GitHub?!
I received a lot of great feedback from my blog post on SysmonMapper. Most people complained about how the code was too easy to read, wasn't confusing enough and didn't involve excessive use of JavaScript and PowerShell escape characters. To appease the masses, I wrote a substantial update to the SysmonMapper tooltip functionality.
Google's Chart developer site says you can customize the ToolTip for the charts to support HTML tags and other such goodies. I am not sure this works for all charts as I was not able to get the Org Chart's tooltips to support HTML but I could have been doing something wrong.
****UPDATE**** This was confirmed by the nice folks at Google. HTML tooltips no workie with the Org Chart. Oh well.
However, I did get close enough to what I was looking for to post an update. Note: It can be a pain in the ass to write a script that writes another script in a different language and then passes command line syntax between them. Avoid if possible.
Now the when you hover over an event you get the entire log entry displayed on screen:
I got tired of uploading my scripts to this site SO I finally broke down and started using the GitHub account I created forever ago.
Look for more to come in the near future. I have a bunch of useful scripts laying around that I will post when I get the time to clean them up.
I am really digging the idea of visualizing the DFIR data in meaningful ways and I am trying figure out ways to display other relevant information. If any of you have any ideas, feel free to drop me a comment.