Skip to content

Commit

Permalink
Merge pull request #900 from Qazeer/Mplog-Parser
Browse files Browse the repository at this point in the history
Add Mplog-Parser to parse Windows Defender MPLog
  • Loading branch information
AndrewRathbun authored Jan 31, 2024
2 parents 5be2c52 + a93ad76 commit d420b04
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions Modules/Apps/GitHub/Mplog-Parser.mkape
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Description: 'Mplog-Parser: parses Microsoft Protection log files into CSV files'
Category: Antivirus
Author: Thomas DIOT (Qazeer)
Version: 1.0
Id: 6084c8ab-2059-41a4-89f4-dba2cfdb4bb4
BinaryUrl: https://github.com/Qazeer/mplog_parser-compiled/releases/download/v1.0/mplog_parser.exe
ExportFormat: csv
Processors:
-
Executable: mplog_parser.exe
CommandLine: -d "%SourceDirectory%\ProgramData\Microsoft\Windows Defender\Support" -o "%destinationDirectory%"
ExportFormat: csv

# Documentation
# Mplog-Parser parses Microsoft Protection log files into a number of CSV files.
# mplog_parser source: https://github.com/Intrinsec/mplog_parser
# Compiled version: https://github.com/Qazeer/mplog_parser-compiled
# Information on Windows Defender MPLog:
# https://www.crowdstrike.com/blog/how-to-use-microsoft-protection-logging-for-forensic-investigations/
# https://www.intrinsec.com/hunt-mplogs/
# https://artefacts.help/windows_defender_support_logs.html

0 comments on commit d420b04

Please sign in to comment.