| skipped 221 lines |
| 222 | 222 | | parser.add_argument("-z", "--timezone", dest="timezone", action="store", type=int, metavar="UTC", |
| 223 | 223 | | help="Event log time zone. (for example: +9) (default: GMT)") |
| 224 | 224 | | parser.add_argument("-f", "--from", dest="fromdate", action="store", type=str, metavar="DATE", |
| 225 | | - | help="Parse Security Event log from this time. (for example: 20170101000000)") |
| | 225 | + | help="Parse Security Event log from this time. (for example: 2017-01-01T00:00:00)") |
| 226 | 226 | | parser.add_argument("-t", "--to", dest="todate", action="store", type=str, metavar="DATE", |
| 227 | | - | help="Parse Security Event log to this time. (for example: 20170228235959)") |
| | 227 | + | help="Parse Security Event log to this time. (for example: 2017-02-28T23:59:59)") |
| 228 | 228 | | parser.add_argument("--add", action="store_true", default=False, |
| 229 | 229 | | help="Add additional data to Neo4j database. (default: False)") |
| 230 | 230 | | parser.add_argument("--delete", action="store_true", default=False, |
| skipped 473 lines |
| 704 | 704 | | |
| 705 | 705 | | if args.fromdate: |
| 706 | 706 | | try: |
| 707 | | - | fdatetime = datetime.datetime.strptime(args.fromdate, "%Y%m%d%H%M%S") |
| | 707 | + | fdatetime = datetime.datetime.strptime(args.fromdate, "%Y-%m-%dT%H:%M:%S") |
| 708 | 708 | | print("[+] Parse the EVTX from {0}.".format(fdatetime.strftime("%Y-%m-%d %H:%M:%S"))) |
| 709 | 709 | | except: |
| 710 | | - | sys.exit("[!] From date does not match format '%Y%m%d%H%M%S'.") |
| | 710 | + | sys.exit("[!] From date does not match format '%Y-%m-%dT%H:%M:%S'.") |
| 711 | 711 | | |
| 712 | 712 | | if args.todate: |
| 713 | 713 | | try: |
| 714 | | - | tdatetime = datetime.datetime.strptime(args.todate, "%Y%m%d%H%M%S") |
| | 714 | + | tdatetime = datetime.datetime.strptime(args.todate, "%Y-%m-%dT%H:%M:%S") |
| 715 | 715 | | print("[+] Parse the EVTX from {0}.".format(tdatetime.strftime("%Y-%m-%d %H:%M:%S"))) |
| 716 | 716 | | except: |
| 717 | | - | sys.exit("[!] To date does not match format '%Y%m%d%H%M%S'.") |
| | 717 | + | sys.exit("[!] To date does not match format '%Y-%m-%dT%H:%M:%S'.") |
| 718 | 718 | | |
| 719 | 719 | | for evtx_file in evtx_list: |
| 720 | 720 | | if args.evtx: |
| skipped 524 lines |
| 1245 | 1245 | | |
| 1246 | 1246 | | if args.fromdate: |
| 1247 | 1247 | | try: |
| 1248 | | - | fdatetime = datetime.datetime.strptime(args.fromdate, "%Y%m%d%H%M%S") |
| | 1248 | + | fdatetime = datetime.datetime.strptime(args.fromdate, "%Y-%m-%dT%H:%M:%S") |
| 1249 | 1249 | | print("[+] Search ES from {0}.".format(fdatetime.strftime("%Y-%m-%d %H:%M:%S"))) |
| 1250 | 1250 | | except: |
| 1251 | | - | sys.exit("[!] From date does not match format '%Y%m%d%H%M%S'.") |
| | 1251 | + | sys.exit("[!] From date does not match format '%Y-%m-%dT%H:%M:%S'.") |
| 1252 | 1252 | | |
| 1253 | 1253 | | if args.todate: |
| 1254 | 1254 | | try: |
| 1255 | | - | tdatetime = datetime.datetime.strptime(args.todate, "%Y%m%d%H%M%S") |
| | 1255 | + | tdatetime = datetime.datetime.strptime(args.todate, "%Y-%m-%dT%H:%M:%S") |
| 1256 | 1256 | | print("[+] Search ES to {0}.".format(tdatetime.strftime("%Y-%m-%d %H:%M:%S"))) |
| 1257 | 1257 | | except: |
| 1258 | | - | sys.exit("[!] To date does not match format '%Y%m%d%H%M%S'.") |
| | 1258 | + | sys.exit("[!] To date does not match format '%Y-%m-%dT%H:%M:%S'.") |
| 1259 | 1259 | | # Parse Event log |
| 1260 | 1260 | | print("[+] Start searching the ES.") |
| 1261 | 1261 | | |
| skipped 517 lines |
shusei tomonaga
committed
4 years ago
1 parent ab1d5030