blob: 805459be11706cb006ce15e42516362f29fa4cd1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Ingest EVTX files into a Splunk instance.
This tool is based on the work of :
Omer BenAmram
Blardy
Thanks to Ekto for its contribution.
Key features:
- Splunk HEC support with token auto-creation
- Splunk index auto-creation
- Multiprocessing support
- Caching for evtx reuse without reconverting
- Windows and Linux compatibility
- Rely on the great and fast evtx_dump Rust tool of Omer
- Evtx message resolutions from database
Note: evtx2splunk converts the EVTX to JSON and stores them in a temporary
place. Hence, up to the size of source EVTX can be created during the process.
These files are removed at the end of the process, except if keep_cache is
enabled.
|
