From c2f44adc2eef1cee2f1236a8e00362d6eb9b5f91 Mon Sep 17 00:00:00 2001 From: huoji Date: Mon, 5 Sep 2022 17:36:46 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=82=B9bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修复点bug --- Server/log.py | 3 --- Server/plugins/mimikazt_detect/mimikatz_detect.py | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/Server/log.py b/Server/log.py index d7a255f..1cfd59d 100644 --- a/Server/log.py +++ b/Server/log.py @@ -54,9 +54,6 @@ def process_log(host, json_log, raw_log): parent_user, host, ) - plugin.dispath_rule_new_process_create( - host, parent_process, raw_log, json_log - ) is_white_list = hash in hash_white_list.g_white_list child = process.Process( pid, ppid, path, params, create_time, hash, parent_user, host, is_white_list diff --git a/Server/plugins/mimikazt_detect/mimikatz_detect.py b/Server/plugins/mimikazt_detect/mimikatz_detect.py index a14f2e3..5caf8c0 100644 --- a/Server/plugins/mimikazt_detect/mimikatz_detect.py +++ b/Server/plugins/mimikazt_detect/mimikatz_detect.py @@ -42,7 +42,7 @@ def rule_new_process_create(current_process: process.Process, host, raw_log_data def rule_new_process_action(current_process: process.Process, host, raw_log_data, json_log_data): global mimikatz_dll_list # 如果日志的action是imageload(dll加载) - if json_log_data['action'] == 'imageload' and current_process.plugin_var['mimikatz_detected'] == False: + if 'mimikatz_detected' in current_process.plugin_var and json_log_data['action'] == 'imageload' and current_process.plugin_var['mimikatz_detected'] == False: # 把日志中的dll路径取出来 dll_path = json_log_data['data']['imageloaded']