adagari
commented
5 years ago I am starting to run into the same issue, "Too few arguments". It seems we need to apply a peer and the file. I have not found any documentation on the peer part. Have there been any updates regarding this?
Edit: After some digging you can simply provide, "sysmon-Broker.py 127.0.0.1 /tmp/WindowsSysmon.json". Assuming your file is in the tmp directory.
tailing the Json output into sysmon-Broker script I get to few arguments. Also I attempted to run it the way in your test sysmon artictle and the script crashes bro and when i exit the script i get this. File "/home/bro/bro-sysmon/sysmon-Broker.py", line 505, in
main(c, args.file_in)
File "/home/bro/bro-sysmon/sysmon-Broker.py", line 461, in main
time.sleep(1)