rosetta-ce 1.6.9__py3-none-any.whl → 1.7.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (7) hide show
  1. rosetta/constants/systems.py +33 -29
  2. rosetta/rfaker.py +528 -554
  3. {rosetta_ce-1.6.9.dist-info → rosetta_ce-1.7.1.dist-info}/METADATA +1 -1
  4. {rosetta_ce-1.6.9.dist-info → rosetta_ce-1.7.1.dist-info}/RECORD +7 -7
  5. {rosetta_ce-1.6.9.dist-info → rosetta_ce-1.7.1.dist-info}/WHEEL +1 -1
  6. {rosetta_ce-1.6.9.dist-info → rosetta_ce-1.7.1.dist-info}/LICENSE +0 -0
  7. {rosetta_ce-1.6.9.dist-info → rosetta_ce-1.7.1.dist-info}/top_level.txt +0 -0
rosetta/constants/systems.py CHANGED
@@ -73,68 +73,72 @@ WIN_EVENTS = [
73
73
  '<Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="{system_time}"/>'
74
74
  '<EventRecordID>{event_record_id}</EventRecordID><Correlation/>'
75
75
  '<Execution ProcessID="{process_id}" '
76
- 'ThreadID="{thread_id}" Channel="Microsoft-Windows-Sysmon/Operational"/>'
76
+ 'ThreadID="{thread_id}" Channel="Microsoft-Windows-Sysmon/Operational"/><Computer>{src_host}</Computer>'
77
77
  '<EventData><Data Name="TargetImage">C:\\Windows\\System32\\calc.exe</Data>'
78
78
  '<Data Name="TargetPID">{target_pid}</Data></EventData></Event>',
79
+
79
80
  '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
80
81
  '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'
81
82
  '<EventID>4672</EventID><Version>0</Version><Level>0</Level><Task>12544</Task><Opcode>0</Opcode>'
82
83
  '<Keywords>0x8020000000000000</Keywords><TimeCreated SystemTime="{system_time}"/>'
83
84
  '<EventRecordID>{event_record_id}</EventRecordID><Correlation/>'
84
85
  '<Execution ProcessID="{process_id}" '
85
- 'ThreadID="{thread_id}" Channel="Security"/><Computer>{host}</Computer>'
86
- '<Security UserID="{user_id}"/>'
87
- '<EventData><Data Name="SubjectUserSid">{user_id}</Data>'
88
- '<Data Name="SubjectUserName">{user_name}</Data>'
89
- '<Data Name="SubjectDomainName">{domain_name}</Data>'
86
+ 'ThreadID="{thread_id}" Channel="Security"/><Computer>{src_host}</Computer>'
87
+ '<Security UserID="{user}"/>'
88
+ '<EventData><Data Name="SubjectUserSid">{user}</Data>'
89
+ '<Data Name="SubjectUserName">{user}</Data>'
90
+ '<Data Name="SubjectDomainName">{src_domain}</Data>'
90
91
  '<Data Name="SubjectLogonId">{subject_login_id}</Data>'
91
92
  '<Data Name="PrivilegeList">{privilege_list}</Data></EventData></Event>',
93
+
92
94
  '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
93
95
  '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'
94
96
  '<EventID>4648</EventID><Version>0</Version><Level>0</Level><Task>13824</Task><Opcode>0</Opcode>'
95
97
  '<Keywords>0x8020000000000000</Keywords><TimeCreated SystemTime="{system_time}"/>'
96
98
  '<EventRecordID>{event_record_id}</EventRecordID><Correlation/><Execution ProcessID="'
97
99
  '{process_id}" '
98
- 'ThreadID="{thread_id}" Channel="Security"/><Computer>{host}</Computer>'
99
- '<Security UserID="{user_id}"/>'
100
- '<EventData><Data Name="SubjectUserSid">{user_id}</Data><Data Name="SubjectUserName">'
101
- '{user_name}</Data>'
102
- '<Data Name="SubjectDomainName">{domain_name}</Data><Data Name="SubjectLogonId">'
103
- '{user_id}</Data>'
100
+ 'ThreadID="{thread_id}" Channel="Security"/><Computer>{src_host}</Computer>'
101
+ '<Security UserID="{user}"/>'
102
+ '<EventData><Data Name="SubjectUserSid">{user}</Data><Data Name="SubjectUserName">'
103
+ '{user}</Data>'
104
+ '<Data Name="SubjectDomainName">{src_domain}</Data><Data Name="SubjectLogonId">'
105
+ '{user}</Data>'
104
106
  '<Data Name="NewProcessId">{new_process_id}</Data><Data Name="ProcessId">{process_id}</Data>'
105
- '<Data Name="CommandLine">{cmd}</Data><Data Name="TargetUserSid">{user_id}</Data>'
106
- '<Data Name="TargetUserName">{user_name}</Data><Data Name="TargetDomainName">'
107
