CyberVeille.chJan 30
📢 Bug Windows EVTX : des entrées de journaux « ressuscitent » dans d’autres fichiers après purge
📝 Source: blog de Maxim Suhanov — Publication de recherche décrivant un artefact DFIR issu d’un bug du serv...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-29-bug-windows-evtx-des-entrees-de-journaux-ressuscitent-dans-dautres-fichiers-apres-purge/
🌐 source : https://dfir.ru/2026/01/26/windows-event-logs-were-cleared-but-resurrected-in-another-file/
#DFIR #EVTX #Cyberveille
Josh LemonSep 3, 2024

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.

#DFIR #LinuxForensics #SIEM #CSIRT

https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

Telemetry on Linux vs. Windows: A Comparative Analysis

In today’s highly advanced IT environments, telemetry plays a vital role in monitoring, securing, and responding to incidents. Both the Linux and Windows platforms have their own mechanisms for…

Medium
Security Onion 🧅​Oct 24, 2023

#SecurityOnion 2.4 Feature o' the Day

SOC can now import #PCAP and #EVTX files:
https://blog.securityonion.net/2023/10/security-onion-24-feature-o-day-soc-can.html

Security Onion 2.4 Feature o' the Day - SOC can now import PCAP and EVTX files

Security Onion 2.4 includes lots of new features! SOC can now import PCAP and EVTX files! You can read more about this in our documentation:...

Florian RothDec 21, 2022
I wrote a guide on how to use our evtx-sigma-checker tool
- applies #Sigma rules to #EVTX files
- outputs JSON
- Linux, macOS, Windows binaries
- blazingly fast (cause it uses our private go-sigma library)
- it's a byproduct of our CI checks
#DFIR
https://gist.github.com/Neo23x0/9eb505a00f7ba591645a6246fa6c5246
Guide to Use Sigma EVTX Checker

Guide to Use Sigma EVTX Checker. GitHub Gist: instantly share code, notes, and snippets.

Gist