:py:mod:`dissect.target.plugins.os.windows.log.agentexecutor`
=============================================================

.. py:module:: dissect.target.plugins.os.windows.log.agentexecutor




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.log.agentexecutor.AgentExecutorLogPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.log.agentexecutor.AgentExecutorLogRecord
   dissect.target.plugins.os.windows.log.agentexecutor.LOG_PATTERN


.. py:data:: AgentExecutorLogRecord

.. py:data:: LOG_PATTERN

.. py:class:: AgentExecutorLogPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Parse Microsoft Intune AgentExecutor logs.

   The AgentExecutor log file captures script execution and system management
   activity from the Microsoft Intune Management Extension agent.
   This plugin parses structured entries and converts them into records suitable
   for timeline and forensic analysis.


   .. py:attribute:: DEFAULT_LOG_PATH
      :value: 'sysvol/ProgramData/Microsoft/IntuneManagementExtension/Logs/AgentExecutor.log'



   .. py:method:: check_compatible() -> None

      Verify that the AgentExecutor log file exists within the target.

      :raises UnsupportedPluginError: If the expected log file does not exist.



   .. py:method:: agentexecutor() -> collections.abc.Iterator[AgentExecutorLogRecord]

      Parse the AgentExecutor.log and yield structured records.

      Extracts timestamp, message, context, thread, and type information from
      the AgentExecutor log and yields normalized structured records.

      :Yields: *AgentExecutorLogRecord* -- A structured representation of each log entry.