sukster
commented
3 years ago Please ignore this issue. I found a way to do this using Winlogbeat from Elastic.
Closed sukster closed 3 years ago
sukster
commented
3 years ago Please ignore this issue. I found a way to do this using Winlogbeat from Elastic.
Hello Roberto,
First thank you for building Mordor and providing scripts which we can use to build our own datasets! I was able to use the Mordor-WinEvents.ps1 successfully with the native Windows logs but I also wonder if this script could be also used to convert some pre-recorded .evtx files into .json. For example this one: https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/raw/master/Persistence/persistence_security_dcshadow_4742.evtx
Is this possible at the moment? I was not able to figure out how.
Thanks! Ludek