Year of Python (YOP) – Week Forty Nine

07Dec15

Hello Reader!

This week we continue on to part three of parsing out a Norton NPE log file.  For this weeks script, I wanted to focus on parsing out the File details section of the Suspicious Items section, eventually applying it to the Infection Detection section.

I’m dealing with this in two parts, again because of how the XML data is structured in the file.  First is getting to the data to parse, then I need to loop through all the File entries and pull the data out of each.

This week is step one of that process, just pulling the data out of the File structure…

In order to do that, we have to do a for loop in a for loop.  The first loop does the search for the Suspicious Items section.  Once we find that area, we then look “inside” of it for the Files section beneath it.  Once we get to THAT section, we start pulling out the different pieces of data (name, file size, hashes, etc).  Just like last week, I’m putting the data into a dictionary, and then when I go to print it out I can just pick and choose which items I want to display.

For the output, I’m not printing out all the fields, just the particular ones I’m interested in.  Of course anyone is welcome to add/remove whatever they like.

One note to be aware of, I’m not including the Product Name field in the data I collect into the dictionary.  The basic reason is there are instances where you’ll run into Unicode characters (the copyright logo for example).  Since I’m not as concerned with the Product name for this, I’m just not including it in the dictionary I’m creating.

Until next week!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Forty Nine”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: