From 0dbd10c6980a7eed90d5c32c32860fdb194124ce Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sun, 11 Apr 2021 19:14:31 +0700
Subject: [PATCH] Add: wagga40/Zircolite to DFIR section

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 8b2c138..bedadd7 100644
--- a/README.md
+++ b/README.md
@@ -1444,6 +1444,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://wazuh.com/">Wazuh</a></td>
         <td>Open Source Host and Endpoint Security</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/wagga40/Zircolite">wagga40/Zircolite</a></td>
+        <td>A standalone SIGMA-based detection tool for EVTX.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td>
         <td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td>