Analyze Windows Event Logs for Security Threats

Upload .evtx logs from Windows servers, endpoints, or domain controllers. Detect brute force, privilege escalation, PowerShell abuse, persistence, and lateral movement — every finding mapped to MITRE ATT&CK.

Windows ServerDomain ControllersEndpointsSysmon

Analyze EVTX Logs Free — click or drag and drop

.evtx or .zip — up to 50 MB

Detects

Brute force attempts

Persistence techniques

Privilege escalation

Suspicious account activity

PowerShell abuse

Defender alerts

→ See a sample analysis first

Free · No account required · Files auto-deleted after analysis

Sample analysis output

eventpeeker.com/analysis/…

At Risk

3 critical · 2 high · DC01.corp.local

Credential AccessPersistence

criticalDSRM password reset — domain controller backdoorT1098

critical47 failed logins in 5 min — brute-force attackT1110

highDomain Admins group membership changeT1098

Attack chain detected

Brute force → privilege escalation → DSRM backdoor → audit log cleared

How it works

1UploadDrop a .evtx file — Security, System, or PowerShell log. No account required.

2DetectPattern-based rules map findings to MITRE ATT&CK — brute force, LSASS, persistence, lateral movement.

3InvestigateExpand any finding for investigation steps, false positive context, and linked detection guides.

Looking for a specific attack technique? Lateral movement, credential dumping, PowerShell abuse, failed logon spikes — or browse all 35 detection guides.