EricZimmerman/evtx

Issues

• EVTX-Possible bug

  #241 opened 3 months ago by bluDuckB3ar
  3

• Integer as string

  #99 opened 4 years ago by forensenellanebbia
  3

• TODO: Create Sysmon 28/29 Maps

  #224 opened 7 months ago by AndrewRathbun
  1

• Evtxecmd

  #233 opened 7 months ago by Net4u13
  1

• ForwardedEvents.evtx - Evtxecmd.exe processing errors

  #15 opened 5 years ago by BeagleDave
  13

• Pass event ID ranges

  #230 opened a year ago by gregkutzbach
  3

• Add Regex support for Provider/Channel fields

  #215 opened 2 years ago by AndrewRathbun
  12

• Error unknown tag to build for OpCode: TokenCharRef2 (0x00000048)

  #208 opened 2 years ago by maysara
  4

• Group similar event in the same second

  #181 opened 2 years ago by Tapiocapioca
  4

• UTC vs local timestamp variances in tools

  #193 opened 3 years ago by RduMarais
  6

• Linux support

  #136 opened 3 years ago by Eran-YT
  1

• 'Process Id' property not properly populated or configurable

  #179 opened 3 years ago by jball77-git
  3

• New map ideas

  #71 opened 3 years ago by AndrewRathbun
  24

• .NET 5 support

  #134 opened 4 years ago by Eran-YT
  2

• Nuget package

  #133 opened 4 years ago by Eran-YT
  1

• 'Provider' must not be empty

  #118 opened 4 years ago by antmar904
  3

• Integer instead of string

  #98 opened 4 years ago by forensenellanebbia
  2

• error parse evtx as the map is empty

  #90 opened 4 years ago by naderhabbbab
  3

• Parsing issue with WMI 5860

  #64 opened 4 years ago by anelshaer
  5

• Maps: same Channel + Event ID, but different Providers

  #47 opened 4 years ago by karch4n6
  11

• xpath parsing error

  #39 opened 4 years ago by hyuunnn
  9

• syntax errors with System1 and System42 maps

  #28 opened 4 years ago by lawrenpoh
  5

• Cannot search a directory EVTX files stored on deduplicated volume

  #26 opened 4 years ago by StevenShockley
  4

• Powershell map to build for later

  #23 opened 5 years ago by randomaccess3
  2

• Map to build - Windows PowerShell.evtx

  #20 opened 5 years ago by randomaccess3
  1

• event parser

  #22 opened 5 years ago by j2013t2013
  1

• Feature: Run under linux (wine)

  #18 opened 5 years ago by vdun
  1

• Start date and End date switches do not work correctly

  #16 opened 5 years ago by beyefendi
  5

• EventID qualifiers are throwing off ID inclusion/exclusion

  #11 opened 6 years ago by mark-hallman
  4

• JSON: remove nulls and empty strings

  #6 opened 6 years ago by philhagen
  2

• License

  #7 opened 6 years ago by Res260
  1

• Suggestion: Auto Generate Maps

  #2 opened 6 years ago by tomrade
  1

• Error

  #1 opened 6 years ago by Banaanhangwagen
  12