mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 17:59:20 -04:00
85d2fe1693
Ingest EVTX files into a Splunk instance. This tool is based on the work of : Omer BenAmram Blardy Thanks to Ekto for its contribution. Key features: - Splunk HEC support with token auto-creation - Splunk index auto-creation - Multiprocessing support - Caching for evtx reuse without reconverting - Windows and Linux compatibility - Rely on the great and fast evtx_dump Rust tool of Omer - Evtx message resolutions from database Note: evtx2splunk converts the EVTX to JSON and stores them in a temporary place. Hence, up to the size of source EVTX can be created during the process. These files are removed at the end of the process, except if keep_cache is enabled.
22 lines
672 B
Text
22 lines
672 B
Text
Ingest EVTX files into a Splunk instance.
|
|
|
|
This tool is based on the work of :
|
|
|
|
Omer BenAmram
|
|
Blardy
|
|
Thanks to Ekto for its contribution.
|
|
|
|
Key features:
|
|
|
|
- Splunk HEC support with token auto-creation
|
|
- Splunk index auto-creation
|
|
- Multiprocessing support
|
|
- Caching for evtx reuse without reconverting
|
|
- Windows and Linux compatibility
|
|
- Rely on the great and fast evtx_dump Rust tool of Omer
|
|
- Evtx message resolutions from database
|
|
|
|
Note: evtx2splunk converts the EVTX to JSON and stores them in a temporary
|
|
place. Hence, up to the size of source EVTX can be created during the process.
|
|
These files are removed at the end of the process, except if keep_cache is
|
|
enabled.
|