search

JPCERTCC / LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log
Other
2.73k stars 443 forks source link

Error when uploading XMLs generated by Logparser #73

Closed blueteam0ps closed 4 years ago

blueteam0ps commented 4 years ago

I used https://www.microsoft.com/en-au/download/details.aspx?id=24659 to convert EVTX to XMLs but LogonTracer throws an error when trying to upload. Is it not supported?

shu-tom commented 4 years ago

Yes, Log Parser is not supported.

blueteam0ps commented 4 years ago

What is your recommend parser to convert standalone security.evtx files obtained from isolated hosts?

eljeffeg commented 4 years ago

@zenmonk It looks like it supports an XML export from Event Viewer.