Skip to content

Commit

Permalink
Added PowerShell Windows XML Event Log definition (#618)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ewalshmndt
ewalshmndt authored Mar 8, 2024
1 parent b275745 commit dcb57f8
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions artifacts/data/windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3499,6 +3499,20 @@ sources:
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EventLog.html']
---
name: WindowsXMLEventLogPowerShell
doc: PowerShell Windows XML Event Logs.
sources:
- type: FILE
attributes:
paths:
- '%%environ_systemroot%%\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Admin.evtx'
- '%%environ_systemroot%%\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx'
- '%%environ_systemroot%%\System32\winevt\Logs\PowerShellCore Operational.evtx'
- '%%environ_systemroot%%\System32\winevt\Logs\Windows PowerShell.evtx'
separator: '\'
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EventLog.html']
---
name: WindowsXMLEventLogSecurity
doc: Security Windows XML Event Log.
sources:
Expand Down

0 comments on commit dcb57f8

Please sign in to comment.