-
i see the below error when running the script
python3 event2timeline.py -e -f Security.evtx
File "event2timeline.py", line 51
except Exception, e:
^
SyntaxError: invalid…
-
Evtx'es have a property "InstanceID" which is related to EventID:
> InstanceID is not EventID, but can be:
> The InstanceId property uniquely identifies an event entry for a configured event sou…
-
After upgrading to Elastic 8.14.3 older versions of the pipelines used for EVTX don't exist. We need to update the version for each supported type for EVTX.
-
# evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
Файл с событиями можно [скачать тут 🔗](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/raw/master/Defense%20Evasion/evasion_codeinj_odzhan_co…
-
logontracer for large log files is too slow ,is there a way to accelerate the speed?
-
It might be useful to support [Event Log](https://docs.microsoft.com/en-us/windows/win32/wes/windows-event-log) as a source on Windows platform.
As a first step, we need a specification to better u…
ghost updated
2 months ago
-
Hey guys,
I have observed that the latest version of Chainsaw no longer seems to report Microsoft Defender/AV detection.
I ran both v2.9.0 and v2.8.0 on the same log set, which I know contains…
-
Background Intelligent Transfer Service (BITS) is used for persistence.
Two sources:
Microsoft-Windows-Bits-Client/(Microsoft-Windows-Bits-Client/Operational.evtx
AND
qmgr[??].dat
REF: htt…
-
From [Microsoft Docs](https://docs.microsoft.com/en-us/windows/win32/fileio/change-journals):
> [T]he NTFS file system maintains an update sequence number (USN) change journal. When any change is m…
m1435 updated
2 years ago
-
I have been poking at the code, trying to parse various EVTX logs, using latest github releases.
Works very good for the 4 standard logs, compiles as static, GREAT!
The one thing that stumbled me is …