export windows evtx events from xmlcli export files
Version: 0.1beta
The XML Event Extractor is a Python script designed to parse security-related XML event logs and extract meaningful data into a structured format. It focuses on extracting relevant security event IDs from Windows Event Logs (such as login attempts, logoffs, process creation, etc.).
- Parses XML files with UTF-8 or UTF-16 encoding.
- Supports extraction of various security event IDs.
- Outputs relevant event data into a CSV file.
The script handles the following event IDs:
- Successful Logon
- Failed Logon
- Logoff
- Process Creation
- Service Installation
- Directory Service Modifications, and more...
-
Clone the repository:
git clone https://github.com/suuhm/xml_event_xtractor.git
-
Navigate to the project directory:
cd xml_event_xtractor.py -
Install required dependencies:
pip install -r requirements.txt
To use the XML Event Extractor, simply run the script with the XML file as an argument:
python xml_event_xtractor.py /PATH/TO/FILE(*.xml, *.evtx)The script will generate a CSV file (ExtractedEvents.csv) containing the extracted events with their details.
This project is licensed under the MIT License.