search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.53k stars 1.7k forks source link

where the procmon.xml is stored of each analysis #2189

Open seantree opened 6 years ago

seantree commented 6 years ago

Hello guys just want to know where the procmon.xml is stored after each analysis I didn't found in the storage folder.

Thanks & Regards Seantree

vcahkjsa commented 6 years ago

Commonly, it should be stored in the "logs" directory of each analysis but I think Cuckoo cannot upload a file of 100 MB (that was the size that I got in VM) from VM to the Host. I don't know if the reason is that it cannot be uploaded the file because the time defined for each analysis or the size of the file was big. I tried with 30 minutes of analysis and I can't got the file.

doomedraven commented 6 years ago

you can change the size

seantree commented 6 years ago

Is there anyway to store the file in csv format also?

jbremer commented 6 years ago

I don't know, does procmon support CSV format?

seantree commented 6 years ago

Yes it's support

Mediocre1 commented 6 years ago

you can modify $CWD/data/analyzer/windows/modules/auxiliary/procmon.py to do CSV output by simply replacing the xml references with csv (quick and dirty). If you need to change the filters or configuration to suit your output (i.e. Procdot). Export a customized procmon.pmc file and overwrite the existing one.