-
The bug appears to be related to duplicate keys within the map files used by EvtxECmd. Specifically, you are encountering errors when EvtxECmd tries to load the following map files:
Microsoft-Windo…
-
What is the optimal way to ingest offline copies of extracted Windows Event Logs (evtx files) into SOF-ELK?
I love working in SOF-ELK, but I find myself in the situation over and over again, where …
-
Windows security and system logs are processed as .evtx and I believe they are binary XML. These files contain a lot of information about what the system and the processes within are doing. A popula…
-
**Describe the bug**
In a particular environment, the command json-timeline or csv-timeline cannot read the EVTX folder, but can read a file alone.
**Step to Reproduce**
Steps to reproduce the …
-
While working with golang-evtx as a library I was faced with a panic:
```
panic: interface conversion: evtx.Element is *evtx.BinXMLEOF, not *evtx.Fragment
goroutine 824 [running]:
github.com/0xr…
phaag updated
6 years ago
-
Hello Phil,
I've been testing your distribution and love it so far. I have successfully been able to use the SOFELK parser in gkape but I was wondering if it was possible for SOF-ELK to read EVTX …
-
Hello,
it's impossible to import from evtx.parser.....why please ? how to use this one for json strings ? please
-
Hi Team,
I found the following exception when parsing few EVTX files:
```
panic: userdata_flatten_first_value - wrong number of keys
goroutine 515 [running]:
github.com/yarox24/E…
op7ic updated
3 months ago
-
We would like a VQL native EVTX carver.
Scan logical disk using yara for file type headers. Extract bytes and use binary parser for parsing out records/part records.
Windows.Carving.USN is a sim…
-
Creates tests for EVTX parser