admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复点bug

Browse Source 
修复点bug
This commit is contained in:
huoji
2022-09-05 17:36:46 +08:00
parent 30880f8aa9
commit c2f44adc2e
2 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Server/log.py
View File

@@ -54,9 +54,6 @@ def process_log(host, json_log, raw_log):
parent_user, parent_user,
host, host,
) )
plugin.dispath_rule_new_process_create(
host, parent_process, raw_log, json_log
)
is_white_list = hash in hash_white_list.g_white_list is_white_list = hash in hash_white_list.g_white_list
child = process.Process( child = process.Process(
pid, ppid, path, params, create_time, hash, parent_user, host, is_white_list pid, ppid, path, params, create_time, hash, parent_user, host, is_white_list

2
Server/plugins/mimikazt_detect/mimikatz_detect.py
View File

@@ -42,7 +42,7 @@ def rule_new_process_create(current_process: process.Process, host, raw_log_data
def rule_new_process_action(current_process: process.Process, host, raw_log_data, json_log_data): def rule_new_process_action(current_process: process.Process, host, raw_log_data, json_log_data):
global mimikatz_dll_list global mimikatz_dll_list
# 如果日志的action是imageload(dll加载) # 如果日志的action是imageload(dll加载)
if json_log_data['action'] == 'imageload' and current_process.plugin_var['mimikatz_detected'] == False: if 'mimikatz_detected' in current_process.plugin_var and json_log_data['action'] == 'imageload' and current_process.plugin_var['mimikatz_detected'] == False:
# 把日志中的dll路径取出来 # 把日志中的dll路径取出来
dll_path = json_log_data['data']['imageloaded'] dll_path = json_log_data['data']['imageloaded']