in source/lambda/es_loader/siem/fileformat_winevtxml.py [0:0]
def convert_lograw_to_dict(self, lograw, logconfig=None):
logdict = {}
lograw = lograw.strip().rstrip("\u0000")
try:
logdict = self._parse(lograw)
except xml.parsers.expat.ExpatError:
# delete control character
lograw = lograw.translate(dict.fromkeys(range(32)))
logdict = self._parse(lograw)
logdict['Event'].pop('#text', None)
logdict['Event']['System'].pop('#text', None)
try:
data_list = logdict['Event']['EventData']['Data']
logdict['Event']['EventData'].pop('#text', None)
except (KeyError, NameError, TypeError):
data_list = None
if data_list:
data_dict = {}
for data in data_list:
if isinstance(data, dict) and '#text' in data:
temp = data['#text']
if temp != '-':
data_dict[data['Name']] = data['#text']
logdict['Event']['EventData']['Data'] = data_dict
try:
logdict['Event']['System']['EventID']
except KeyError:
return logdict
if isinstance(logdict['Event']['System']['EventID'], dict):
Qualifiers = logdict['Event']['System']['EventID']['Qualifiers']
logdict['Event']['System']['EventID'] = (
logdict['Event']['System']['EventID']['#text'])
logdict['Event']['System']['Qualifiers'] = Qualifiers
try:
logdict['Event']['EventData']['Data']['AccessList'] = (
logdict['Event']['EventData']['Data']['AccessList'].split())
except (TypeError, KeyError):
pass
try:
logdict['Event']['EventData']['Data']['PrivilegeList'] = (
(logdict['Event']['EventData']['Data']
['PrivilegeList'].split()))
except (TypeError, KeyError):
pass
return logdict