Possible to convert .evtx log files with Mordor-WinEvents.ps1?

[sukster]

Hello Roberto,

First thank you for building Mordor and providing scripts which we can use to build our own datasets! I was able to use the Mordor-WinEvents.ps1 successfully with the native Windows logs but I also wonder if this script could be also used to convert some pre-recorded .evtx files into .json. For example this one:
https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/raw/master/Persistence/persistence_security_dcshadow_4742.evtx

Is this possible at the moment? I was not able to figure out how.

Thanks! Ludek

[sukster]

Please ignore this issue. I found a way to do this using Winlogbeat from Elastic.