From 90405e31bb79fa000ad815ba0e0e6dbcc8d72488 Mon Sep 17 00:00:00 2001 From: BenB196 Date: Wed, 22 Apr 2020 08:35:02 -0400 Subject: [PATCH 1/2] Added support for new FFS fields Fixes issue #31 --- ffs.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/ffs.go b/ffs.go index b6b3321..4a3ac90 100644 --- a/ffs.go +++ b/ffs.go @@ -73,10 +73,13 @@ type FileEvent struct { IdentifiedExtensionMIMEType string `json:"identifiedExtensionMimeType,omitempty"` CurrentExtensionMIMEType string `json:"currentExtensionMimeType,omitempty"` SuspiciousFileTypeMismatch *bool `json:"suspiciousFileTypeMismatch,omitempty"` + PrintJobName string `json:"printJobName,omitempty"` + PrinterName string `json:"printerName,omitempty"` + PrintedFilesBackupPath string `json:"printedFilesBackupPath,omitempty"` } //Currently recognized csv headers -var csvHeaders = []string{"Event ID", "Event type", "Date Observed (UTC)", "Date Inserted (UTC)", "File path", "Filename", "File type", "File Category", "Identified Extension Category", "Current Extension Category", "File size (bytes)", "File Owner", "MD5 Hash", "SHA-256 Hash", "Create Date", "Modified Date", "Username", "Device ID", "User UID", "Hostname", "Fully Qualified Domain Name", "IP address (public)", "IP address (private)", "Actor", "Directory ID", "Source", "URL", "Shared", "Shared With", "File exposure changed to", "Cloud drive ID", "Detection Source Alias", "File Id", "Exposure Type", "Process Owner", "Process Name", "Tab/Window Title", "Tab URL", "Removable Media Vendor", "Removable Media Name", "Removable Media Serial Number", "Removable Media Capacity", "Removable Media Bus Type", "Removable Media Media Name", "Removable Media Volume Name", "Removable Media Partition Id", "Sync Destination", "Email DLP Policy Names", "Email DLP Subject", "Email DLP Sender", "Email DLP From", "Email DLP Recipients", "Outside Active Hours", "Identified Extension MIME Type", "Current Extension MIME Type", "Suspicious File Type Mismatch"} +var csvHeaders = []string{"Event ID", "Event type", "Date Observed (UTC)", "Date Inserted (UTC)", "File path", "Filename", "File type", "File Category", "Identified Extension Category", "Current Extension Category", "File size (bytes)", "File Owner", "MD5 Hash", "SHA-256 Hash", "Create Date", "Modified Date", "Username", "Device ID", "User UID", "Hostname", "Fully Qualified Domain Name", "IP address (public)", "IP address (private)", "Actor", "Directory ID", "Source", "URL", "Shared", "Shared With", "File exposure changed to", "Cloud drive ID", "Detection Source Alias", "File Id", "Exposure Type", "Process Owner", "Process Name", "Tab/Window Title", "Tab URL", "Removable Media Vendor", "Removable Media Name", "Removable Media Serial Number", "Removable Media Capacity", "Removable Media Bus Type", "Removable Media Media Name", "Removable Media Volume Name", "Removable Media Partition Id", "Sync Destination", "Email DLP Policy Names", "Email DLP Subject", "Email DLP Sender", "Email DLP From", "Email DLP Recipients", "Outside Active Hours", "Identified Extension MIME Type", "Current Extension MIME Type", "Suspicious File Type Mismatch", "Print Job Name", "Printer Name", "Printed Files Backup Path"} //Structs of Crashplan FFS API Authentication Token Return type AuthData struct { @@ -516,6 +519,15 @@ func csvLineToFileEvent(csvLine []string) *FileEvent { fileEvent.SuspiciousFileTypeMismatch = nil } + //set printJobName + fileEvent.PrintJobName = csvLine[56] + + //set printerName + fileEvent.PrinterName = csvLine[57] + + //set printedFilesBackupPath + fileEvent.PrintedFilesBackupPath = csvLine[58] + return &fileEvent } From c8bac804179e6138afe269216550443316a4a791 Mon Sep 17 00:00:00 2001 From: BenB196 Date: Wed, 22 Apr 2020 08:35:34 -0400 Subject: [PATCH 2/2] Bump Version --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a192233..a1e1395 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.6 \ No newline at end of file +0.1.7 \ No newline at end of file