows-SmbServerSecurity_SMB_ServerAccessAudit.yaml -------------------------------------------------------------------------------- /maps/Process_Creation_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Process_Creation_Security.yaml -------------------------------------------------------------------------------- /maps/Process_Creation_Sysmon.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Process_Creation_Sysmon.yaml -------------------------------------------------------------------------------- /maps/RDP_RemoteDesktopServices_RdpCoreTS_Operational.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_RemoteDesktopServices_RdpCoreTS_Operational.yaml -------------------------------------------------------------------------------- /maps/RDP_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_Security.yaml -------------------------------------------------------------------------------- /maps/RDP_TerminalServices_LocalSessionManager_Operational.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_TerminalServices_LocalSessionManager_Operational.yaml -------------------------------------------------------------------------------- /maps/RDP_TerminalServices_RDPClient_Operational.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_TerminalServices_RDPClient_Operational.yaml -------------------------------------------------------------------------------- /maps/RDP_TerminalServices_RemoteConnectionManager_Admin.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_TerminalServices_RemoteConnectionManager_Admin.yaml -------------------------------------------------------------------------------- /maps/RDP_TerminalServices_RemoteConnectionManager_Operational.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/RDP_TerminalServices_RemoteConnectionManager_Operational.yaml -------------------------------------------------------------------------------- /maps/SMB_ServerAccessAudit_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/SMB_ServerAccessAudit_Security.yaml -------------------------------------------------------------------------------- /maps/SMB_ServerModifications_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/SMB_ServerModifications_Security.yaml -------------------------------------------------------------------------------- /maps/ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_CreationModification.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_CreationModification.yaml -------------------------------------------------------------------------------- /maps/ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_Execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/ScheduledTasks_Microsoft-Windows-TaskSchedulerOperational_Execution.yaml -------------------------------------------------------------------------------- /maps/ScheduledTasks_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/ScheduledTasks_Security.yaml -------------------------------------------------------------------------------- /maps/Services_Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Services_Security.yaml -------------------------------------------------------------------------------- /maps/Services_System.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Services_System.yaml -------------------------------------------------------------------------------- /maps/WinRM_Operational_WinRM.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/WinRM_Operational_WinRM.yaml -------------------------------------------------------------------------------- /maps/Windows PowerShell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/Windows PowerShell.yaml -------------------------------------------------------------------------------- /maps/layer2/AV_SymantecNetwork.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/AV_SymantecNetwork.yaml -------------------------------------------------------------------------------- /maps/layer2/AV_WindowsDefender.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/AV_WindowsDefender.yaml -------------------------------------------------------------------------------- /maps/layer2/AccountsUserRelatedOperations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/AccountsUserRelatedOperations.yaml -------------------------------------------------------------------------------- /maps/layer2/AuditLogCleared.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/AuditLogCleared.yaml -------------------------------------------------------------------------------- /maps/layer2/AuditPolicyChanged.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/AuditPolicyChanged.yaml -------------------------------------------------------------------------------- /maps/layer2/FirewallUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/FirewallUniversal.yaml -------------------------------------------------------------------------------- /maps/layer2/General_BootupRestartShutdown.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/General_BootupRestartShutdown.yaml -------------------------------------------------------------------------------- /maps/layer2/LogonsUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/LogonsUniversal.yaml -------------------------------------------------------------------------------- /maps/layer2/PowerShellScriptBlock.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/PowerShellScriptBlock.yaml -------------------------------------------------------------------------------- /maps/layer2/PowerShellUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/PowerShellUniversal.yaml -------------------------------------------------------------------------------- /maps/layer2/ProcessCreation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/ProcessCreation.yaml -------------------------------------------------------------------------------- /maps/layer2/RDPUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/RDPUniversal.yaml -------------------------------------------------------------------------------- /maps/layer2/SMB_ClientDestinations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/SMB_ClientDestinations.yaml -------------------------------------------------------------------------------- /maps/layer2/SMB_ServerAccessAudit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/SMB_ServerAccessAudit.yaml -------------------------------------------------------------------------------- /maps/layer2/SMB_ServerModifications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/SMB_ServerModifications.yaml -------------------------------------------------------------------------------- /maps/layer2/ScheduledTasks_CreationModification.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/ScheduledTasks_CreationModification.yaml -------------------------------------------------------------------------------- /maps/layer2/ScheduledTasks_Execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/ScheduledTasks_Execution.yaml -------------------------------------------------------------------------------- /maps/layer2/ServicesUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/ServicesUniversal.yaml -------------------------------------------------------------------------------- /maps/layer2/WinRMUniversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/layer2/WinRMUniversal.yaml -------------------------------------------------------------------------------- /maps/params/ConnectionTypeSMB.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/ConnectionTypeSMB.yaml -------------------------------------------------------------------------------- /maps/params/DefenderDoubleQuotes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/DefenderDoubleQuotes.yaml -------------------------------------------------------------------------------- /maps/params/DefenderScanSource.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/DefenderScanSource.yaml -------------------------------------------------------------------------------- /maps/params/FW_Action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Action.yaml -------------------------------------------------------------------------------- /maps/params/FW_Boolean.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Boolean.yaml -------------------------------------------------------------------------------- /maps/params/FW_Direction.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Direction.yaml -------------------------------------------------------------------------------- /maps/params/FW_EdgeTraversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_EdgeTraversal.yaml -------------------------------------------------------------------------------- /maps/params/FW_IPVersion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_IPVersion.yaml -------------------------------------------------------------------------------- /maps/params/FW_Origin.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Origin.yaml -------------------------------------------------------------------------------- /maps/params/FW_Profile.