Combine PowerShell Logs into a single artifact

ForensicArtifacts · Mar 6, 2024 · 78beb8a · 78beb8a
1 parent 82a0633
commit 78beb8a
Showing 1 changed file with 2 additions and 12 deletions.
diff --git a/artifacts/data/windows.yaml b/artifacts/data/windows.yaml
@@ -3545,20 +3545,10 @@ sources:
 - type: FILE
   attributes:
     paths:
-    - '%%environ_systemroot%%\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx'
     - '%%environ_systemroot%%\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Admin.evtx'
-    separator: '\'
-supported_os: [Windows]
-urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EventLog.html']
----
-name: WindowsPowerShellLogs2
-doc: Windows PowerShell Logs Part 2
-sources:
-- type: FILE
-  attributes:
-    paths:
-    - '%%environ_systemroot%%\System32\winevt\Logs\Windows PowerShell.evtx'
+    - '%%environ_systemroot%%\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx'
     - '%%environ_systemroot%%\System32\winevt\Logs\PowerShellCore Operational.evtx'
+    - '%%environ_systemroot%%\System32\winevt\Logs\Windows PowerShell.evtx'
     separator: '\'
 supported_os: [Windows]
 urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EventLog.html']