`sophos.hitmanlogs`#

$ target-query <path/to/target> -f sophos.hitmanlogs

Details#
Module	`apps.av.sophos.SophosPlugin`
Output	`records`

Module documentation

No documentation

Function documentation

Return alert log records from Sophos Hitman Pro/Alert.

Yields HitmanAlertRecord with the following fields:: ts (datetime): Timestamp. alert (string): Type of Alert. description (string): Short description of the alert. details (string): Detailed description of the alert.

Note that because Hitman also catches suspicious behaviour of systems, the details field might contain a lot of text, it might contain stracktraces etc.

sophos.hitmanlogs#

`sophos.hitmanlogs`#