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Profile.yaml -------------------------------------------------------------------------------- /maps/params/FW_Protocol.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_Protocol.yaml -------------------------------------------------------------------------------- /maps/params/FW_ReasonCode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_ReasonCode.yaml -------------------------------------------------------------------------------- /maps/params/FW_SecurityOptions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_SecurityOptions.yaml -------------------------------------------------------------------------------- /maps/params/FW_SettingType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/FW_SettingType.yaml -------------------------------------------------------------------------------- /maps/params/LogonType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/LogonType.yaml -------------------------------------------------------------------------------- /maps/params/LogonTypeUseCase.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/LogonTypeUseCase.yaml -------------------------------------------------------------------------------- /maps/params/MandatoryLabel.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/MandatoryLabel.yaml -------------------------------------------------------------------------------- /maps/params/NTStatus.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/NTStatus.yaml -------------------------------------------------------------------------------- /maps/params/NTStatusSMB.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/NTStatusSMB.yaml -------------------------------------------------------------------------------- /maps/params/PreAuthType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/PreAuthType.yaml -------------------------------------------------------------------------------- /maps/params/ReasonSMB.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/ReasonSMB.yaml -------------------------------------------------------------------------------- /maps/params/SIDList.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/SIDList.yaml -------------------------------------------------------------------------------- /maps/params/Security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/Security.yaml -------------------------------------------------------------------------------- /maps/params/ServiceStartType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/ServiceStartType.yaml -------------------------------------------------------------------------------- /maps/params/ServiceType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/ServiceType.yaml -------------------------------------------------------------------------------- /maps/params/TicketEncryptionType.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/TicketEncryptionType.yaml -------------------------------------------------------------------------------- /maps/params/TicketOptions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/TicketOptions.yaml -------------------------------------------------------------------------------- /maps/params/UacValue.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/maps/params/UacValue.yaml -------------------------------------------------------------------------------- /output_manager/csv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/output_manager/csv.go -------------------------------------------------------------------------------- /output_manager/excel.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/output_manager/excel.go -------------------------------------------------------------------------------- /output_manager/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/output_manager/json.go -------------------------------------------------------------------------------- /output_manager/jsonl_internal.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/output_manager/jsonl_internal.go -------------------------------------------------------------------------------- /output_manager/output_manager.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/output_manager/output_manager.go -------------------------------------------------------------------------------- /special_transformations/av_symantec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/special_transformations/av_symantec.go -------------------------------------------------------------------------------- /special_transformations/powershell.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/special_transformations/powershell.go -------------------------------------------------------------------------------- /special_transformations/rdp_cracker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/special_transformations/rdp_cracker.go -------------------------------------------------------------------------------- /special_transformations/scheduled_tasks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/special_transformations/scheduled_tasks.go -------------------------------------------------------------------------------- /special_transformations/winrm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/special_transformations/winrm.go -------------------------------------------------------------------------------- /templates/apache_echarts.tmpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/templates/apache_echarts.tmpl -------------------------------------------------------------------------------- /tests/accounts_groups_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/accounts_groups_test.go -------------------------------------------------------------------------------- /tests/audit_log_cleared_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/audit_log_cleared_test.go -------------------------------------------------------------------------------- /tests/audit_policy_change_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/audit_policy_change_test.go -------------------------------------------------------------------------------- /tests/audit_smb_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/audit_smb_test.go -------------------------------------------------------------------------------- /tests/av_defender_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/av_defender_test.go -------------------------------------------------------------------------------- /tests/av_symantec_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/av_symantec_test.go -------------------------------------------------------------------------------- /tests/chart_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/chart_test.go -------------------------------------------------------------------------------- /tests/common_functions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/common_functions.go -------------------------------------------------------------------------------- /tests/events/Application_400.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Application_400.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-PowerShell_Operational_24577.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-PowerShell_Operational_24577.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-PowerShell_Operational_4100.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-PowerShell_Operational_4100.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-PowerShell_Operational_53504.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-PowerShell_Operational_53504.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-PowerShell_Operational_8193.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-PowerShell_Operational_8193.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-PowerShell_Operational_8194.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-PowerShell_Operational_8194.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_131.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_131.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_168.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_168.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_65.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_Operational_65.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SMBServer_Audit_3000.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SMBServer_Audit_3000.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SMBServer_Operational_1016.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SMBServer_Operational_1016.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SMBServer_Security_1006.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SMBServer_Security_1006.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SMBServer_Security_1007.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SMBServer_Security_1007.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SMBServer_Security_551.