Title
#windows
s

SecOpsFTW

11/19/2018, 11:06 PM
@packetzero Yes, the rest of the log is formatted right, but under the
data
column, I see something like this:
:{"data":"{\"EventData\":{\"AuthenticationPackageName\":\"Kerberos\",\"ImpersonationLevel\":
packetzero

packetzero

11/19/2018, 11:29 PM
that looks right. Hard to look at, but you should be able to parse that string with JSON parser.
11:32 PM
if you have ruby installed, run 'irb' to test: