Skip to content

Output Display & Summary

Progress Bar

The progress bar will only work with multiple evtx files. It will display in real time the number and percent of evtx files that it has finished analyzing.

Color Output

The alerts will be outputted in color based on the alert level. You can change the default colors in the config file at ./config/level_color.txt in the format of level,(RGB 6-digit ColorHex). If you want to disable color output, you can use -K, --no-color option.

Results Summary

Total events, the number of events with hits, data reduction metrics, total and unique detections, dates with the most detections, top computers with detections and top alerts are displayed after every scan.

Detection Fequency Timeline

If you add the -T, --visualize-timeline option, the Event Frequency Timeline feature displays a sparkline frequency timeline of detected events. Note: There needs to be more than 5 events. Also, the characters will not render correctly on the default Command Prompt or PowerShell Prompt, so please use a terminal like Windows Terminal, iTerm2, etc...