WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

can it take json as input ? (question)

splunk-user1 opened this issue · comments

I have evtx saved as json. Noticed in your blog that you convert evtx to json, before searching thru them. Is it possible to feed json directly ? Thanks

@splunk-user1

Currently chainsaw can only take in event logs in their original evtx format. Down the line I might look at implementing the ability to ingest event logs in JSON format if there's anough demand for it. I'm going to close this issue for now.