-
**Plaso version:**
1.4.1_20160912
**Description of problem:**
Plaso could parse more information from remote access (and similar) logs. Namely
- windows:evtx:record : For event 4624 (An account wa…
vlejd updated
3 years ago
-
Hi team,
We have found strange behavior inside Syscheck module, when we configured Syscheck with the following configuration it works as expected:
```
no
5
%WINDIR%\regedit.ex…
-
When i install osu lazer, it installs. But when i try to ruin it, it only opens as a backround app in task manager.
[network.log](https://github.com/ppy/osu/files/5960675/network.log)
[performance…
-
We appreciate your feedback on BaseX. Please mind the following guidelines:
Maybe a feature request is in place here, first a request for direction.
Having to plow throw Microsoft Eventlogs and …
-
Installed Powershell via the suggested commands however I don't seem to have access to Get-WinEvent. The functionality I'm looking for is to take a EVTX file and output to JSON, probably using Convert…
-
Hi
it would be nice to extend the script `windows-log-collector-full-v3-EVTX.ps1` to extract the EVTX files from a remote machine (i.e. Active Directory using domain credentials).
-
I see the example have rules_medium_sysmon_performance_v3.json, so where I can find it
-
Trying to reinstall sickchill after an update failure.
using the 6.0 release on windows 10 version 20H2
Initially watching the installer it was throwing python path warnings. after adding t…
-
Hello Roberto,
First thank you for building Mordor and providing scripts which we can use to build our own datasets! I was able to use the Mordor-WinEvents.ps1 successfully with the native Windows …
-
I am trying this out during post-mortem forensics.
I copy all .evtx files out of my images into a folder and then run APT-Hunter against all the files in the folder.
Only the System and Security…