Is there a way to output Event Data from powershell output to .csv file from sigma rules? #151
-
|
Hey I love this tool, thanks for making it. I was wondering if it's possible to output the same columns found in the powershell output (particularly Event Data fields) to a csv? Would be super useful and I'm not seeing a way how... thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hey @jv2k4ever, so the Sigma mapping file (assuming you are using
You can tweak the mapping file to output the columns that are relevant to you by changing the
The reason that the
|
Beta Was this translation helpful? Give feedback.
-
|
Awesome, thanks so much for responding, this is great. I actually figured out what I needed , when I exported the .csv the event data field in excel is just the following "---" in the cells (i mistakenly thought this was blank), I realized all I had to do was go into Home - Format - and set both "autofill row height" and "autofit column width" and the event data is available. Feel free to close this out : ] |
Beta Was this translation helpful? Give feedback.
Hey @jv2k4ever, so the Sigma mapping file (assuming you are using
sigma-event-logs-all.yml) is generic and thus will output all the event data into 'Event Data' column, this should also happen with CSV output.You can tweak the mapping file to output the columns that are relevant to you by changing the
visibleflag fromfalsetotrue.The reason that the
PowerShell Scriptfile has tailored columns is because that is generated by a Chainsaw rule and not a Sigma rule, where the important columns are defined within the rule.