Contents x
    EVTX
    • 30 Oct 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    EVTX

    • Updated on 30 Oct 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Overview

    This Adapter allows you to ingest and convert a .evtx file into LimaCharlie. The .evtx files are the binary format used by Microsoft for Windows Event Logs. This is useful to ingest historical Windows Event Logs, for example during an Incident Response (IR) engagement.

    For real-time collection of Windows Event Logs, see the Windows Event Logs documentation.

    Configurations

    Adapter Type: evtx

    • client_options: common configuration for adapter as defined here.

    • file_path: path to the .evtx file to ingest.

    API Doc

    See the unofficial documentation on EVTX.

    Was this article helpful?
    Related articles
    What's Next