18Nis
Zircolite – A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux or JSONL/NDJSON Logs Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for…