evt#
$ target-query <path/to/target> -f evt
Module |
|
Output |
|
Module documentation
No documentation
Function documentation
Parse Windows Eventlog files (*.evt).
Yields dynamically created records based on the fields in the event. At least contains the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The TimeCreated_SystemTime field of the event. Provider_Name (string): The Provider_Name field of the event. EventID (int): The EventID of the event.