nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mattyb...@apache.org
Subject [4/6] nifi git commit: NIFI-1975 - Processor for parsing evtx files
Date Thu, 09 Jun 2016 16:13:11 GMT
http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java
new file mode 100644
index 0000000..0b21c38
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/TemplateNode.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.NumberUtil;
+
+import java.io.IOException;
+
+/**
+ * Template node describing structure of xml to be rendered into
+ */
+public class TemplateNode extends BxmlNode {
+    private final int nextOffset;
+    private final UnsignedInteger templateId;
+    private final String guid;
+    private final int dataLength;
+
+    public TemplateNode(BinaryReader binaryReader, ChunkHeader chunkHeader) throws IOException {
+        super(binaryReader, chunkHeader, null);
+        nextOffset = NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE, "Invalid offset.");
+
+        //TemplateId and Guid overlap
+        templateId = new BinaryReader(binaryReader, binaryReader.getPosition()).readDWord();
+        guid = binaryReader.readGuid();
+        dataLength = NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE - 0x18, "Data length too large.");
+        init();
+    }
+
+    @Override
+    public String toString() {
+        return "TemplateNode{" +
+                "nextOffset=" + nextOffset +
+                ", templateId=" + templateId +
+                ", guid='" + guid + '\'' +
+                ", dataLength=" + dataLength +
+                '}';
+    }
+
+    public int getNextOffset() {
+        return nextOffset;
+    }
+
+    public UnsignedInteger getTemplateId() {
+        return templateId;
+    }
+
+    public String getGuid() {
+        return guid;
+    }
+
+    public int getDataLength() {
+        return dataLength;
+    }
+
+    @Override
+    public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException {
+        bxmlNodeVisitor.visit(this);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java
new file mode 100644
index 0000000..013ffb7
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/ValueNode.java
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.value.BXmlTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.BinaryTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.BooleanTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.DoubleTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.FiletimeTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.FloatTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.GuidTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.Hex32TypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.Hex64TypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.NullTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SIDTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SignedByteTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SignedDWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SignedQWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SignedWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SizeTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.StringTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.SystemtimeTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedByteTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedDWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedQWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.UnsignedWordTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.VariantTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.VariantTypeNodeFactory;
+import org.apache.nifi.processors.evtx.parser.bxml.value.WStringArrayTypeNode;
+import org.apache.nifi.processors.evtx.parser.bxml.value.WStringTypeNode;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Node type that has one VariantTypeNode child
+ */
+public class ValueNode extends BxmlNodeWithToken {
+    public static final Map<Integer, VariantTypeNodeFactory> factories = initFactories();
+    private final int type;
+
+    public ValueNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent) throws IOException {
+        super(binaryReader, chunkHeader, parent);
+        if ((getFlags() & 0x0B) != 0) {
+            throw new IOException("Invalid flag");
+        }
+        type = binaryReader.read();
+        init();
+    }
+
+    private static final Map<Integer, VariantTypeNodeFactory> initFactories() {
+        Map<Integer, VariantTypeNodeFactory> result = new HashMap<>();
+        result.put(0, NullTypeNode::new);
+        result.put(1, WStringTypeNode::new);
+        result.put(2, StringTypeNode::new);
+        result.put(3, SignedByteTypeNode::new);
+        result.put(4, UnsignedByteTypeNode::new);
+        result.put(5, SignedWordTypeNode::new);
+        result.put(6, UnsignedWordTypeNode::new);
+        result.put(7, SignedDWordTypeNode::new);
+        result.put(8, UnsignedDWordTypeNode::new);
+        result.put(9, SignedQWordTypeNode::new);
+        result.put(10, UnsignedQWordTypeNode::new);
+        result.put(11, FloatTypeNode::new);
+        result.put(12, DoubleTypeNode::new);
+        result.put(13, BooleanTypeNode::new);
+        result.put(14, BinaryTypeNode::new);
+        result.put(15, GuidTypeNode::new);
+        result.put(16, SizeTypeNode::new);
+        result.put(17, FiletimeTypeNode::new);
+        result.put(18, SystemtimeTypeNode::new);
+        result.put(19, SIDTypeNode::new);
+        result.put(20, Hex32TypeNode::new);
+        result.put(21, Hex64TypeNode::new);
+        result.put(33, BXmlTypeNode::new);
+        result.put(129, WStringArrayTypeNode::new);
+        return Collections.unmodifiableMap(result);
+    }
+
+    @Override
+    protected List<BxmlNode> initChildren() throws IOException {
+        VariantTypeNode variantTypeNode = factories.get(type).create(getBinaryReader(), getChunkHeader(), this, -1);
+        return Collections.singletonList(variantTypeNode);
+    }
+
+    @Override
+    public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException {
+        bxmlNodeVisitor.visit(this);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java
