dissect.target.plugins.apps.av.trendmicro
¶
Module Contents¶
Classes¶
TrendMicro antivirus plugin. |
Attributes¶
- dissect.target.plugins.apps.av.trendmicro.TrendMicroWFLogRecord¶
- dissect.target.plugins.apps.av.trendmicro.TrendMicroWFFirewallRecord¶
- dissect.target.plugins.apps.av.trendmicro.pfwlog_def = Multiline-String¶
Show Value
""" struct firewall_entry { char _pad1[1]; char direction; uint16 port; uint32 timestamp; char _pad2[8]; char local_ip[65]; char remote_ip[65]; char path[520]; wchar description[128]; char _pad3[10]; }; """
- dissect.target.plugins.apps.av.trendmicro.c_pfwlog¶
- class dissect.target.plugins.apps.av.trendmicro.TrendMicroPlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
TrendMicro antivirus plugin.
- __namespace__ = 'trendmicro'¶
Defines the plugin namespace.
- LOG_FOLDER = 'sysvol/Program Files (x86)/Trend Micro/Security Agent'¶
- LOG_FILE_FIREWALL = 'sysvol/Program Files (x86)/Trend Micro/Security Agent/PFW/PfwLog_*.dat'¶
- LOG_FILE_INFECTIONS = 'sysvol/Program Files (x86)/Trend Micro/Security Agent/Misc/pccnt35.log'¶
- codepage¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- wflogs() Iterator[TrendMicroWFLogRecord] ¶
Return Trend Micro Worry-free log history records.
Yields TrendMicroWFLogRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): timestamp. threat (string): Description of the detected threat. path (string): Path to file that is associated with the threat. filename (string): Name to file that is associated with the threat. lineno (uint16): Line number for reference for further investigation.
- wffirewall() Iterator[TrendMicroWFFirewallRecord] ¶
Return Trend Micro Worry-free firewall log history records.
Yields TrendMicroWFFirewallRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): timestamp. local_ip (net.ipadress): Local IPv4/IPv6. remote_ip (net.ipaddress): Remote IPv4/IPv6. port (uint16): Port of suspicious connection. direction (string): Direction of the traffic path (string): Path to object that initiated/received connection description (string): Description of the detected threat