`sophos.hitmanlogs`¶

$ target-query <path/to/target> -f sophos.hitmanlogs

Details¶
Module	`dissect.target.plugins.apps.av.sophos.SophosPlugin`
Output	`records`

Module documentation

Sophos antivirus plugin.

Function documentation

Return alert log records from Sophos Hitman Pro/Alert.

Yields HitmanAlertRecord with the following fields:

ts (datetime): Timestamp.
alert (string): Type of Alert.
description (string): Short description of the alert.
details (string): Detailed description of the alert.

Note that because Hitman also catches suspicious behaviour of systems, the details field might contain a lot of text, it might contain stracktraces etc.

sophos.hitmanlogs¶

`sophos.hitmanlogs`¶