dissect.target.plugins.os.windows.ual
¶
Module Contents¶
Classes¶
Return all available User Access Log information. |
Attributes¶
- dissect.target.plugins.os.windows.ual.ClientAccessRecord¶
- dissect.target.plugins.os.windows.ual.RoleAccessRecord¶
- dissect.target.plugins.os.windows.ual.VirtualMachineRecord¶
- dissect.target.plugins.os.windows.ual.DomainSeenRecord¶
- dissect.target.plugins.os.windows.ual.SystemIdentityRecord¶
- dissect.target.plugins.os.windows.ual.FIELD_NAME_MAP¶
- class dissect.target.plugins.os.windows.ual.UalPlugin(target)¶
Bases:
dissect.target.plugin.Plugin
Return all available User Access Log information.
User Access Logging (UAL) is a logging system that aggregates client usage data by role and products on a local server. It helps Windows server administrators to quantify requests from client computers for roles and services on a local server.
References
- __namespace__ = 'ual'¶
- LOG_DB_GLOB = 'sysvol/Windows/System32/LogFiles/Sum/*.mdb'¶
- IDENTITY_DB_FILENAME = 'SystemIdentity.mdb'¶
- IDENTITY_DB_PATH¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- find_mdb_files()¶
- populate_role_guid_map()¶
- read_table_records(table_name)¶
- client_access()¶
Return client access data within the User Access Logs.
- role_access()¶
Return role access data within the User Access Logs.
- virtual_machines()¶
Return virtual machine data within the User Access Logs.
- domains_seen()¶
Return DNS data within the User Access Logs.
- system_identities()¶
Return system identity data within the User Access Logs.