From a93ad760d625516813b26b967e9f94f4d68d9d62 Mon Sep 17 00:00:00 2001
From: Qazeer <qazeer@protonmail.com>
Date: Wed, 31 Jan 2024 12:48:55 +0100
Subject: [PATCH] Add Mplog-Parser to parse Windows Defender MPLog

---
 Modules/Apps/GitHub/Mplog-Parser.mkape | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 Modules/Apps/GitHub/Mplog-Parser.mkape

diff --git a/Modules/Apps/GitHub/Mplog-Parser.mkape b/Modules/Apps/GitHub/Mplog-Parser.mkape
new file mode 100644
index 000000000..bad3401b9
--- /dev/null
+++ b/Modules/Apps/GitHub/Mplog-Parser.mkape
@@ -0,0 +1,21 @@
+Description: 'Mplog-Parser: parses Microsoft Protection log files into CSV files'
+Category: Antivirus
+Author: Thomas DIOT (Qazeer)
+Version: 1.0
+Id: 6084c8ab-2059-41a4-89f4-dba2cfdb4bb4
+BinaryUrl: https://github.com/Qazeer/mplog_parser-compiled/releases/download/v1.0/mplog_parser.exe
+ExportFormat: csv
+Processors:
+    -
+        Executable: mplog_parser.exe
+        CommandLine: -d "%SourceDirectory%\ProgramData\Microsoft\Windows Defender\Support" -o "%destinationDirectory%"
+        ExportFormat: csv
+
+# Documentation
+# Mplog-Parser parses Microsoft Protection log files into a number of CSV files.
+# mplog_parser source: https://github.com/Intrinsec/mplog_parser
+# Compiled version: https://github.com/Qazeer/mplog_parser-compiled
+# Information on Windows Defender MPLog:
+# https://www.crowdstrike.com/blog/how-to-use-microsoft-protection-logging-for-forensic-investigations/
+# https://www.intrinsec.com/hunt-mplogs/
+# https://artefacts.help/windows_defender_support_logs.html