EricZimmerman / evtx

C# based evtx parser with lots of extras

EricZimmerman/evtx Issues

ForwardedEvents.evtx - Evtxecmd.exe processing errors
Updated 2 months ago13
Evtxecmd
Updated 3 months ago1
Pass event ID ranges
Closed 7 months ago3
TODO: Create Sysmon 28/29 Maps
Updated 8 months ago1
Add Regex support for Provider/Channel fields
Closed a year ago12
Error unknown tag to build for OpCode: TokenCharRef2 (0x00000048)
Updated 2 years ago4
Group similar event in the same second
Closed 2 years ago4
UTC vs local timestamp variances in tools
Closed 2 years ago6
Linux support
Closed 2 years ago1
'Process Id' property not properly populated or configurable
Closed 2 years ago3
New map ideas
Closed 3 years ago24
.NET 5 support
Closed 3 years ago2
Nuget package
Closed 3 years ago1
'Provider' must not be empty
Closed 3 years ago3
Integer as string
Updated 3 years ago2
Integer instead of string
Closed 3 years ago2
error parse evtx as the map is empty
Closed 3 years ago3
Parsing issue with WMI 5860
Closed 3 years ago5
Maps: same Channel + Event ID, but different Providers
Closed 3 years ago11
xpath parsing error
Closed 3 years ago9
syntax errors with System1 and System42 maps
Closed 4 years ago5
Cannot search a directory EVTX files stored on deduplicated volume
Closed 4 years ago4
Powershell map to build for later
Closed 4 years ago2
Map to build - Windows PowerShell.evtx
Closed 4 years ago1
event parser
Closed 4 years ago1
Feature: Run under linux (wine)
Closed 4 years ago1
Start date and End date switches do not work correctly
Closed 4 years ago5
EventID qualifiers are throwing off ID inclusion/exclusion
Closed 5 years ago4
JSON: remove nulls and empty strings
Closed 5 years ago2
License
Closed 5 years ago1
Suggestion: Auto Generate Maps
Closed 5 years ago1
Error
Closed 5 years ago12