- '{domain_name}</Data>'
108
- '<Data Name="TargetLogonId">{user_id}</Data><Data Name="LogonType">3</Data></EventData></Event>',
107
+ '<Data Name="CommandLine">{cmd}</Data><Data Name="TargetUserSid">{user}</Data>'
108
+ '<Data Name="TargetUserName">{user}</Data><Data Name="TargetDomainName">'
109
+ '{src_domain}</Data>'
110
+ '<Data Name="TargetLogonId">{user}</Data><Data Name="LogonType">3</Data></EventData></Event>',
111
+
109
112
  '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
110
113
  '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'
111
114
  '<EventID>4624</EventID><Version>0</Version><Level>0</Level><Task>12544</Task><Opcode>0</Opcode>'
112
115
  '<Keywords>0x8020000000000000</Keywords><TimeCreated SystemTime="{system_time}"/>'
113
116
  '<EventRecordID>{event_record_id}</EventRecordID><Correlation/>'
114
117
  '<Execution ProcessID="{process_id}" '
115
- 'ThreadID="{thread_id}" Channel="Security"/><Computer>{host}</Computer>'
116
- '<Security UserID="{user_id}"/><EventData><Data Name="SubjectUserSid">{user_id}</Data>'
117
- '<Data Name="SubjectUserName">{user_name}</Data>'
118
- '<Data Name="SubjectDomainName">{domain_name}</Data><Data Name="SubjectLogonId">{user_id}</Data>'
119
- '<Data Name="LogonType">3</Data><Data Name="TargetUserSid">{user_id}</Data>'
120
- '<Data Name="TargetUserName">{user_name}</Data>'
121
- '<Data Name="TargetDomainName">{domain_name}</Data>'
122
- '<Data Name="ProcessName">{process_name}</Data><Data Name="ProcessId">{process_id}</Data>'
118
+ 'ThreadID="{thread_id}" Channel="Security"/><Computer>{src_host}</Computer>'
119
+ '<Security UserID="{user}"/><EventData><Data Name="SubjectUserSid">{user}</Data>'
120
+ '<Data Name="SubjectUserName">{user}</Data>'
121
+ '<Data Name="SubjectDomainName">{src_domain}</Data><Data Name="SubjectLogonId">{user}</Data>'
122
+ '<Data Name="LogonType">3</Data><Data Name="TargetUserSid">{user}</Data>'
123
+ '<Data Name="TargetUserName">{user}</Data>'
124
+ '<Data Name="TargetDomainName">{src_domain}</Data>'
125
+ '<Data Name="ProcessName">{win_process}</Data><Data Name="ProcessId">{process_id}</Data>'
123
126
  '<Data Name="DestinationLogonId">{destination_login_id}</Data>'
124
127
  '<Data Name="SourceNetworkAddress">{source_network_address}</Data>'
125
128
  '<Data Name="SourcePort">{local_port}</Data><Data Name="LogonGuid">{guid}</Data>'
126
129
  '<Data Name="TransmittedServices">{transmitted_services}</Data></EventData></Event>',
130
+
127
131
  '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
128
132
  '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'
129
133
  '<EventID>4688</EventID><Version>0</Version><Level>0</Level><Task>13312</Task><Opcode>0</Opcode>'
130
134
  '<Keywords>0x8020000000000000</Keywords><TimeCreated SystemTime="{system_time}"/>'
131
135
  '<EventRecordID>{event_record_id}</EventRecordID><Correlation/>'
132
136
  '<Execution ProcessID="{process_id}" '
133
- 'ThreadID="{thread_id}" Channel="Security"/><Computer>{host}</Computer>'
134
- '<Security UserID="{user_id}"/>'
135
- '<EventData><Data Name="SubjectUserSid">{user_id}</Data>'
136
- '<Data Name="SubjectUserName">{user_name}</Data>'
137
- '<Data Name="SubjectDomainName">{domain_name}</Data><Data Name="SubjectLogonId">{user_id}</Data>'
137
+ 'ThreadID="{thread_id}" Channel="Security"/><Computer>{src_host}</Computer>'
138
+ '<Security UserID="{user}"/>'
139
+ '<EventData><Data Name="SubjectUserSid">{user}</Data>'
140
+ '<Data Name="SubjectUserName">{user}</Data>'
141
+ '<Data Name="SubjectDomainName">{src_domain}</Data><Data Name="SubjectLogonId">{user}</Data>'
138
142
  '<Data Name="NewProcessId">{new_process_id}</Data>'
139
143
  '<Data Name="CreatorProcessId">{process_id}</Data>'
140
144
  '<Data Name="TokenElevationType">TokenElevationTypeLimited (3)</Data>'