Skip to content
/ mplog_parser Public

This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.

License

MIT license
12 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Intrinsec/mplog_parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
mplog_parser
mplog_parser
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Mplog-Parser

Mplog-Parser parses Microsoft Protection log files to provide CSV files containing useful information to forensic investigators.

Build

Run the following command line with admin privileges :

pip install -U .

Usage

usage: mplog_parser [-h] [-d DIRECTORY] [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory DIRECTORY
                        Location of directory containing log files. NB: Admin rights are needed to access Windows Defender folder (default: C:\ProgramData\Microsoft\Windows Defender\Support\).  When specifying a custom directory, file names must be written following *MPLog-* pattern.
  -o OUTPUT, --output OUTPUT
                        Location of output folder. (default: None)

About

This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

12 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages