[FR] The possibility to remove a EVTX or File after analyze

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

671 stars 91 forks source link

[FR] The possibility to remove a EVTX or File after analyze #51

Closed V1D1AN closed 1 year ago

V1D1AN commented 1 year ago

Hello Zircolite team,

Can you add a feature for Zircolite, even if this feature will not be understood by everyone, can you add the possibility to delete the file after its analysis. A bit like "logstash" with its "file_completed_action => "delete" option

A option like "--remove".

Thanks for your software and your jobs

@+ wagga :)

wagga40 commented 1 year ago

Hello, Thanks for your request ! Done in https://github.com/wagga40/Zircolite/commit/8f39b6bd447b2dcc3aaecbd433b91c4d77873b64