Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Convert evtx to json
./evtx_dump -o jsonl -t 1 -f Security.json Security.evtx
Sample Output:
TO-DORef: evtx_dump
Check number of logs
wc -l Security.json
Sample Output:
TO-DOSecurity
Check computer name
cat Security.json | jq '.Event.System.Computer' -r | sort | uniq -c | sort -nr
Sample Output:
TO-DOOverview of event logs
cat Security.json | jq '.Event.System.EventID' | sort | uniq -c | sort -nr
Sample Output:
TO-DOCheck specific event
cat Security.json | jq 'select(.Event.System.EventID==4624)'
Sample Output:
TO-DO