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SMBServer_Security_551.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Audit_32002.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Audit_32002.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Connectivity_30803.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Connectivity_30803.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Connectivity_30806.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Connectivity_30806.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Security_31000.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Security_31000.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Security_31013.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Security_31013.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-SmbClient_Security_31019.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-SmbClient_Security_31019.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Sysmon_Operational_1.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Sysmon_Operational_1.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Sysmon_Operational_5.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Sysmon_Operational_5.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TaskScheduler_Operational_100.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TaskScheduler_Operational_100.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TaskScheduler_Operational_129.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TaskScheduler_Operational_129.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TaskScheduler_Operational_201.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TaskScheduler_Operational_201.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_17.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_17.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_21.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_21.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_36.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-LocalSessionManager_Operational_36.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_1024.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_1024.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_1027.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_1027.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_226.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-RDPClient_Operational_226.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-TerminalServices-RemoteConnectionManager_Operational_1149.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-TerminalServices-RemoteConnectionManager_Operational_1149.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_11.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_11.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_161.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_161.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_41.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_41.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_44.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_44.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_47.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_47.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_6.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_6.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_7.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_7.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-WinRM_Operational_91.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-WinRM_Operational_91.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_1000.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_1000.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_1010.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_1010.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_1116.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_1116.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_1117.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_1117.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_2000.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_2000.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_2050.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_2050.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_3002.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_3002.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Defender_Operational_5007.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Defender_Operational_5007.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2002.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2002.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2003.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2003.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2004.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2004.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2006.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2006.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2010.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2010.json -------------------------------------------------------------------------------- /tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2011.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Microsoft-Windows-Windows_Firewall_With_Advanced_Security_Firewall_2011.json -------------------------------------------------------------------------------- /tests/events/Security_1102.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_1102.json -------------------------------------------------------------------------------- /tests/events/Security_4624.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4624.json -------------------------------------------------------------------------------- /tests/events/Security_4625.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4625.json -------------------------------------------------------------------------------- /tests/events/Security_4648.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4648.json -------------------------------------------------------------------------------- /tests/events/Security_4674.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4674.json -------------------------------------------------------------------------------- /tests/events/Security_4688.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4688.json -------------------------------------------------------------------------------- /tests/events/Security_4689.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4689.json -------------------------------------------------------------------------------- /tests/events/Security_4697.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4697.json -------------------------------------------------------------------------------- /tests/events/Security_4698.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4698.json -------------------------------------------------------------------------------- /tests/events/Security_4719.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4719.json -------------------------------------------------------------------------------- /tests/events/Security_4720.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4720.json -------------------------------------------------------------------------------- /tests/events/Security_4724.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4724.json -------------------------------------------------------------------------------- /tests/events/Security_4728.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4728.json -------------------------------------------------------------------------------- /tests/events/Security_4738.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4738.json -------------------------------------------------------------------------------- /tests/events/Security_4741.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4741.json -------------------------------------------------------------------------------- /tests/events/Security_4743.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4743.json -------------------------------------------------------------------------------- /tests/events/Security_4768.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4768.json -------------------------------------------------------------------------------- /tests/events/Security_4769.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4769.json -------------------------------------------------------------------------------- /tests/events/Security_4776.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4776.json -------------------------------------------------------------------------------- /tests/events/Security_4778.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4778.json -------------------------------------------------------------------------------- /tests/events/Security_4781.