search

JPCERTCC / LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log
Other
2.73k stars 443 forks source link

Suggestion if using py2neo 2020.0.0 version #87

Closed vinsiic closed 4 years ago

vinsiic commented 4 years ago

Hello.

logontracer.py script needs a few modifications if installing the current release of py2neo (as of writing: version 2020.0.0). Py2neo now instead of Database class use GraphService class. https://github.com/technige/py2neo/commit/b606294afa776059f033bb3543ca567703eb2c4d

Change in line 30 from Database to GraphService

    29 try:
--  30     from py2neo import Graph, Database
++  30     from py2neo import Graph, GraphService
    31     has_py2neo = True
    32 except ImportError:
    33     has_py2neo = False

Change in line 1660 from Database to GraphService

    1657     try:
    1658         graph_http = "http://" + NEO4J_USER + ":" + NEO4J_PASSWORD + "@" + NEO4J_SERVER + ":" + NEO4J_PORT + "/db/data/"
    1659         GRAPH = Graph(graph_http)
--  1660         db = Database(host=NEO4J_SERVER, user=NEO4J_USER, password=NEO4J_PASSWORD, bolt=True)
++  1660         db = GraphService(host=NEO4J_SERVER, user=NEO4J_USER, password=NEO4J_PASSWORD, bolt=True)
    1662     except:
    1663         sys.exit("[!] Can't connect Neo4j Database.")

Additionally you need disable process for Transactions, as it is not needed anymore. That would be line 1625, comment out tx.process()

    1620             tx.run(statement_pl.format(**{"id": id, "changetime": policy[0], "category": category, "sub": sub}))
    1621             # add (username)-(policy)-(id) link to neo4j
    1622             tx.run(statement_pr.format(**{"user": username[:-1], "id": id, "date": policy[4]}))
    1623             id += 1
    1624
--  1625     tx.process()
++  1625     #tx.process()
    1626     tx.commit()
    1627     print("[+] Creation of a graph data finished.")
    1628
    1629 def main():
    1630     if not has_py2neo:
    1631         sys.exit("[!] py2neo must be installed for this script.")

It looks like there is small typo in line 1497 print text Fildered to Filtered

Sorry if this info looks like poking into code, but maybe it will be useful to some others who, like me, installed newer version os py2neo ;)

shu-tom commented 4 years ago

Thanks for your good issue. I changed to support py2neo 2020.0.0.