new file mode 100644
index 0000000..06761d9
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BXmlTypeNode.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+import org.apache.nifi.processors.evtx.parser.bxml.RootNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing an embedded root node
+ */
+public class BXmlTypeNode extends VariantTypeNode {
+    private final RootNode rootNode;
+
+    public BXmlTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        rootNode = new RootNode(binaryReader, chunkHeader, this);
+    }
+
+    public RootNode getRootNode() {
+        return rootNode;
+    }
+
+    @Override
+    public String getValue() {
+        return rootNode.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java
new file mode 100644
index 0000000..4188356
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BinaryTypeNode.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.NumberUtil;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing consisting of base64 encoded binary content
+ */
+public class BinaryTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public BinaryTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        if (length >= 0) {
+            value = binaryReader.readAndBase64EncodeBinary(length);
+        } else {
+            value = binaryReader.readAndBase64EncodeBinary(NumberUtil.intValueMax(binaryReader.readDWord(), Integer.MAX_VALUE, "Invalid string length."));
+        }
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java
new file mode 100644
index 0000000..c2d666d
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/BooleanTypeNode.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node that is true if the signed value is greater than 0
+ */
+public class BooleanTypeNode extends VariantTypeNode {
+    private final boolean value;
+
+    public BooleanTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        UnsignedInteger unsignedInteger = binaryReader.readDWord();
+        value = unsignedInteger.intValue() > 0;
+    }
+
+    @Override
+    public String getValue() {
+        return Boolean.toString(value);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java
new file mode 100644
index 0000000..91fb4ed
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/DoubleTypeNode.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedLong;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a double value
+ */
+public class DoubleTypeNode extends VariantTypeNode {
+    private final double value;
+
+    public DoubleTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        UnsignedLong unsignedLong = binaryReader.readQWord();
+        value = Double.longBitsToDouble(unsignedLong.longValue());
+    }
+
+    @Override
+    public String getValue() {
+        return Double.toString(value);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java
new file mode 100644
index 0000000..aa78362
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FiletimeTypeNode.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.TimeZone;
+
+/**
+ * Node containing a windows file time
+ */
+public class FiletimeTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public FiletimeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = getFormat().format(binaryReader.readFileTime());
+    }
+
+    public static final SimpleDateFormat getFormat() {
+        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
+        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
+        return simpleDateFormat;
+    }
+
+    @Override
+    public String getValue() {
+        return value.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java
new file mode 100644
index 0000000..58d582e
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/FloatTypeNode.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a float
+ */
+public class FloatTypeNode extends VariantTypeNode {
+    private final float value;
+
+    public FloatTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        UnsignedInteger unsignedInteger = binaryReader.readDWord();
+        value = Float.intBitsToFloat(unsignedInteger.intValue());
+    }
+
+    @Override
+    public String getValue() {
+        return Float.toString(value);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java
new file mode 100644
index 0000000..ec7b590
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/GuidTypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a guid
+ */
+public class GuidTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public GuidTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readGuid();
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java
new file mode 100644
index 0000000..70df156
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex32TypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containging a 32 bit hex value
+ */
+public class Hex32TypeNode extends VariantTypeNode {
+    private final String value;
+
+    public Hex32TypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = "0x" + binaryReader.readDWord().toString(16);
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java
new file mode 100644
index 0000000..7024c58
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/Hex64TypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a 64 bit hex value
+ */
+public class Hex64TypeNode extends VariantTypeNode {
+    private final String value;
+
+    public Hex64TypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = "0x" + binaryReader.readQWord().toString(16);
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java
new file mode 100644
index 0000000..66f9751
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/NullTypeNode.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing null value
+ */
+public class NullTypeNode extends VariantTypeNode {
+    public NullTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+    }
+
+    @Override
+    public String getValue() {
+        return "";
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java
new file mode 100644
index 0000000..20f3e80
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SIDTypeNode.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing an SID
+ */
