Describe the bug
When providing a ZIP file compressed with 7-zip (under Windows) many parsers don't work (no error provided). Example: events parser.
In Kuiper.log:
"2023-08-10 09:03:26.977887","[DEBUG]","parser_management.py.specify_files_to_be_parser[Lin.75]","parser","Start parsing: case[deschd_case] - machine[deschd_case_test_7zip_gui] - Parsers[Events]",""
"2023-08-10 09:03:26.996533","[INFO]","parser_management.py.run_parsers[Lin.765]","parser","Done processing the task case[deschd_case] - machine[deschd_case_test_7zip_gui] - Parsers[Events]",""
Windows Events are included in the ZIP file for sure. Sources are collected by KAPE (target !SANS_Triage).
When only zipping Windows events (as target in KAPE) or out of the provided structure from !SANS_Triage the events are processed. Again the ZIP file is created with 7-zip in Windows.
When zipping the files in Linux the parsers seem to work fine (also with the whole collection of !SANS_Triage).
There is no error within the files list of the machine - just "No data available in table".
To Reproduce
Steps to reproduce the behavior:
- Collect target !SANS_Triage with KAPE (v1.3.0.2).
- Create ZIP file with 7-zip (or even Windows Explorer) with or without compression.
- Upload ZIP to Kuiper.
- Start Events parser.
Expected behavior
ZIP files created in Windows (e.g. with 7-zip or Windows Explorer) should be processed properly.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Additional context
Why are the ZIP files created in Windows not processed correctly while ZIPs created in Linux are?
How can I create ZIP files in Windows to work properly with kuiper?
(Because the ZIP files created with KAPE cannot be extracted (see issues #12, #33 and #109) I want to automate the zipping process in Windows before uploading the files to Kuiper.)
Describe the bug
When providing a ZIP file compressed with 7-zip (under Windows) many parsers don't work (no error provided). Example: events parser.
In Kuiper.log:
"2023-08-10 09:03:26.977887","[DEBUG]","parser_management.py.specify_files_to_be_parser[Lin.75]","parser","Start parsing: case[deschd_case] - machine[deschd_case_test_7zip_gui] - Parsers[Events]",""
"2023-08-10 09:03:26.996533","[INFO]","parser_management.py.run_parsers[Lin.765]","parser","Done processing the task case[deschd_case] - machine[deschd_case_test_7zip_gui] - Parsers[Events]",""
Windows Events are included in the ZIP file for sure. Sources are collected by KAPE (target !SANS_Triage).
When only zipping Windows events (as target in KAPE) or out of the provided structure from !SANS_Triage the events are processed. Again the ZIP file is created with 7-zip in Windows.
When zipping the files in Linux the parsers seem to work fine (also with the whole collection of !SANS_Triage).
There is no error within the files list of the machine - just "No data available in table".
To Reproduce
Steps to reproduce the behavior:
Expected behavior
ZIP files created in Windows (e.g. with 7-zip or Windows Explorer) should be processed properly.
Desktop (please complete the following information):
Additional context
Why are the ZIP files created in Windows not processed correctly while ZIPs created in Linux are?
How can I create ZIP files in Windows to work properly with kuiper?
(Because the ZIP files created with KAPE cannot be extracted (see issues #12, #33 and #109) I want to automate the zipping process in Windows before uploading the files to Kuiper.)