SigmaEye is a Windows process monitoring toolkit that integrates ETW and user-level monitoring with Sigma rules. It detects suspicious process behavior, LOLBins usage, and potential threats in real-time. Features include dual monitoring, DLL injection tracking, and customizable detection rules. Requires admin privileges for ETW monitoring.

Quick reference guide for WosHeteroStats — ETW post-processing tool to analyze hybrid processor scheduling on Windows (ETL traces to CSV).

C++ ETW (Event Tracing for Windows) threat hunter for real-time detection

ThreatFalcon: A national Rust endpoint sensor using ETW, Sysmon, and evasion signals aligned with offensive tradecraft, focused on transparency and explainability.

ETW-based telemetry agent for Windows 11

2017-09-14 Tokyo MasterCloud presentation files.

Real-time ransomware detection and monitoring tool for Windows using ETW, with a Python (Flask) backend, Angular dashboard, and Redis-based event pipeline for scoring, alerting, and automated response actions.

A clean architecture, DDD-based solution for parsing ETW (Event Tracing for Windows) ETL files.

CSV parser for ETW events traces

Master thesis in collaboration with Leonardo Research Center

Etherwave

Tracelogging Providers in Python

Windows MESSAGETABLE resource merge tool

High-performance network monitoring and Windows Firewall management tool using C# 12, .NET 8, and ETW for real-time, low-overhead visibility.

🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect telemetry and outputs alerts for easy SIEM integration.

AutoLogger simplifies logging in .NET solutions without adding overhead to your code

Auditing tool that uses ETW to try and keep bad actors out

A realtime ETW monitoring CLI. Named after tail -f

ETW-based real-time threat detection: process injection, credential theft, LOLBins, AMSI bypass, PowerShell monitoring mapped to MITRE ATT&CK