Conversion of the Event log int a WDAC Policy XML file was unsuccessful #381
Replies: 3 comments 4 replies
-
|
Hi @Ross-Curley, can you please share the evtx file with me so I can verify the issue? Thanks |
Beta Was this translation helpful? Give feedback.
-
|
ForwardedEvents.zip |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. I am going to create a bug for this case. I don't see any reason why these events should not parse. |
Beta Was this translation helpful? Give feedback.
-
|
thanks for your help |
Beta Was this translation helpful? Give feedback.
-
|
To confirm my assumptions, do you use Windows event forwarding to generate these evtx files like the one you shared? It appears the service converts everything to a string (which was the reason for the bug) |
Beta Was this translation helpful? Give feedback.
-
|
yes, we're forwarding the code integrity logs to a central server. is there a better way to collect logs from multiple machines? |
Beta Was this translation helpful? Give feedback.
-
|
@jgeurten is there an update on this? |
Beta Was this translation helpful? Give feedback.
-
I've Deployed WDAC in Audit mode and have started collecting logs with windows event forwarding. When I try to parse the .evtx I get a none specific error can anyone tell me what could be the issue?
Beta Was this translation helpful? Give feedback.
All reactions