Huge Aggregated EVTX "WEC" #93

Skyw3lker · 2022-12-02T13:25:55Z

Skyw3lker
Dec 2, 2022

I'm trying to get an analysis of Event IDs coming from an aggregated EVTX "Forwarded Events" from WEC server ~30 GB.

Is this is a valid use case for the tool ?!

hitenkoku · 2022-12-05T07:09:33Z

hitenkoku
Dec 5, 2022
Collaborator

@Skyw3lker Thanks for the comment.
We treat it as Int32 by default for large data sizes.

For analysis of evtx files of this size, I recommend using hayabusa(https://github.com/Yamato-Security/hayabusa),
but I will look into whether WELA can also be run on large data without error.

3 replies

hitenkoku Dec 14, 2022
Collaborator

@Skyw3lker Fixed an error in parsing file size when parsing huge data and merged main branch. Can you check if the problem recurs?

3a69c2d

Skyw3lker Dec 17, 2022
Author

@hitenkoku Thank you so much for recommending the AMAZING hayabusa. I made a git pull, still same exact error.

hitenkoku Dec 18, 2022
Collaborator

Thank you for your comment.
I will try to find a large amount of data on my end and see if the same problem occurs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Huge Aggregated EVTX "WEC" #93

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Huge Aggregated EVTX "WEC" #93

Skyw3lker Dec 2, 2022

Replies: 1 comment · 3 replies

hitenkoku Dec 5, 2022 Collaborator

hitenkoku Dec 14, 2022 Collaborator

Skyw3lker Dec 17, 2022 Author

hitenkoku Dec 18, 2022 Collaborator

Skyw3lker
Dec 2, 2022

Replies: 1 comment 3 replies

hitenkoku
Dec 5, 2022
Collaborator

hitenkoku Dec 14, 2022
Collaborator

Skyw3lker Dec 17, 2022
Author

hitenkoku Dec 18, 2022
Collaborator