Skip to content
/ mplog_parser Public

This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.

License

MIT license
9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Intrinsec/mplog_parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
mplog_parser
mplog_parser
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Mplog-Parser

Mplog-Parser parses Microsoft Protection log files to provide CSV files containing useful information to forensic investigators.

Build

Run the following command line with admin privileges :

pip install -U .

Usage

usage: mplog_parser [-h] [-d DIRECTORY] [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory DIRECTORY
                        Location of directory containing log files. NB: Admin rights are needed to access Windows Defender folder (default: C:\ProgramData\Microsoft\Windows Defender\Support\).  When specifying a custom directory, file names must be written following *MPLog-* pattern.
  -o OUTPUT, --output OUTPUT
                        Location of output folder. (default: None)

About

This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

9 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages