SigmaEye is a Windows process monitoring toolkit that integrates ETW and user-level monitoring with Sigma rules. It detects suspicious process behavior, LOLBins usage, and potential threats in real-time. Features include dual monitoring, DLL injection tracking, and customizable detection rules. Requires admin privileges for ETW monitoring.

Real-time ransomware detection and monitoring tool for Windows using ETW, with a Python (Flask) backend, Angular dashboard, and Redis-based event pipeline for scoring, alerting, and automated response actions.

Tracelogging Providers in Python

ETW-based real-time threat detection: process injection, credential theft, LOLBins, AMSI bypass, PowerShell monitoring mapped to MITRE ATT&CK

High-performance ETW (Event Tracing for Windows) consumer library for Python with Rust core

Python logging via Event Tracing for Windows (ETW)

An IDA plugin to deal with Event Tracing for Windows (ETW)

ETW Python Library

Event Tracing For Windows (ETW) Resources