Skip to contents

Get Behaviour EVTX File

Source: R/get_behaviour_evtx.R
get_behaviour_evtx.Rd

Retrieves the EVTX (Windows Event Log) file from a sandbox analysis.

Usage

get_behaviour_evtx(sandbox_id = NULL, output_path = NULL, ...)

Arguments

sandbox_id

Sandbox report ID (character string). Required.

output_path

Local path to save the EVTX file. Optional.

...

Additional arguments passed to httr::GET.

Value

Raw EVTX content or saves to file if output_path specified

References

https://docs.virustotal.com/reference

See also

set_key for setting the API key, get_behaviour_report for JSON report

Examples

if (FALSE) { # \dontrun{

# Before calling the function, set the API key using set_key('api_key_here')

evtx <- get_behaviour_evtx(sandbox_id='hash_sandboxname')
get_behaviour_evtx(sandbox_id='hash_sandboxname',
                   output_path='/tmp/events.evtx')
} # }