Sealighter
Sealighter copied to clipboard
pathtofile
Sysmon-Like research tool for ETW
Using the provided default config file will raise an exception.. https://github.com/pathtofile/Sealighter/blob/main/docs/CONFIGURATION.md#kernel_traces ``` { "session_properties": { "session_name": "My-Process-Trace", "output_format": "stdout", "buffering_timout_seconds": 10 }, "user_traces": [ { "trace_name": "proc_trace", "provider_name": "Microsoft-Windows-Kernel-Process", "keywords_any":...
I'm curious to see if you have any ideas why this provider Microsoft-Windows-Security-Auditing aka EventLog-Security aka Security log won't work with sealighter. I don't see any events when running this...
Hi, thank you for this cool project. Just wondering about the license for it, could that be added?
Call FileTimeToLocalFileTime before calling FileTimeToSystemTime to correct the time zone of FILETIME std::string convert_filetime_string ( const FILETIME from ) { SYSTEMTIME stime; FILETIME localFileTime; FileTimeToLocalFileTime(std::addressof(from), std::addressof(localFileTime)); ::FileTimeToSystemTime(std::addressof(localFileTime), std::addressof(stime)); std::string to...
