..
    generated, remove this comment to keep this file

``evtx``
========

.. code-block:: console

    $ target-query <path/to/target> -f evtx


.. list-table:: Details
    :widths: 20 80

    * - Module
      - ``os.windows.log.evtx.EvtxPlugin``
    * - Output
      - ``records``

**Module documentation**

Plugin for fetching and parsing Windows Eventlog Files (*.evtx)

**Function documentation**

Return entries from Windows Event log files (*.evtx).

Windows Event log is a detailed record of system, security and application notifications. It can be used to
diagnose a system or find future issues. Up until Windows XP the extension .evt was used, hereafter .evtx
became the new standard.

References:
    - https://www.techtarget.com/searchwindowsserver/definition/Windows-event-log
    - https://serverfault.com/questions/441050/what-are-the-differences-between-windows-evt-and-evtx-log-files

Yields dynamically created records based on the fields in the event.
At least contains the following fields:
    hostname (string): The target hostname.
    domain (string): The target domain.
    ts (datetime): The TimeCreated_SystemTime field of the event.
    Provider_Name (string): The Provider_Name field of the event.
    EventID (int): The EventID of the event.