EventMonkey is a multiprocessing utility that processes Windows event logs and stores into SQLite database with an option to send records to Elastic for indexing.
Usage
usage: EventMonkey.py [-h] -n EVIDENCENAME -p EVENTS_PATH -o OUTPUT_PATH
[--threads THREADS_TO_USE] [--esconfig ESCONFIG]
[--esurl ESURL] [--eshost ESHOST] [--esuser ESUSER]
[--espass ESPASS]
EventMonkey (A Windows Event Parsing Utility)
optional arguments:
-h, --help show this help message and exit
-n EVIDENCENAME, --evidencename EVIDENCENAME
Path to Event Files
-p EVENTS_PATH, --path EVENTS_PATH
Path to Event Files
-o OUTPUT_PATH, --output_path OUTPUT_PATH
Output Path
--threads THREADS_TO_USE
Number of threads to use (default is all [8])
--esconfig ESCONFIG Elastic YAML Config File
--esurl ESURL Elastic RFC-1738 URL
--eshost ESHOST Elastic Host IP
--esuser ESUSER Elastic Host User
--espass ESPASS Elastic Password [if not supplied, will prompt]Use this link for more info.
