From 17c18772b31b7ad330876e5efeba1b4f066b1582 Mon Sep 17 00:00:00 2001 From: Phill Moore Date: Fri, 16 Aug 2024 20:15:06 +1000 Subject: [PATCH 1/2] add block parser --- Modules/Apps/block-parser-zipped.mkape | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Modules/Apps/block-parser-zipped.mkape diff --git a/Modules/Apps/block-parser-zipped.mkape b/Modules/Apps/block-parser-zipped.mkape new file mode 100644 index 000000000..af92c7c65 --- /dev/null +++ b/Modules/Apps/block-parser-zipped.mkape @@ -0,0 +1,15 @@ +Description: Block Parser Zipped +Category: EventLogs +Author: Phill Moore +Version: 1.0 +Id: cb817a29-bab0-4051-ac7d-7019d6e2ac65 +BinaryUrl: https://github.com/randomaccess3/block-parser +ExportFormat: zip +Processors: + - + Executable: block-parser.exe + CommandLine: -o %destinationDirectory% -z "%sourceDirectory%\Windows\system32\winevt\logs\Microsoft-Windows-PowerShell%4Operational.evtx + ExportFormat: zip + +# Documentation +# https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html \ No newline at end of file From f7237d4df0fee56326e80a5811120fa762ac8098 Mon Sep 17 00:00:00 2001 From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com> Date: Fri, 16 Aug 2024 08:09:54 -0400 Subject: [PATCH 2/2] Update block-parser-zipped.mkape add newline --- Modules/Apps/block-parser-zipped.mkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Apps/block-parser-zipped.mkape b/Modules/Apps/block-parser-zipped.mkape index af92c7c65..013a188aa 100644 --- a/Modules/Apps/block-parser-zipped.mkape +++ b/Modules/Apps/block-parser-zipped.mkape @@ -12,4 +12,4 @@ Processors: ExportFormat: zip # Documentation -# https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html \ No newline at end of file +# https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html