Sample EVTX Repository:
The sample .evtx files come from the following repositories:
- DeepBlueCLI - Attack detection tool written in Powershell.
- EVTX ATTACK Samples - EVTX attack sample event log files by SBousseaden.
- EVTX-to-MITRE-Attack - Another great repository of EVTX attack sample logs mapped to ATT&CK.
as well as originally created .evtx files from Yamato Security.
We are trying to gather as many evtx files as we can for detection engineering.
Warning: Anti-virus sometimes will mistakenly alert when downloading and/or unzipping this repository due to keywords like "mimikatz", etc... There are no executable files in this repository so they are all false positives.