swimlane / soc-faker

A python package for use in generating fake data for SOC and security automation.
MIT License
161 stars 26 forks source link

soc-faker logs windows eventlog (errors out) #33

Open CryptoJones opened 1 year ago

CryptoJones commented 1 year ago

running soc-faker logs windows eventlog doesn't work. Tracedump is as follows; Test on Python 3.6, 3.10, and 3.17 on Windows Server 2016 and Windows Server 2022 Using Pip-installed and github source versions of soc-faker

C:\Users\Administrator\Downloads>soc-faker logs windows eventlog Traceback (most recent call last): File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main return _run_code(code, main_globals, None, File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code exec(code, run_globals) File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\Scripts\soc-faker.exe__main.py", line 7, in File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\socfaker\main__.py", line 5, in main fire.Fire(SocFaker()) File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\fire\core.py", line 141, in Fire component_trace = _Fire(component, args, parsed_flag_args, context, name) File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\fire\core.py", line 466, in _Fire component, remaining_args = _CallAndUpdateTrace( File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\fire\core.py", line 681, in _CallAndUpdateTrace component = fn(*varargs, **kwargs) File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\socfaker\windows.py", line 18, in eventlog return WindowsEventLog(json=json).get(count=count, computer_name=computer_name, os_version=os_version) File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\socfaker\windowseventlog.py", line 41, in get md_file.rsplit('/', 1)[1].split('-')[1].strip('.md'), IndexError: list index out of range