Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request - Parsing event log xml file #63

Closed
dfirhoze opened this issue Feb 17, 2022 · 2 comments
Closed

Feature Request - Parsing event log xml file #63

dfirhoze opened this issue Feb 17, 2022 · 2 comments
Assignees
@alexkornitzer
Labels
enhancement New feature or request

Comments

@dfirhoze
Copy link

Wondering if there is a way to parse an XML file of event logs that may have been extracted from memory with volatility or
Willi Ballenthin's evtxtract. Not able to find a method to extract the individual logs from the xml, but if this feature could be added to the tool, that'd be awesome! Thanks!
@alexkornitzer
Copy link
Collaborator

We would need to add in an xml parser in order to do this. I am not sure how flexible the current design of the code is to enable that though. Also I think this idea might have been shot down in the past. But i'll have a look to see how viable it is.

@alexkornitzer alexkornitzer self-assigned this Feb 17, 2022
@alexkornitzer alexkornitzer added the enhancement New feature or request label Feb 17, 2022
@alexkornitzer
Copy link
Collaborator

Okay so an XML parser is now in for v2.0.0-alpha.3. I have not thoroughly tested it but it should work. Please not that a new mapping file would need to be written to hunt on this data as the field names and format will be different to that of the evtx parser.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexkornitzer alexkornitzer

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexkornitzer @dfirhoze