For a client i need to parse a few gigabytes of ms eventlogs in .evtx format.
This to build a timeline of events. Is there an ongoing effort to make this possible with rocknsm ? to me it is a feature missing everywhere. I’ve looked at logontracer and timesketch which both are promising.
Br,
Joris
ROCK is a Network Security Monitor (the NSM part of RockNSM). It’s not a log parser.
That said, you can use Winlogbeat and send the data to the Elasticsearch instance for ROCK.
I’ve thought about that, it would require me to write a dashboard to make sense of it. MS Windows eventlog analysis can be very complex.
Check this out.