-
-
Notifications
You must be signed in to change notification settings - Fork 7
CommandLine Inputs Args for local usage
Ceramicskate0 edited this page Apr 28, 2019
·
10 revisions
SWELF will only accept command line inputs for certain reasons.
- Read EVTX Files and output and findings as a csv file in it runing DIR unless otherwise specified.
- Dissolve after remote deployment
- Its passed Help command
- App is run and told to output findings to CSV instead of send to event log forwarder
| Search Command | Example | Notes |
|---|---|---|
| -EVTX_File | -EVTX_File C:....\evtx.evtx | Filepath to EVTX file |
| -Output_CSV | -Output_CSV C:....\Fileoutput.csv | Output matching logs as CSV. If no file path provided it will output in CWD |
| -Dissolve | -Dissolve | Try to Disolve app when its complete |
| -Search_Terms | -Search_Terms C:\Searchs.txt | FileMust be the same as Search.txt when app is installed |
| -Find | -Find SEARCHTERM | Search EVTX file for the single SEARCHTERM |
| -Evtx_folder | -Evtx_folder C:....\folername\ | Sysmon and Security Log Only |
SWELF.exe -EVTX_File C:\Filepath\SuspiciousWindowsEvntLog.evtx -OutputCSV Findings.csv -Search_Terms C:\Filepath\Search.txt
SWELF.exe -EVTX_File C:\Filepath\SuspiciousWindowsEvntLog.evtx -OutputCSV C:\FilePath\FleName.csv -Find SEARCHTERMTOFIND detected
SWELF.exe -EVTX_Folder C:\Filepath\ -OutputCSV C:\FilePath\FleName.csv -Search_Terms C:\Filepath\Search.txt
SWELF.exe -EVTX_File C:\Filepath\SuspiciousWindowsEvntLog.evtx -OutputCSV Findings.csv -Find detected -Dissolve
- Home
- How it Works
- Knowledge Base
- Configuration
- Searchs
- Plugins
- Usage
- Extras
- SWELF Logging
- SWELF Development