sof-elk icon indicating copy to clipboard operation
sof-elk copied to clipboard

Published 20 hours ago verified publisher icon philhagen

consider EvtxToElk

Open philhagen opened this issue 6 years ago • 3 comments

See https://dragos.com/blog/20180717EvtxToElk.html

philhagen avatar Jul 20 '18 20:07 philhagen

I would also like to see this.

steve-offutt avatar Oct 31 '18 00:10 steve-offutt

Have tried this. I think this implementation is to slow and it uses to many different components. Would recommend using:

https://github.com/EricZimmerman/evtx

And a logstash parser. Then you wouldn´t brake your logstash choice and add more complexity. This is important as you use this for education.

fyodorr avatar May 24 '19 06:05 fyodorr

Yes, we'll be adding the evtx handler from @ericZimmerman as soon as some of the JSON is normalized and I can get to the parser. It's awesome so far!!!

philhagen avatar May 24 '19 13:05 philhagen