+public class SIDTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public SIDTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        int version = binaryReader.read();
+        int num_elements = binaryReader.read();
+        UnsignedInteger id_high = binaryReader.readDWordBE();
+        int id_low = binaryReader.readWordBE();
+        StringBuilder builder = new StringBuilder("S-");
+        builder.append(version);
+        builder.append("-");
+        builder.append((id_high.longValue() << 16) ^ id_low);
+        for (int i = 0; i < num_elements; i++) {
+            builder.append("-");
+            builder.append(binaryReader.readDWord());
+        }
+        value = builder.toString();
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java
new file mode 100644
index 0000000..8ab5835
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedByteTypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a signed byte value
+ */
+public class SignedByteTypeNode extends VariantTypeNode {
+    private byte value;
+
+    public SignedByteTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = (byte) binaryReader.read();
+    }
+
+    @Override
+    public String getValue() {
+        return "" + value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java
new file mode 100644
index 0000000..651dd2c
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedDWordTypeNode.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node contianing a signed 32 bit value
+ */
+public class SignedDWordTypeNode extends VariantTypeNode {
+    private final UnsignedInteger value;
+
+    public SignedDWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readDWord();
+    }
+
+    @Override
+    public String getValue() {
+        return Integer.toString(value.intValue());
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java
new file mode 100644
index 0000000..3b01ff0
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedQWordTypeNode.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedLong;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a signed 64 bit value
+ */
+public class SignedQWordTypeNode extends VariantTypeNode {
+    private final UnsignedLong value;
+
+    public SignedQWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readQWord();
+    }
+
+    @Override
+    public String getValue() {
+        return Long.toString(value.longValue());
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java
new file mode 100644
index 0000000..15e72e7
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SignedWordTypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a signed 16 bit value
+ */
+public class SignedWordTypeNode extends VariantTypeNode {
+    private final int value;
+
+    public SignedWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readWord();
+    }
+
+    @Override
+    public String getValue() {
+        return Short.toString((short) value);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java
new file mode 100644
index 0000000..e229706
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SizeTypeNode.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a size value
+ */
+public class SizeTypeNode extends VariantTypeNode {
+    private final Number value;
+
+    public SizeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        if (length == 4) {
+            value = binaryReader.readDWord();
+        } else {
+            value = binaryReader.readQWord();
+        }
+    }
+
+    @Override
+    public String getValue() {
+        return value.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java
new file mode 100644
index 0000000..4eb82c9
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/StringTypeNode.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing a string (ascii)
+ */
+public class StringTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public StringTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        if (length >= 0) {
+            value = binaryReader.readString(length);
+        } else {
+            value = binaryReader.readString(binaryReader.readWord());
+        }
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java
new file mode 100644
index 0000000..af5c9c0
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/SystemtimeTypeNode.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.TimeZone;
+
+/**
+ * Node containing a system timestamp
+ */
+public class SystemtimeTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public SystemtimeTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        int year = binaryReader.readWord();
+        int month = binaryReader.readWord();
+        int dayOfWeek = binaryReader.readWord();
+        int day = binaryReader.readWord();
+        int hour = binaryReader.readWord();
+        int minute = binaryReader.readWord();
+        int second = binaryReader.readWord();
+        int millisecond = binaryReader.readWord();
+        Calendar calendar = Calendar.getInstance();
+        calendar.set(year, month, day, hour, minute, second);
+        calendar.set(Calendar.MILLISECOND, millisecond);
+        value = getFormat().format(calendar.getTime());
+    }
+
+    public static final SimpleDateFormat getFormat() {
+        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
+        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
+        return simpleDateFormat;
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java
new file mode 100644
index 0000000..9645579
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedByteTypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Unsigned byte value
+ */
+public class UnsignedByteTypeNode extends VariantTypeNode {
+    private int value;
+
+    public UnsignedByteTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = Byte.toUnsignedInt((byte) binaryReader.read());
+    }
+
+    @Override
+    public String getValue() {
+        return "" + value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java
new file mode 100644
index 0000000..66ab492
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedDWordTypeNode.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedInteger;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Unsigned 32 bit value
