EricZimmerman evtx issues

EricZimmerman / evtx

C# based evtx parser with lots of extras

MIT License

282 stars 59 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

EVTX-Possible bug

#241 bluDuckB3ar opened 1 month ago
3
add image to executableinfo

#240 randomaccess3 closed 2 months ago
0
Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows

#239 dependabot[bot] closed 2 months ago
0
Sysmon 28 and 29 Maps

#238 reece394 closed 5 months ago
0
Windows Security Center State Changed Map

#237 reece394 closed 5 months ago
0
Antivirus Maps

#236 reece394 closed 5 months ago
0
System Name Changed 6011 Map

#235 reece394 closed 5 months ago
0
Screenconnect maps

#234 randomaccess3 closed 6 months ago
0
Evtxecmd

#233 Net4u13 closed 5 months ago
1
avoid CS0104 error on linux, make namespaces unabiguous

#232 fwacrtnty closed 1 year ago
1
update nuget, add logic to solve https://github.com/EricZimmerman/evtx/issues/230

#231 AndrewRathbun closed 1 year ago
1
Pass event ID ranges

#230 gregkutzbach closed 1 year ago
3
Update Microsoft-Windows-SMBServer-Security_Microsoft-Windows-SMBServ…

#229 AndrewRathbun closed 1 year ago
0
Update YAML Linter

#228 AndrewRathbun closed 1 year ago
0
add radius logins

#227 randomaccess3 closed 1 year ago
0
update hyperv maps

#226 randomaccess3 closed 1 year ago
1
update dependencies

#225 AndrewRathbun closed 1 year ago
0
TODO: Create Sysmon 28/29 Maps

#224 AndrewRathbun closed 5 months ago
1
Update and rename Microsoft-Windows-Hyper-V-VMMS-Admin_Microsoft-Wind…

#223 randomaccess3 closed 1 year ago
0
Update verify.yml - v2 to v3

#222 AndrewRathbun closed 1 year ago
1
add CiscoSecureEndpoint Maps (100,1300,1310)

#221 AndrewRathbun closed 1 year ago
0
Create PowerShellCore-Operational_PowerShellCore_4104.map

#220 AndrewRathbun closed 1 year ago
0
Create Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windo…

#219 AndrewRathbun closed 1 year ago
0
kaspersky av logs

#218 randomaccess3 closed 1 year ago
4
Create Application_ESENT_216.map

#217 AndrewRathbun closed 1 year ago
0
remove spaces to be consistent with System:1

#216 AndrewRathbun closed 1 year ago
0
Add Regex support for Provider/Channel fields

#215 AndrewRathbun closed 1 year ago
12
Bump Newtonsoft.Json from 13.0.1 to 13.0.2 in /EvtxECmd

#214 dependabot[bot] closed 1 year ago
1
Event 4625 - Update of Codes

#213 CluelessAtCoding closed 1 year ago
0
Fix MS-W-TS-Gateway-Op-* RemoteHost field

#212 austinlg96 closed 1 year ago
1
replaced deadlink

#211 randomaccess3 closed 1 year ago
0
Create Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Fire…

#210 AndrewRathbun closed 2 years ago
0
Sysmon 27 FileBlockExecutable

#209 forensenellanebbia closed 2 years ago
0
Error unknown tag to build for OpCode: TokenCharRef2 (0x00000048)

#208 maysara opened 2 years ago
4
Fixed Channel and Description

#207 esecrpm closed 2 years ago
0
Update documentation for 280ish Maps

#206 AndrewRathbun closed 2 years ago
1
Update Security and RdpCoreTS documentation

#205 AndrewRathbun closed 2 years ago
1
Create Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_…

#204 AndrewRathbun closed 2 years ago
0
New maps for NTDS/Computer account creation/MSSQLSERVER events

#203 forensenellanebbia closed 2 years ago
0
Minor updates of 1006-4624-4648-5379-30807

#202 forensenellanebbia closed 2 years ago
0
New maps

#201 forensenellanebbia closed 2 years ago
0
Deletion of old VHDMP maps and upload of new legacy/current maps

#200 forensenellanebbia closed 2 years ago
2
Update Microsoft-Windows-TerminalServices-RDPClient-Operational_Micro…

#199 forensenellanebbia closed 2 years ago
0
Performance Operational Degradation

#198 RandyRandleman closed 2 years ago
1
YAML linter fixes

#197 AndrewRathbun closed 2 years ago
0
GPO

#196 RandyRandleman closed 2 years ago
2
GPO

#195 RandyRandleman closed 2 years ago
0
Group Policy

#194 RandyRandleman closed 2 years ago
1
UTC vs local timestamp variances in tools

#193 RduMarais closed 2 years ago
6
Create Microsoft-Windows-WMI-Activity-Operational_Microsoft-Windows-W…

#192 CluelessAtCoding closed 2 years ago
0