countercept / chainsaw

Rapidly Search and Hunt through Windows Event Logs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

can it take json as input ? (question)

splunk-user1 opened this issue · comments

I have evtx saved as json. Noticed in your blog that you convert evtx to json, before searching thru them. Is it possible to feed json directly ? Thanks

@splunk-user1

Currently chainsaw can only take in event logs in their original evtx format. Down the line I might look at implementing the ability to ingest event logs in JSON format if there's anough demand for it. I'm going to close this issue for now.

ezoic increase your site revenue