+ */
+public class UnsignedDWordTypeNode extends VariantTypeNode {
+    private final UnsignedInteger value;
+
+    public UnsignedDWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readDWord();
+    }
+
+    @Override
+    public String getValue() {
+        return value.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java
new file mode 100644
index 0000000..3efdc37
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedQWordTypeNode.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import com.google.common.primitives.UnsignedLong;
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Unsigned 64 bit value
+ */
+public class UnsignedQWordTypeNode extends VariantTypeNode {
+    private final UnsignedLong value;
+
+    public UnsignedQWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readQWord();
+    }
+
+    @Override
+    public String getValue() {
+        return value.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java
new file mode 100644
index 0000000..52efbf1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/UnsignedWordTypeNode.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Unsigned 16 bit value
+ */
+public class UnsignedWordTypeNode extends VariantTypeNode {
+    private final int value;
+
+    public UnsignedWordTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        value = binaryReader.readWord();
+    }
+
+    @Override
+    public String getValue() {
+        return Integer.toString(value);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java
new file mode 100644
index 0000000..dc8236a
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNode.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.BxmlNodeVisitor;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Parent class for variant nodes (they all have no children)
+ */
+public abstract class VariantTypeNode extends BxmlNode {
+    private final int length;
+
+    public VariantTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent);
+        this.length = length;
+        init();
+    }
+
+    @Override
+    protected List<BxmlNode> initChildren() throws IOException {
+        return Collections.emptyList();
+    }
+
+    public abstract String getValue();
+
+    @Override
+    public void accept(BxmlNodeVisitor bxmlNodeVisitor) throws IOException {
+        bxmlNodeVisitor.visit(this);
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java
new file mode 100644
index 0000000..9906a84
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/VariantTypeNodeFactory.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+public interface VariantTypeNodeFactory {
+    VariantTypeNode create(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException;
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java
new file mode 100644
index 0000000..b301a60
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringArrayTypeNode.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+import org.apache.nifi.stream.io.ByteArrayOutputStream;
+
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.io.IOException;
+
+/**
+ * Node representing an array of wstring values
+ */
+public class WStringArrayTypeNode extends VariantTypeNode {
+    public static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newFactory();
+    private final String value;
+
+    public WStringArrayTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        String raw;
+        if (length >= 0) {
+            raw = binaryReader.readWString(length / 2);
+        } else {
+            int binaryLength = binaryReader.readWord();
+            raw = binaryReader.readWString(binaryLength / 2);
+        }
+        ByteArrayOutputStream stream = new ByteArrayOutputStream();
+        try {
+            XMLStreamWriter xmlStreamWriter = XML_OUTPUT_FACTORY.createXMLStreamWriter(stream, "UTF-8");
+            for (String s : raw.split("\u0000")) {
+                xmlStreamWriter.writeStartElement("string");
+                try {
+                    xmlStreamWriter.writeCharacters(s);
+                } finally {
+                    xmlStreamWriter.writeEndElement();
+                }
+            }
+            xmlStreamWriter.close();
+        } catch (XMLStreamException e) {
+            throw new IOException(e);
+        }
+        value = stream.toString("UTF-8");
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java
new file mode 100644
index 0000000..9ccdcf9
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/parser/bxml/value/WStringTypeNode.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx.parser.bxml.value;
+
+import org.apache.nifi.processors.evtx.parser.BinaryReader;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.bxml.BxmlNode;
+
+import java.io.IOException;
+
+/**
+ * Node containing string read as UTF16_LE
+ */
+public class WStringTypeNode extends VariantTypeNode {
+    private final String value;
+
+    public WStringTypeNode(BinaryReader binaryReader, ChunkHeader chunkHeader, BxmlNode parent, int length) throws IOException {
+        super(binaryReader, chunkHeader, parent, length);
+        if (length >= 0) {
+            value = binaryReader.readWString(length / 2);
+        } else {
+            int characters = binaryReader.readWord();
+            value = binaryReader.readWString(characters);
+        }
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor
new file mode 100644
index 0000000..ed0e17a
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/META-INF/services/org.apache.nifi.processor.Processor
@@ -0,0 +1,17 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.apache.nifi.processors.evtx.ParseEvtx

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html
new file mode 100644
index 0000000..faa5baa
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/resources/docs/org.apache.nifi.processors.evtx.ParseEvtx/additionalDetails.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<html lang="en">
+    <!--
+      Licensed to the Apache Software Foundation (ASF) under one or more
+      contributor license agreements.  See the NOTICE file distributed with
+      this work for additional information regarding copyright ownership.
