Huge Aggregated EVTX "WEC"

[Skyw3lker]

I'm trying to get an analysis of Event IDs coming from an aggregated EVTX "Forwarded Events" from WEC server ~30 GB.

Is this is a valid use case for the tool ?!

[hitenkoku]

@Skyw3lker Thanks for the comment.
We treat it as Int32 by default for large data sizes.

For analysis of evtx files of this size, I recommend using hayabusa(https://github.com/Yamato-Security/hayabusa),
but I will look into whether WELA can also be run on large data without error.

[hitenkoku]

@Skyw3lker Fixed an error in parsing file size when parsing huge data and merged main branch. Can you check if the problem recurs?

Yamato-Security/WELA@3a69c2d

[Skyw3lker]

@hitenkoku Thank you so much for recommending the AMAZING hayabusa. I made a git pull, still same exact error.

[hitenkoku]

Thank you for your comment.
I will try to find a large amount of data on my end and see if the same problem occurs.