Merge pull request #956 from randomaccess3/master

add block parser

Modules/Apps/block-parser-zipped.mkape

@@ -0,0 +1,15 @@
+Description: Block Parser Zipped
+Category: EventLogs
+Author: Phill Moore
+Version: 1.0
+Id: cb817a29-bab0-4051-ac7d-7019d6e2ac65
+BinaryUrl: https://github.com/randomaccess3/block-parser
+ExportFormat: zip
+Processors:
+    -
+        Executable: block-parser.exe
+        CommandLine: -o %destinationDirectory% -z "%sourceDirectory%\Windows\system32\winevt\logs\Microsoft-Windows-PowerShell%4Operational.evtx
+        ExportFormat: zip
+
+# Documentation
+# https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html