dissect.target.plugins.os.windows.log.agentexecutor¶
Module Contents¶
Classes¶
Parse Microsoft Intune AgentExecutor logs. |
Attributes¶
- dissect.target.plugins.os.windows.log.agentexecutor.AgentExecutorLogRecord¶
- dissect.target.plugins.os.windows.log.agentexecutor.LOG_PATTERN¶
- class dissect.target.plugins.os.windows.log.agentexecutor.AgentExecutorLogPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.PluginParse Microsoft Intune AgentExecutor logs.
The AgentExecutor log file captures script execution and system management activity from the Microsoft Intune Management Extension agent. This plugin parses structured entries and converts them into records suitable for timeline and forensic analysis.
- DEFAULT_LOG_PATH = 'sysvol/ProgramData/Microsoft/IntuneManagementExtension/Logs/AgentExecutor.log'¶
- check_compatible() None¶
Verify that the AgentExecutor log file exists within the target.
- Raises:
UnsupportedPluginError – If the expected log file does not exist.
- agentexecutor() collections.abc.Iterator[AgentExecutorLogRecord]¶
Parse the AgentExecutor.log and yield structured records.
Extracts timestamp, message, context, thread, and type information from the AgentExecutor log and yields normalized structured records.
- Yields:
AgentExecutorLogRecord – A structured representation of each log entry.