2.0 - evtxdetect_auto error and no CSV output

[AndrewRathbun]

Hello,

Thank you for providing a compiled Windows EXE. I'll be making a Module in KAPE for this tool, but first I think some bugs need to be fixed :)

I ran the tool against the EVTX-ATTACK-SAMPLES repo and received the following errors:

Error Analyzing Sysmon logs
ERROR:root:Traceback (most recent call last):
  File "APT-Hunter.py", line 130, in evtxdetect_auto
  File "lib\EvtxDetection.py", line 3082, in detect_events_Sysmon_log
NameError: name 'user' is not defined

APT-Hunter/APT-Hunter.py

Line 130 in 60fc3fd

EvtxDetection.detect_events_Sysmon_log(sysmon_path_list,input_timezone)

APT-Hunter/lib/EvtxDetection.py

Line 3082 in 60fc3fd

Event_desc ="User Name : ( %s ) " % user+"with Command Line : ( " + process_command_line + " ) contain suspicious command ( %s)"%sProcessName

Also, despite the below message indicating otherwise, there was no CSV output to be found.

Time Sketch Report saved as V:\EVTX\APTHunterTest_TimeSketch.csv
Logon Events Report saved as V:\EVTX\APTHunterTest_Logon_Events.csv
Report saved as V:\EVTX\APTHunterTest_Report.xlsx

So I think something might be wrong 🤷

[ahmedkhlief]

Thanks for your feedback , i fixed the issue . kindly check and let me know