Windows

• Create json from windows event logs
• Filter → Analyse in visidata

# in folder with evtx
# --user 1001:1001
docker run -rm -it -v ./:/data -v ./output:/output tabledevil/hayabusa
 
 
vd ~.json
# scroll to criticality
strg-f 
#