From d46533e9d792d9689508db6e1f0215376b2c8cf9 Mon Sep 17 00:00:00 2001 From: Enrique Martin Date: Mon, 8 Apr 2024 12:43:33 +0200 Subject: [PATCH] Debugging --- .../windows/pandora_security_win/src/pandora_security_win.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py b/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py index ec6ce60427..f0094e2d23 100644 --- a/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py +++ b/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py @@ -340,8 +340,9 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con try: # Run the auditpol command to check the audit policy for Logon/Logoff cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"' - result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True) + result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True, encoding='utf-8') last_line = result.stdout.strip().split('\n')[-1].strip() + cleaned_line = re.sub(' +', ' ', last_line) # Interpret the result if auditpol_logon_success_conf in result.stdout: @@ -356,7 +357,7 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con "type" : "generic_proc", "value": result, "module_group": "security", - "desc" : f"Check if the logon events audit log is enables, status: {last_line}", + "desc" : f"Check if the logon events audit log is enables, status: {cleaned_line}", }) except subprocess.CalledProcessError as e: