mfesiem / msiempy

McAfee SIEM API Python wrapper
https://mfesiem.github.io/docs/msiempy/msiempy.html
MIT License
23 stars 9 forks source link

Splitting query bug on windows : TypeError: unhashable type: 'Event' #52

Closed tristanlatr closed 4 years ago

tristanlatr commented 4 years ago

This issue is from someone sending us emails, please directly create new issue in the future :) Trying to filter data from a specific normalize ID.

here is the code:

import msiempy.event

events = msiempy.event.EventManager(
        time_range='CUSTOM',
 start_time='2019-10-16',
 end_time='2019-10-31',
        fields=['Name','EventCount','Category','UserIDSrc','IPSID'],
        filters=[('NormID', ['537919488']) ],
        limit=500,
 order=('DESCENDING','LastTime'),
        max_query_depth=2)
events.load_data(delta='2h', slots='10', workers=1)
print (events.json)

here is the output

Microsoft Windows [Version 10.0.17134.648] (c) 2018 Microsoft Corporation. All rights reserved.

c:\msiempy>c:\SIEM_Reporter\venv\Scripts\python.exe test.py
INFO - New ESM session instance is created with : 10.28.0.50
Traceback (most recent call last):
  File "test.py", line 12, in <module>
    events.load_data(delta='2h', slots='10', workers=1)
  File "c:\msiempy\msiempy\event.py", line 351, in load_data
    sub_query = copy.copy(self)
  File "C:\Users\eaguilar.DOMINIO\AppData\Local\Programs\Python\Python37\lib\copy.py", line 88, in copy
    return copier(x)
  File "C:\Users\eaguilar.DOMINIO\AppData\Local\Programs\Python\Python37\lib\collections\__init__.py", line 1131, in __copy__
    inst.__dict__["data"] = self.__dict__["data"][:]
  File "C:\Users\eaguilar.DOMINIO\AppData\Local\Programs\Python\Python37\lib\collections\__init__.py", line 1096, in __getitem__
    return self.__class__(self.data[i])
  File "c:\msiempy\msiempy\event.py", line 111, in __init__
    self.fields=list(set(self.fields+fields))
TypeError: unhashable type: 'Event'

Can you help me to fix the issue?

tristanlatr commented 4 years ago

Hello,

This is probably linked to the splitting feature of the EventManager. To be sure of this hypotheses, please simplify you code as follow and confirm if it works.

import msiempy.event

events = msiempy.event.EventManager(
        time_range='CUSTOM',
 start_time='2019-10-16',
 end_time='2019-10-31',
        fields=['Name','EventCount','Category','UserIDSrc','IPSID'],
        filters=[('NormID', ['537919488']) ],
        limit=500)
events.load_data()
print (events.json)
tristanlatr commented 4 years ago

Hello,

2 things :

Thanks

tristanlatr commented 4 years ago

The version 0.1.18 should have fixed this issue.