MENU
      Contents x
      EVTX
      • 12 Feb 2023
      • 1 Minute to read
      • Print
      • Dark
      Contents
        This documentation version is deprecated, please click here for the latest version.

      EVTX

      • Updated on 12 Feb 2023
      • 1 Minute to read
      • Print
      • Dark
      Article summary

      Overview

      This adapter allows you to ingest and convert a .evtx file into LimaCharlie. The .evtx files are the binary format used by Microsoft for Windows Event Logs. This is useful to ingest historical Windows Event Logs, for example during an Incident Response (IR) engagement.

      For real-time collection of Windows Event Logs, see the Windows Event Logs documentation.

      Configurations

      Adapter Type: evtx

      • client_options: common configuration for adapter as defined here.
      • file_path: path to the .evtx file to ingest.

      API Doc

      See the unofficial documentation on EVTX.

      Was this article helpful?
      What's Next