steve-offutt
commented
5 years ago I would also like to see this.
Open philhagen opened 6 years ago
steve-offutt
commented
5 years ago I would also like to see this.
fyodorr
commented
5 years ago Have tried this. I think this implementation is to slow and it uses to many different components. Would recommend using:
https://github.com/EricZimmerman/evtx
And a logstash parser. Then you wouldn´t brake your logstash choice and add more complexity. This is important as you use this for education.
philhagen
commented
5 years ago Yes, we'll be adding the evtx handler from @ericZimmerman as soon as some of the JSON is normalized and I can get to the parser. It's awesome so far!!!
See https://dragos.com/blog/20180717EvtxToElk.html