Issue on page /notebooks/small/windows/08_lateral_movement/SDWIN-200724174200.html

Question

Issue on page /notebooks/small/windows/08_lateral_movement/SDWIN-200724174200.html

duzvik opened this issue 4 years ago · 1 comments

Hello,

mordor_file = "https://raw.githubusercontent.com/OTRF/mordor/master/datasets/small/windows/lateral_movement/wmi_event_subscription.pcapng"
registerMordorSQLTable(spark, mordor_file, "mordorTable")

registerMordorSQLTable call downloadMordorFile to download .tar.gz or .zip dataset fie.
But here dataset extension is pcapng.
https://github.com/hunters-forge/openhunt/blob/de241cef7cd1a385569590dfb94888e63caeef87/openhunt/mordorutils.py#L11-L19

As a result, the playbook gives error:
UnboundLocalError: local variable 'mordorJSONPath' referenced before assignment

Answer 1 · 2020-09-02T03:41:48.000Z

Hey @duzvik , yes sorry for the late response. I was updating the site and the datasets did not make it through. I just pushed two PCAPs and one JSON file (zipped). The Notebook downloads, decompress and export the schema of the dataset.