-
Sysmon v12 added event ID 24 which is a ClipboardChanged event. The Winlogbeat Sysmon module should be updated to handle this event ID.
When the clipboard changes the contents are archived to file …
-
When using the latest Docker image, if you upload new data it does not remove the example data already loaded in the Docker image. This means you have both your uploaded data and the example data mixe…
-
The drop_event processor is not taking affect even though the config tests ok. I have also tried -equals.winlog.event_data.ProcessName:
```
#-------------------------- Windows Logs To Collect ----…
-
Sysmon event ID 24 and 25 are missing from winlogbeat-sysmon.js
-
Hello there
I am using FIM partition with Wazuh 4.0.
I want it to ignore ~ $ .xlsx files, but with no success
~ $ as ssdd.xlsx
I wonder how can I edit the part below
. log $ | .htm $ | …
-
Hi guys,
first of all congratulations for your effort and time spended with the code.
I'm just getting into your software so you can consider me a first time user, feel free to enlight me if I'm…
-
I wanted to test the parser without the concurrency. To my surprise the `Events()` method does not return any events. I suspect this is related to the issue in the comments of `FastEvents()` method:
…
-
I used rga-fzf to search for a xml file. That file had a powershell script in it. When clicking on enter to open the file, the powershell script got executed which wasn't intended as it was malicious …
-
Because of the strict file checks, it is not always possible to libevtx (and thus plaso etc.) to parse recovered EvtX files (i.e. via dumpfiles in volatility)
e.g. using https://github.com/williba…
-
This was reported to me a while back, and appears identical to the discussion at https://www.daz3d.com/forums/discussion/243216/getting-a-fatal-error-on-launch-solved - the Intel OpenCL driver seems q…