+      The ASF licenses this file to You under the Apache License, Version 2.0
+      (the "License"); you may not use this file except in compliance with
+      the License.  You may obtain a copy of the License at
+          http://www.apache.org/licenses/LICENSE-2.0
+      Unless required by applicable law or agreed to in writing, software
+      distributed under the License is distributed on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      See the License for the specific language governing permissions and
+      limitations under the License.
+    -->
+    <head>
+        <meta charset="utf-8" />
+        <title>ParseEvtx</title>
+
+        <link rel="stylesheet" href="../../css/component-usage.css" type="text/css" />
+    </head>
+
+    <body>
+        <!-- Processor Documentation ================================================== -->
+        <h2>Description:</h2>
+        <p>This processor is used to parse Windows event logs in the binary evtx format. The input flow files' content should be evtx files.  The processor has 4 outputs:
+            <ul>
+              <li>The original unmodified FlowFile</li>
+              <li>The XML resulting from parsing at the configured granularity</li>
+              <li>Failed parsing with partial output</li>
+              <li>Malformed chunk in binary form</li>
+            </ul>
+         </p>
+         <h2>Output XML Example:</h2>
+         <p>
+             <pre>
+&lt;?xml version=&quot;1.0&quot;?&gt;
+&lt;Events&gt;
+  &lt;Event xmlns=&quot;http://schemas.microsoft.com/win/2004/08/events/event&quot;&gt;
+    &lt;System&gt;
+      &lt;Provider Name=&quot;Service Control Manager&quot; Guid=&quot;{555908d1-a6d7-4695-8e1e-26931d2012f4}&quot; Ev
+entSourceName=&quot;Service Control Manager&quot;/&gt;
+      &lt;EventID Qualifiers=&quot;16384&quot;&gt;7036&lt;/EventID&gt;
+      &lt;Version&gt;0&lt;/Version&gt;
+      &lt;Level&gt;4&lt;/Level&gt;
+      &lt;Task&gt;0&lt;/Task&gt;
+      &lt;Opcode&gt;0&lt;/Opcode&gt;
+      &lt;Keywords&gt;0x8080000000000000&lt;/Keywords&gt;
+      &lt;TimeCreated SystemTime=&quot;2016-01-08 16:49:47.518&quot;/&gt;
+      &lt;EventRecordID&gt;780&lt;/EventRecordID&gt;
+      &lt;Correlation ActivityID=&quot;&quot; RelatedActivityID=&quot;&quot;/&gt;
+      &lt;Execution ProcessID=&quot;480&quot; ThreadID=&quot;596&quot;/&gt;
+      &lt;Channel&gt;System&lt;/Channel&gt;
+      &lt;Computer&gt;win7-pro-vm&lt;/Computer&gt;
+      &lt;Security UserID=&quot;&quot;/&gt;
+    &lt;/System&gt;
+    &lt;EventData&gt;
+      &lt;Data Name=&quot;param1&quot;&gt;Workstation&lt;/Data&gt;
+      &lt;Data Name=&quot;param2&quot;&gt;running&lt;/Data&gt;
+      &lt;Binary&gt;TABhAG4AbQBhAG4AVwBvAHIAawBzAHQAYQB0AGkAbwBuAC8ANAAAAA==&lt;/Binary&gt;
+    &lt;/EventData&gt;
+  &lt;/Event&gt;
+  &lt;Event xmlns=&quot;http://schemas.microsoft.com/win/2004/08/events/event&quot;&gt;
+    &lt;System&gt;
+      &lt;Provider Name=&quot;Service Control Manager&quot; Guid=&quot;{555908d1-a6d7-4695-8e1e-26931d2012f4}&quot; EventSourceName=&quot;Service Control Manager&quot;/&gt;
+      &lt;EventID Qualifiers=&quot;16384&quot;&gt;7036&lt;/EventID&gt;
+      &lt;Version&gt;0&lt;/Version&gt;
+      &lt;Level&gt;4&lt;/Level&gt;
+      &lt;Task&gt;0&lt;/Task&gt;
