etw

SigmaEye is a Windows process monitoring toolkit that integrates ETW and user-level monitoring with Sigma rules. It detects suspicious process behavior, LOLBins usage, and potential threats in real-time. Features include dual monitoring, DLL injection tracking, and customizable detection rules. Requires admin privileges for ETW monitoring.

etw threat-hunting dll-injection process-monitoring edr lolbins endpoint-security windows-security sigma-rules

Updated Feb 22, 2025
Python

bnbdr / tracelogging

Star

Tracelogging Providers in Python

python logging event tracing etw traceevent

Updated Sep 28, 2022
Python

Improve this page

Add a description, image, and links to the etw topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the etw topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

etw

Here are 6 public repositories matching this topic...

nasbench / EVTX-ETW-Resources

fireeye / pywintrace

airbus-cert / etwbreaker

MGTEK / pyetw

petstuk / SigmaEye

bnbdr / tracelogging

Improve this page

Add this topic to your repo