Public Catalog Sources
Public repositories available in the log catalog.
Yamato Security Hayabusa
Yamato-Security/hayabusa-sample-evtx
Curated log samples for Hayabusa rule testing. Includes samples from community attack datasets, DeepBlueCLI, and MITRE ATT&CK®-mapped collections.
Attribution: hayabusa-sample-evtx by Yamato Security and contributors.
Source: https://github.com/Yamato-Security/hayabusa-sample-evtx
License: MIT
Modifications: Logcannon imports a subset of EVTX samples from this repository. Records may be parsed and converted to another format before delivery to your security platform.
Attack Samples
sbousseaden/EVTX-ATTACK-SAMPLES
Windows event samples mapped to MITRE ATT&CK® techniques. ~200 files organized by tactic: Credential Access, Defense Evasion, Execution, Lateral Movement, Persistence, Privilege Escalation, and more.
Attribution: EVTX-ATTACK-SAMPLES by Samir Bousseaden and contributors.
Source: https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
License: GNU General Public License v3.0 only (GPL-3.0-only)
Modifications: EVTX records are parsed and converted to another format (e.g. JSON-style fields) before being conveyed to user-configured destinations.
Logcannon uses these files as a community dataset source in a hosted SaaS workflow. We do not redistribute upstream scripts or tooling from this repository as part of customer-delivered software. For attribution or source questions, contact contact@logcannon.com.
See Acknowledgements for service-level licensing notes.
EVTX to MITRE Attack
mdecrevoisier/EVTX-to-MITRE-Attack
Log samples organized by MITRE ATT&CK® technique IDs (e.g. TA0002-Execution/T1059.001-PowerShell). Covers Initial Access, Execution, Persistence, Credential Access, Lateral Movement, and more.
Attribution: EVTX-to-MITRE-Attack by mdecrevoisier.
Source: https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
License: Creative Commons Attribution 4.0 International (CC BY 4.0)
Modifications: Logcannon may parse and reformat EVTX content derived from this repository before delivery to your security platform.
For site-wide open-source notices and trademark statements, see Acknowledgements. See Supported Log Types for which log formats can be processed.