I'm working internally since a few years in my company on a library providing programmatic access to .mans files since redline is awful and we needed some automation. so far I'm able to ship their data to elasticsearch as well as anywhere else (an dataframe, an excel, etc), and we have analyser scripts performing ad-hoc tasks (figuring out the calling process chain, presenting a subset of .mans data, etc).
I've been checking your code then and so whenever hitting a problem in the .mans data ( broken xml, questionable schema, new fields (you probably didn't get the decodedCmdLine new processEvent field), etc.).
Is the project still alive ? Did you move to a cheaper edr like sysmon & evtx ? Cheers !
hi, is version 2.0 still on the way ?
I'm working internally since a few years in my company on a library providing programmatic access to .mans files since redline is awful and we needed some automation. so far I'm able to ship their data to elasticsearch as well as anywhere else (an dataframe, an excel, etc), and we have analyser scripts performing ad-hoc tasks (figuring out the calling process chain, presenting a subset of .mans data, etc).
I've been checking your code then and so whenever hitting a problem in the .mans data ( broken xml, questionable schema, new fields (you probably didn't get the decodedCmdLine new processEvent field), etc.).
Is the project still alive ? Did you move to a cheaper edr like sysmon & evtx ? Cheers !
poke @biggiesmallsAG