Extracting Parent-Child process pairs from the Security Event Log

The script collects 4688 events from the event log and extracts parent-child process pairs, converting them finally into CSV.Another tiny script is a tool allowing you to spot parent-child pairs not existing in the reference log you have collected before the attack.

ParentChild.zip
 
 
 
 
 
(0)
19 times
Add to favorites
7/12/2019
E-mail Twitter del.icio.us Digg Facebook
Verified on the following platforms
Windows 10 Yes
Windows Server 2012 Yes
Windows Server 2012 R2 Yes
Windows Server 2008 R2 Yes
Windows Server 2008 Yes
Windows Server 2003 Yes
Windows Server 2016 Yes
Windows 8 Yes
Windows 7 Yes
Windows Vista Yes
Windows XP Yes
Windows 2000 Yes
This script is tested on these platforms by the author. It is likely to work on other platforms as well. If you try it and find that it works on another platform, please add a note to the script discussion to let others know.