From 8d2c355718af8c4e1a97cf1a3a011cc5048dc788 Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Sat, 4 May 2019 10:31:10 -0300
Subject: [PATCH] Added output section

---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 9844eda..50b8966 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ Sample evtx files are in the .\evtx directory
 - [Windows Event Logs processed](#windows-event-logs-processed)
 - [Detected events](#detected-events)
 - [Examples](#examples)
+- [Output](#output)
 - [Logging setup](#logging-setup)
 - See the [DeepBlue.py Readme](README-DeepBlue.py.md) for information on DeepBlue.py
 - See the [DeepWhite Readme](README-DeepWhite.md) for information on DeepWhite (detective whitelisting using Sysmon event logs)
@@ -125,6 +126,20 @@ See 'Logging setup' section below for how to configure these logs
 |PSAttack|`.\DeepBlue.ps1 .\evtx\psattack-security.evtx`|
 |User added to administrator group|`.\DeepBlue.ps1 .\evtx\new-user-security.evtx`|
 
+## Output
+
+DeepBlueCLI outputs in PowerShell objects, allowing a variety of output methods and types, including JSON, HTML, CSV, etc.
+
+For example:
+
+|Output Type|Syntax|
+|-----------|------|
+|CSV|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Csv|
+|HTML|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Html|
+|JSON|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| ConvertTo-Json|
+|GridView|.\DeepBlue.ps1 .\evtx\psattack-security.evtx \| Out-GridView|
+|XML|.\DeepBlue.ps1 .\evtx\psattack-security.evtx| ConvertTo-Xml|
+
 ## Logging setup
 
 ### Security event 4688 (Command line auditing):