https://github.com/osquery/osquery logo
Powered by
#windows
Title
# windows
s

SecOpsFTW

11/19/2018, 11:06 PM
@packetzero Yes, the rest of the log is formatted right, but under the 
data
column, I see something like this: 
:{"data":"{\"EventData\":{\"AuthenticationPackageName\":\"Kerberos\",\"ImpersonationLevel\":
p

packetzero

11/19/2018, 11:29 PM
that looks right. Hard to look at, but you should be able to parse that string with JSON parser.
if you have ruby installed, run 'irb' to test:
2 Views
Powered by