evt¶
$ target-query <path/to/target> -f evt
Module |
|
Output |
|
Module documentation
Windows .evt event log plugin.
Function documentation
Parse Windows Eventlog files (*.evt).
Yields dynamically created records based on the fields in the event. At least contains the following fields:
hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The TimeCreated_SystemTime field of the event.
Provider_Name (string): The Provider_Name field of the event.
EventID (int): The EventID of the event.