Home/textproc/py311-evtx2splunk

py311-evtx2splunk

2.0.1_1textproc

Evtx to Splunk ingestor

Ingest EVTX files into a Splunk instance. This tool is based on the work of : Omer BenAmram Blardy Thanks to Ekto for its contribution. Key features: - Splunk HEC support with token auto-creation - Splunk index auto-creation - Multiprocessing support - Caching for evtx reuse without reconverting - Windows and Linux compatibility - Rely on the great and fast evtx_dump Rust tool of Omer - Evtx message resolutions from database Note: evtx2splunk converts the EVTX to JSON and stores them in a temporary place. Hence, up to the size of source EVTX can be created during the process. These files are removed at the end of the process, except if keep_cache is enabled.

$pkg install py311-evtx2splunk

github.com/whikernel/evtx2splunk ↗

Origin

textproc/py-evtx2splunk

Size

115KiB

License

MIT

Maintainer

acm@FreeBSD.org

Dependencies

13 packages

Required by

1 packages

Dependencies (13)

python311 py311-urllib3 py311-tqdm py311-toml py311-splunk-hec py311-semantic-version py311-requests py311-python-dotenv py311-idna py311-chardet py311-certifi fd-find evtx

Required By (1)

py311-iris-evtx-module