`agentexecutor`¶

$ target-query <path/to/target> -f agentexecutor

Details¶
Module	`dissect.target.plugins.os.windows.log.agentexecutor.AgentExecutorLogPlugin`
Output	`records`

Module documentation

Parse Microsoft Intune AgentExecutor logs.

The AgentExecutor log file captures script execution and system management activity from the Microsoft Intune Management Extension agent. This plugin parses structured entries and converts them into records suitable for timeline and forensic analysis.

Function documentation

Parse the AgentExecutor.log and yield structured records.

Extracts timestamp, message, context, thread, and type information from the AgentExecutor log and yields normalized structured records.

Yields:: AgentExecutorLogRecord: A structured representation of each log entry.

agentexecutor¶

`agentexecutor`¶