Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
The "not_in_log" search needs to be revised. I should look for evemt logs with data in them and then remove the ones that contain the NOT data in them. Im thinking using the search_multiple like logic with a whitelist option
The "not_in_log" search needs to be revised. I should look for evemt logs with data in them and then remove the ones that contain the NOT data in them. Im thinking using the search_multiple like logic with a whitelist option