https://github.com/osquery/osquery logo
Title
s

SecOpsFTW

11/19/2018, 11:06 PM
@packetzero Yes, the rest of the log is formatted right, but under the
data
column, I see something like this:
:{"data":"{\"EventData\":{\"AuthenticationPackageName\":\"Kerberos\",\"ImpersonationLevel\":
p

packetzero

11/19/2018, 11:29 PM
that looks right. Hard to look at, but you should be able to parse that string with JSON parser.
if you have ruby installed, run 'irb' to test: