Skip to content

Commit

Permalink
args
Browse files Browse the repository at this point in the history
  • Loading branch information
tomrade committed Jul 25, 2020
1 parent d71bd1d commit 1d6749f
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 6 deletions.
6 changes: 6 additions & 0 deletions config.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@
]
}
},
"parsing" : {
"welm" : {
"enabled" : true,
"mapping_file" : "welm/welm_map.json"
}
},
"outputs" : [
{
"name" : "elastic_nom",
Expand Down
10 changes: 8 additions & 2 deletions evtx_nom_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,15 @@

# TODO args etc etc


parser = argparse.ArgumentParser(description='Ingest EVTX files into Elasticsearch and more')
parser.add_argument("-c","--config", help="Config File Defaults to config.json", default="config.json")
args = parser.parse_args()


print("Getting Ready to Nom")
# Open Config File
with open('config.json','r') as conf_file:
with open(args.config,'r') as conf_file:
config = json.load(conf_file)

# Grab All the files
Expand All @@ -28,7 +34,7 @@
try:
print("Trying '{}' Plugin".format(output['name']))
nom_plugin = getattr(nom, output['name'])
actioner = nom_plugin(output)
actioner = nom_plugin(output,config['parsing'])
except AttributeError:
print("Cannot find module '{}' have you messed up the spelling???".format(output['name']))
sys.exit()
Expand Down
10 changes: 6 additions & 4 deletions lib/nom.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@

# Example Standard Out Plugin
class stdout_nom():
def __init__(self,config):
def __init__(self,config,parsing_config):
self.name = "standard out JSON example"
self.welm_map = load_welm_map("welm/welm_map.json")
self.welm_map = load_welm_map(parsing_config['welm']['mapping_file'])
self.welm_mode = parsing_config['welm']['enabled']
def ingest_file(self,filename):
print("Starting std (sh)outing on target {}".format(filename))
for event in nom_file(filename,self.welm_map):
Expand All @@ -20,7 +21,7 @@ def ingest_file(self,filename):

# Elasticsearch Plugin
class elastic_nom():
def __init__(self,config):
def __init__(self,config,parsing_config):
self.name = "elasticseach ingest"
self.es_host = config['es_host']
self.es_port = config['es_port']
Expand All @@ -33,7 +34,8 @@ def __init__(self,config):
self.index_template = config['index_template']
self.ecs_map = self.load_ecs(config['ecs_map_file'])
self.ecs_mode = config['ecs_mode']
self.welm_map = load_welm_map("welm/welm_map.json")
self.welm_map = load_welm_map(parsing_config['welm']['mapping_file'])
self.welm_mode = parsing_config['welm']['enabled']
self.prep_es()
def load_ecs(self,filename):
with open(filename,'r') as in_file:
Expand Down

0 comments on commit 1d6749f

Please sign in to comment.