Merge pull request #37 from BenB196/staging

Staging to master
BenB196 · Jun 17, 2020 · 33425b3 · 33425b3
2 parents 82c14a2 + 5b9de9a
commit 33425b3
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -159,6 +159,7 @@ FileEvent
     PrintedFilesBackupPath      string          (potentially empty)
     RemoteActivity              string          (potentially empty)
     Trusted                     *bool           (potentially empty)
+    LoggedInOperatingSystemUser string          (potentially empty)
 ```
 
 - error - Any errors.

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.8
+0.1.9
diff --git a/ffs.go b/ffs.go
@@ -78,10 +78,11 @@ type FileEvent struct {
 	PrintedFilesBackupPath      string     `json:"printedFilesBackupPath,omitempty"`
 	RemoteActivity              string     `json:"remoteActivity,omitempty"`
 	Trusted                     *bool      `json:"trusted,omitempty"`
+	LoggedInOperatingSystemUser string     `json:"loggedInOperatingSystemUser,omitempty"`
 }
 
 //Currently recognized csv headers
-var csvHeaders = []string{"Event ID", "Event type", "Date Observed (UTC)", "Date Inserted (UTC)", "File path", "Filename", "File type", "File Category", "Identified Extension Category", "Current Extension Category", "File size (bytes)", "File Owner", "MD5 Hash", "SHA-256 Hash", "Create Date", "Modified Date", "Username", "Device ID", "User UID", "Hostname", "Fully Qualified Domain Name", "IP address (public)", "IP address (private)", "Actor", "Directory ID", "Source", "URL", "Shared", "Shared With", "File exposure changed to", "Cloud drive ID", "Detection Source Alias", "File Id", "Exposure Type", "Process Owner", "Process Name", "Tab/Window Title", "Tab URL", "Removable Media Vendor", "Removable Media Name", "Removable Media Serial Number", "Removable Media Capacity", "Removable Media Bus Type", "Removable Media Media Name", "Removable Media Volume Name", "Removable Media Partition Id", "Sync Destination", "Email DLP Policy Names", "Email DLP Subject", "Email DLP Sender", "Email DLP From", "Email DLP Recipients", "Outside Active Hours", "Identified Extension MIME Type", "Current Extension MIME Type", "Suspicious File Type Mismatch", "Print Job Name", "Printer Name", "Printed Files Backup Path", "Remote Activity", "Trusted"}
+var csvHeaders = []string{"Event ID", "Event type", "Date Observed (UTC)", "Date Inserted (UTC)", "File path", "Filename", "File type", "File Category", "Identified Extension Category", "Current Extension Category", "File size (bytes)", "File Owner", "MD5 Hash", "SHA-256 Hash", "Create Date", "Modified Date", "Username", "Device ID", "User UID", "Hostname", "Fully Qualified Domain Name", "IP address (public)", "IP address (private)", "Actor", "Directory ID", "Source", "URL", "Shared", "Shared With", "File exposure changed to", "Cloud drive ID", "Detection Source Alias", "File Id", "Exposure Type", "Process Owner", "Process Name", "Tab/Window Title", "Tab URL", "Removable Media Vendor", "Removable Media Name", "Removable Media Serial Number", "Removable Media Capacity", "Removable Media Bus Type", "Removable Media Media Name", "Removable Media Volume Name", "Removable Media Partition Id", "Sync Destination", "Email DLP Policy Names", "Email DLP Subject", "Email DLP Sender", "Email DLP From", "Email DLP Recipients", "Outside Active Hours", "Identified Extension MIME Type", "Current Extension MIME Type", "Suspicious File Type Mismatch", "Print Job Name", "Printer Name", "Printed Files Backup Path", "Remote Activity", "Trusted", "Logged in Operating System User"}
 
 //Structs of Crashplan FFS API Authentication Token Return
 type AuthData struct {
@@ -550,6 +551,9 @@ func csvLineToFileEvent(csvLine []string) *FileEvent {
 		fileEvent.Trusted = nil
 	}
 
+	//set loggedInOperatingSystemUser
+	fileEvent.LoggedInOperatingSystemUser = csvLine[61]
+
 	return &fileEvent
 }