< packetzero> Yes the rest of the log is formatted right but osquery #windows

<@UE75QHFRU> Yes, the rest of the log is formatted...

SecOpsFTW

11/19/2018, 11:06 PM

@packetzero Yes, the rest of the log is formatted right, but under the

data

column, I see something like this:

:{"data":"{\"EventData\":{\"AuthenticationPackageName\":\"Kerberos\",\"ImpersonationLevel\":

packetzero

11/19/2018, 11:29 PM

that looks right. Hard to look at, but you should be able to parse that string with JSON parser.

packetzero

11/19/2018, 11:32 PM

if you have ruby installed, run 'irb' to test:

2 Views