-
Hello
i have generated an obfuscated command using Invoke-Obfuscation. and can see the scriptblock log 4101 in the event log.
![image](https://user-images.githubusercontent.com/5006200/41641653-a5b…
-
Hi,
I have the following JSON format:
{"dst_host": "159.65.224.130", "dst_port": 23, "honeycred": false, "local_time": "2019-01-23 11:57:11.834296", "logdata": {"PASSWORD": "1111", "USERNAME": "…
-
Hello. We have cases where we need to process .evtx shared with us retroactively.
Is it possible to achieve this using Seq.Client.EventLog and how?
If not, are you interested in PRs for this case?
-
Hi there,
I haven't seen anything in the project which involves replaying winlogbeat events to make sure the events are correctly enriched and processed in ES. This will also help measuring if the al…
-
See https://dragos.com/blog/20180717EvtxToElk.html
-
Can the wazuh agent collect Windows event logs that do not depend on the language of the operating system?
And the wazuh agent can translate the evtx records to text format?
if the client uses t…
-
ParallelFox working great for many years.
Recently updated Windows and now get the attached event. Sorry i cannot attach event
https://www.dropbox.com/s/36l3ln0uuccu8wz/crash.evtx?dl=0
If we retr…
-
Old `.evtx` logs may be found in the Volume Shadow Copy Service backups so it would be nice to have a `--scan-vss-backups` option that is used when Hayabusa is doing a live analysis with `-l` in orde…
-
First of all thanks for all of your kick-A tools. This one must be everyone's favorite for exploring ETW providers.
One or two additional search features would be great addition though IMHO.
The a…
-
I develop a KSY for new [Windows event log file format](https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc#value_types) (*.evtx). The part of that …