dissect.target.plugins.os.windows.ual
#
Module Contents#
Classes#
Return all available User Access Log information. |
Attributes#
- dissect.target.plugins.os.windows.ual.ClientAccessRecord#
- dissect.target.plugins.os.windows.ual.RoleAccessRecord#
- dissect.target.plugins.os.windows.ual.VirtualMachineRecord#
- dissect.target.plugins.os.windows.ual.DomainSeenRecord#
- dissect.target.plugins.os.windows.ual.SystemIdentityRecord#
- dissect.target.plugins.os.windows.ual.FIELD_NAME_MAP#
- class dissect.target.plugins.os.windows.ual.UalPlugin(target)#
Bases:
dissect.target.plugin.Plugin
Return all available User Access Log information.
User Access Logging (UAL) is a logging system that aggregates client usage data by role and products on a local server. It helps Windows server administrators to quantify requests from client computers for roles and services on a local server.
References
- __namespace__ = 'ual'#
- LOG_DB_GLOB = 'sysvol/Windows/System32/LogFiles/Sum/*.mdb'#
- IDENTITY_DB_FILENAME = 'SystemIdentity.mdb'#
- IDENTITY_DB_PATH#
- check_compatible() None #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- find_mdb_files()#
- populate_role_guid_map()#
- read_table_records(table_name)#
- client_access()#
Return client access data within the User Access Logs.
- role_access()#
Return role access data within the User Access Logs.
- virtual_machines()#
Return virtual machine data within the User Access Logs.
- domains_seen()#
Return DNS data within the User Access Logs.
- system_identities()#
Return system identity data within the User Access Logs.