+      &lt;Opcode&gt;0&lt;/Opcode&gt;
+      &lt;Keywords&gt;0x8080000000000000&lt;/Keywords&gt;
+      &lt;TimeCreated SystemTime=&quot;2016-01-08 16:49:47.535&quot;/&gt;
+      &lt;EventRecordID&gt;781&lt;/EventRecordID&gt;
+      &lt;Correlation ActivityID=&quot;&quot; RelatedActivityID=&quot;&quot;/&gt;
+      &lt;Execution ProcessID=&quot;480&quot; ThreadID=&quot;576&quot;/&gt;
+      &lt;Channel&gt;System&lt;/Channel&gt;
+      &lt;Computer&gt;win7-pro-vm&lt;/Computer&gt;
+      &lt;Security UserID=&quot;&quot;/&gt;
+    &lt;/System&gt;
+    &lt;EventData&gt;
+      &lt;Data Name=&quot;param1&quot;&gt;Cryptographic Services&lt;/Data&gt;
+      &lt;Data Name=&quot;param2&quot;&gt;running&lt;/Data&gt;
+      &lt;Binary&gt;QwByAHkAcAB0AFMAdgBjAC8ANAAAAA==&lt;/Binary&gt;
+    &lt;/EventData&gt;
+  &lt;/Event&gt;
+&lt;/Events&gt;
+             </pre>
+        </p>
+</body>
+</html>

http://git-wip-us.apache.org/repos/asf/nifi/blob/a5fecda5/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java
new file mode 100644
index 0000000..1aa16a5
--- /dev/null
+++ b/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/test/java/org/apache/nifi/processors/evtx/MalformedChunkHandlerTest.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx;
+
+import com.google.common.net.MediaType;
+import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.flowfile.attributes.CoreAttributes;
+import org.apache.nifi.processor.ProcessSession;
+import org.apache.nifi.processor.Relationship;
+import org.apache.nifi.processor.io.OutputStreamCallback;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import java.io.ByteArrayOutputStream;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class MalformedChunkHandlerTest {
+    Relationship badChunkRelationship;
+
+    MalformedChunkHandler malformedChunkHandler;
+
+    @Before
+    public void setup() {
+        badChunkRelationship = new Relationship.Builder().build();
+        malformedChunkHandler = new MalformedChunkHandler(badChunkRelationship);
+    }
+
+    @Test
+    public void testHandle() {
+        String name = "name";
+        byte[] badChunk = {8};
+        FlowFile original = mock(FlowFile.class);
+        FlowFile updated1 = mock(FlowFile.class);
+        FlowFile updated2 = mock(FlowFile.class);
+        FlowFile updated3 = mock(FlowFile.class);
+        FlowFile updated4 = mock(FlowFile.class);
+        ProcessSession session = mock(ProcessSession.class);
+
+        when(session.create(original)).thenReturn(updated1);
+        when(session.putAttribute(updated1, CoreAttributes.FILENAME.key(), name)).thenReturn(updated2);
+        when(session.putAttribute(updated2, CoreAttributes.MIME_TYPE.key(), MediaType.APPLICATION_BINARY.toString())).thenReturn(updated3);
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        when(session.write(eq(updated3), any(OutputStreamCallback.class))).thenAnswer(invocation -> {
+            ((OutputStreamCallback) invocation.getArguments()[1]).process(out);
+            return updated4;
+        });
+
+        malformedChunkHandler.handle(original, session, name, badChunk);
+
+        verify(session).transfer(updated4, badChunkRelationship);
+        assertArrayEquals(badChunk, out.toByteArray());
+    }
+}


Mime
View raw message