Closed kazuminn closed 4 years ago
DeepBlueCLIのevtxを実行していくとエラー(An error occurred while trying to deserialize evtx stream.)が表示される。
以下、コマンド実行
$ pwd /Users/kazuminn/DeepBlueCLI/evtx $ ls | xargs -L 1 ../../YamatoEventAnalyzer/target/debug/yamato_event_analyzer -f date:"2017-08-30 19:14:24.534748 UTC - 2017-08-30 19:14:24.537128 UTC" record-id: "640738 - 640744" . . . date:"2017-08-30 19:25:20.783764 UTC - 2017-08-30 19:25:48.631790 UTC" record-id: "714840 - 719151" date:"2017-08-30 19:25:48.631790 UTC - 2017-08-30 19:25:48.647009 UTC" record-id: "719151 - 719154" An error occurred while trying to deserialize evtx stream. total_admin_logons:390 admin_logons:{"SYSTEM": {"S-1-5-18": 358}, "IEUser": {"S-1-5-21-3463664321-2923530833-3546627382-1000": 32}} multiple_admin_logons:{"SYSTEM": 1, "IEUser": 1} total_admin_logons:1 admin_logons:{"tbt570": {"S-1-5-21-1552841522-3835366585-4197357653-1004": 1}} multiple_admin_logons:{} total_admin_logons:2 admin_logons:{"SYSTEM": {"S-1-5-18": 2}} multiple_admin_logons:{"SYSTEM": 1} date:"2013-10-23 16:22:39.973500 UTC - 2013-10-23 16:22:40.004750 UTC" record-id: "113 - 116" date:"2016-09-19 16:51:15.033474 UTC - 2016-09-19 16:51:15.075732 UTC" record-id: "3992 - 3994"
すみません。私の環境に変なファイルが混じっていました。
kazuminn
commented
4 years ago kazuminn
commented
4 years ago
DeepBlueCLIのevtxを実行していくとエラー(An error occurred while trying to deserialize evtx stream.)が表示される。
以下、コマンド実行