Skip to content

Commit 094ee04

Browse files
BeercowBeercow
authored
Add files via upload
1 parent 17b034b commit 094ee04

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

64 files changed

+3480
-2
lines changed

README.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,15 @@
1-
# SEPparser
2-
Command line script for parsing Symantec Endpoint Protection logs
1+
# SEPparser
2+
3+
Tested with python3.7
4+
5+
SEPparser.py \-h
6+
usage: SEPparser.py [\-h] [\-f FILE] [\-d DIR] [\-o OUTPUT] [\-a]
7+
8+
optional arguments:\
9+
  -h, --help                show this help message and exit\
10+
  -f FILE, --file FILE    file to be parsed\
11+
  -d DIR, --dir DIR     directory to be parsed\
12+
  -o OUTPUT, --output OUTPUT\
13+
                                directory to output files to. Default is current\
14+
                                directory.\
15+
  -a, --append          append to output files.

SEPparser.py

Lines changed: 1316 additions & 0 deletions
Large diffs are not rendered by default.

SEPparser.spec

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# -*- mode: python -*-
2+
3+
block_cipher = None
4+
5+
6+
a = Analysis(['SEPparser.py'],
7+
pathex=['.'],
8+
binaries=[],
9+
datas=[],
10+
hiddenimports=[],
11+
hookspath=[],
12+
runtime_hooks=[],
13+
excludes=[],
14+
win_no_prefer_redirects=False,
15+
win_private_assemblies=False,
16+
cipher=block_cipher,
17+
noarchive=False)
18+
pyz = PYZ(a.pure, a.zipped_data,
19+
cipher=block_cipher)
20+
exe = EXE(pyz,
21+
a.scripts,
22+
a.binaries,
23+
a.zipfiles,
24+
a.datas,
25+
[],
26+
name='SEPparser',
27+
debug=False,
28+
bootloader_ignore_signals=False,
29+
strip=False,
30+
upx=True,
31+
runtime_tmpdir=None,
32+
console=True )

bin/SEPparser_x64.exe

5.03 MB
Binary file not shown.

bin/SEPparser_x86.exe

4.66 MB
Binary file not shown.

testdata/05292019.Log

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
31041D081228,14,2,8,computer1,SYSTEM,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,31041D081228,,,0,Default,0,,,,0,,0,,0
2+
31041D08122E,66,2,0,computer1,SYSTEM,,,,,,,16777216,"Scan resumed on all drives and all extensions.",1557839461,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,612CD451BC1040C689C22DA77AB5BFF0,0,31041D08122E,,,2,Default,0,,,,0,,0,,0
3+
31041D08151B,88,2,17,computer1,Usernam,,,,,,,16777216,"SymELAM Protection has been enabled",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,999,,,,,,,,,,,,,,,,,,,,,,0,31041D08151B,,,0,Default,0,,,,0,,0,,0
4+
31041D08151E,79,2,16,computer1,Usernam,,,,,,,16777216,"SONAR has been enabled",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,999,,,,,,,,,,,,,,,,,,,,,,0,31041D08151E,,,0,Default,0,,,,0,,0,,0
5+
31041D08151E,79,2,16,computer1,Usernam,,,,,,,16777216,"Suspicious Behavior Detection has been enabled",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,999,,,,,,,,,,,,,,,,,,,,,,0,31041D08151E,,,0,Default,0,,,,0,,0,,0
6+
31041D08151E,93,2,16,computer1,Usernam,,,,,,,16777216,"Symantec Endpoint Protection Tamper Protection Enabled",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,999,,,,,,,,,,,,,,,,,,,,,,0,31041D08151E,,,0,Default,0,,,,0,,0,,0
7+
31041D081720,7,3,8,computer1,Usernam,,,,,,,16777216,"New virus definition file loaded. Version: 190528021.",0,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,31041D081720,,,0,Default,0,,,,0,,0,,0
8+
31041D081739,20,2,0,computer1,Usernam,,,,,,,16777216,"Unable to create a backup of . Status 0x2000000A.",1557839461,,0,,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,0,31041D081739,,,0,Default,0,,,,0,,0,,0
9+
31041D081739,46,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,f939a5e8-33d6-4fc6-8f13-5631b8ad00da,0,,502 0 2 A3ED6A40B6A5EA08B9EBB5244C996B44FC84767C91575ECAD7C36A08ABC9063A 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
10+
31041D081739,5,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,f939a5e8-33d6-4fc6-8f13-5631b8ad00da,0,,502 0 2 A3ED6A40B6A5EA08B9EBB5244C996B44FC84767C91575ECAD7C36A08ABC9063A 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
11+
31041D081739,51,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,f939a5e8-33d6-4fc6-8f13-5631b8ad00da,0,,502 0 2 A3ED6A40B6A5EA08B9EBB5244C996B44FC84767C91575ECAD7C36A08ABC9063A 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
12+
31041D081739,46,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,261948f5-3511-44bf-831f-4010efaf12f4,0,,502 0 2 321DB9D1CDD176EA32A324C81794BFA4B7571285AC08B7D0322D4A3F7D1BFF64 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
13+
31041D081739,5,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,261948f5-3511-44bf-831f-4010efaf12f4,0,,502 0 2 321DB9D1CDD176EA32A324C81794BFA4B7571285AC08B7D0322D4A3F7D1BFF64 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
14+
31041D081739,51,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,261948f5-3511-44bf-831f-4010efaf12f4,0,,502 0 2 321DB9D1CDD176EA32A324C81794BFA4B7571285AC08B7D0322D4A3F7D1BFF64 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D081739,0,,0,Default,0,,,,0,,0,,0
15+
31041D08173B,46,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,0a82627c-b80e-4e98-9382-93c6c784ad31,0,,502 0 2 97228D3A5732822510B7FAA211475523B64DA00041AC53A36A7B41FC20A4A72B 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D08173B,0,,0,Default,0,,,,0,,0,,0
16+
31041D08173B,5,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,0a82627c-b80e-4e98-9382-93c6c784ad31,0,,502 0 2 97228D3A5732822510B7FAA211475523B64DA00041AC53A36A7B41FC20A4A72B 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D08173B,0,,0,Default,0,,,,0,,0,,0
17+
31041D08173B,51,1,0,computer1,SYSTEM,Heur.AdvML.C,>>_________,5,1,1,2147483952,33570852,"",1557839461,,0,101 0 1 0 0 0,0,4294779570,0,0,0,1,1,0,20190528.021,200387,2,4,0,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,0a82627c-b80e-4e98-9382-93c6c784ad31,0,,502 0 2 97228D3A5732822510B7FAA211475523B64DA00041AC53A36A7B41FC20A4A72B 0 0 0 0 0 0 0,,1,3,1,0,0,0,0,,,0,0,0,,,,0,31041D08173B,0,,0,Default,0,,,,0,,0,,0
18+
31041D08173B,65,2,0,computer1,Usernam,,,,,,,16777216,"Scan Suspended: Risks: 3 Scanned: 1019 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 979",1557839461,,0,3:3:1019:0:979,,,,0,,,,,,,,,,,{86ECAC14-384D-4D77-9A9D-9DE4E01D106A},,,,doma,10:E7:C6:D9:93:E4,14.2.1031.64,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,612CD451BC1040C689C22DA77AB5BFF0,313,31041D08173B,,,2,Default,0,,,,0,,0,,0

0 commit comments

Comments
 (0)