Possibilities to output collection to bodyfile instead of zip

[tateconcepts]

Hello, I am using this for deployment with Microsoft Defender for Endpoint LR and as a lightweight triage and more comprehensive substitute for the MDE collection package on non-line-of-sight assets. There are times when getting an entire image is not going to be possible; therefore, I am curious if it would be possible to output the collection as a body file so one can combine it to create an entire timeline with a complete memory collection. I have a PS wrapper that does both, but with CyLR returning so many artifacts, it seems appropriate to take this next step.

[orlikoski]

Hello! That's a great way to use CyLR. Your use case is why I created the CDQR tool. I'm sorry, I'm not sure if it'll fit your exact use case but it's made to process CyLR outputs, and more. Check it out and see what you think.

…

On Sat, Jul 15, 2023, 9:34 AM tateconcepts ***@***.***> wrote: Hello, I am using this for deployment with Microsoft Defender for Endpoint LR and as a lightweight triage and more comprehensive substitute for the MDE collection package on non-line-of-sight assets. There are times when getting an entire image is not going to be possible; therefore, I am curious if it would be possible to output the collection as a body file so one can combine it to create an entire timeline with a complete memory collection. I have a PS wrapper that does both, but with CyLR returning so many artifacts, it seems appropriate to take this next step. — Reply to this email directly, view it on GitHub <#132>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACHUEHCPDQKMXTLYBSK23HTXQKS5ZANCNFSM6AAAAAA2LKPODU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>