# python3 APT-Hunter.py -h

 

usage: APT–Hunter.py [–h] [–p PATH] [–o OUT] [–t {csv,evtx}]

–h, —help show this help message and exit

–p PATH, —path PATH path to folder containing windows event logs generated by the APT–Hunter–Log–Collector.ps1

–o OUT, —out OUT output file name

–t {csv,evtx}, —type {csv,evtx} csv ( logs from get–eventlog or windows event log GUI or logs from Get–WinEvent ) , evtx ( EVTX extension windows event log )

—security SECURITY Path to Security Logs

—system SYSTEM Path to System Logs

—scheduledtask SCHEDULEDTASK Path to Scheduled Tasks Logs

—defender DEFENDER Path to Defender Logs

—powershell POWERSHELL Path to Powershell Logs

—powershellop POWERSHELLOP Path to Powershell Operational Logs

—terminal TERMINAL Path to TerminalServices LocalSessionManager Logs

—winrm WINRM Path to Winrm Logs

—sysmon SYSMON Path to Sysmon Logs

–p : provide path to directory containing the extracted using the powershell log collectors ( windows–log–collector–full–v3–CSV.ps1 , windows–log–collector–full–v3–EVTX.ps1 ) .

–o : name of the project which will be used in the generated output sheets

–t : the log type if its CSV or EVTX