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4781.json -------------------------------------------------------------------------------- /tests/events/Security_4945.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4945.json -------------------------------------------------------------------------------- /tests/events/Security_4946.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4946.json -------------------------------------------------------------------------------- /tests/events/Security_4953.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4953.json -------------------------------------------------------------------------------- /tests/events/Security_4964.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_4964.json -------------------------------------------------------------------------------- /tests/events/Security_5031.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5031.json -------------------------------------------------------------------------------- /tests/events/Security_5140.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5140.json -------------------------------------------------------------------------------- /tests/events/Security_5143.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5143.json -------------------------------------------------------------------------------- /tests/events/Security_5145.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5145.json -------------------------------------------------------------------------------- /tests/events/Security_5152.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5152.json -------------------------------------------------------------------------------- /tests/events/Security_5154.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5154.json -------------------------------------------------------------------------------- /tests/events/Security_5156.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5156.json -------------------------------------------------------------------------------- /tests/events/Security_5157.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_5157.json -------------------------------------------------------------------------------- /tests/events/Security_6406.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Security_6406.json -------------------------------------------------------------------------------- /tests/events/System_104.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_104.json -------------------------------------------------------------------------------- /tests/events/System_6008.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_6008.json -------------------------------------------------------------------------------- /tests/events/System_6013.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_6013.json -------------------------------------------------------------------------------- /tests/events/System_7024.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_7024.json -------------------------------------------------------------------------------- /tests/events/System_7034.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_7034.json -------------------------------------------------------------------------------- /tests/events/System_7040.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_7040.json -------------------------------------------------------------------------------- /tests/events/System_7045.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_7045.json -------------------------------------------------------------------------------- /tests/events/System_7046.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_7046.json -------------------------------------------------------------------------------- /tests/events/System_Microsoft-Windows-Kernel-Boot_16.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_Microsoft-Windows-Kernel-Boot_16.json -------------------------------------------------------------------------------- /tests/events/System_Microsoft-Windows-Kernel-General_12.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_Microsoft-Windows-Kernel-General_12.json -------------------------------------------------------------------------------- /tests/events/System_Microsoft-Windows-Kernel-General_13.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_Microsoft-Windows-Kernel-General_13.json -------------------------------------------------------------------------------- /tests/events/System_Microsoft-Windows-WER-SystemErrorReporting_1001.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_Microsoft-Windows-WER-SystemErrorReporting_1001.json -------------------------------------------------------------------------------- /tests/events/System_User32_1073.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_User32_1073.json -------------------------------------------------------------------------------- /tests/events/System_User32_1074.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/System_User32_1074.json -------------------------------------------------------------------------------- /tests/events/Windows_PowerShell_400.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Windows_PowerShell_400.json -------------------------------------------------------------------------------- /tests/events/Windows_PowerShell_600.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Windows_PowerShell_600.json -------------------------------------------------------------------------------- /tests/events/Windows_PowerShell_800.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/events/Windows_PowerShell_800.json -------------------------------------------------------------------------------- /tests/evtxparsing_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/evtxparsing_test.go -------------------------------------------------------------------------------- /tests/files/Application15.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/files/Application15.evtx -------------------------------------------------------------------------------- /tests/files/Security4624.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/files/Security4624.evtx -------------------------------------------------------------------------------- /tests/files/chart/vss/Security4624vss1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/files/chart/vss/Security4624vss1.evtx -------------------------------------------------------------------------------- /tests/files/chart/vss/Security4624vss2.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/files/chart/vss/Security4624vss2.evtx -------------------------------------------------------------------------------- /tests/firewall_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/firewall_test.go -------------------------------------------------------------------------------- /tests/general_bootup_restart_shutdown_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/general_bootup_restart_shutdown_test.go -------------------------------------------------------------------------------- /tests/generic_fields_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/generic_fields_test.go -------------------------------------------------------------------------------- /tests/logic_engine_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/logic_engine_test.go -------------------------------------------------------------------------------- /tests/logons_logons_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/logons_logons_test.go -------------------------------------------------------------------------------- /tests/powershell_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/powershell_test.go -------------------------------------------------------------------------------- /tests/process_creation_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/process_creation_test.go -------------------------------------------------------------------------------- /tests/rdp_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/rdp_test.go -------------------------------------------------------------------------------- /tests/scheduled_tasks_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/scheduled_tasks_test.go -------------------------------------------------------------------------------- /tests/services_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/services_test.go -------------------------------------------------------------------------------- /tests/time_conversion_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/time_conversion_test.go -------------------------------------------------------------------------------- /tests/winrm_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/winrm_test.go -------------------------------------------------------------------------------- /tests/xor_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yarox24/EvtxHussar/HEAD/tests/xor_test.go --------------------------------------------------------------------------------