EventLog

This documentation provides details about the data that can be faked for Windows Event Logs.

To retrieve generated/fake data for Windows Event Logs see the following capabilities:

from socfaker import SocFaker

sc = SocFaker()

print(sc.logs.windows.eventlog())

WindowsEventLog Class

class socfaker.windows.Windows

The Windows class gives the user access to logs and other data related to Windows

eventlog(count=1, computer_name=None, os_version='Windows', json=False)

Generate fake event logs based on the provided inputs

Args:

count (int, optional): The number of logs to generate. Defaults to 1. computer_name (str, optional): A computer name to use when generating logs. Defaults to None. os_version (str, optional): The Operating System version to use when generating logs. Defaults to ‘Windows’. json (bool, optional): Whether or not to return data as JSON or XML. Defaults to False.

Returns:

list: Returns a list of generated Windows Event Logs

sysmon(count=1)

Generate fake sysmon logs for Windows

Args:

count (int, optional): The number of logs to generate. Defaults to 21.

Returns:

list: Returns a list of generated SysMon logs