File Upload Problem

[xShuden]

Hello,

I ran the application using the Docker file, but I'm getting this error when I want to upload a file. Where can I be making a mistake? Can you help me?

Error;

[yampelo]

I'm guessing your procmon events don't fall into any of these categories: https://github.com/yampelo/beagle/blob/master/beagle/transformers/procmon_transformer.py#L15

I only had a handful of procmon exports available, and they may not have been thorough enough to cover all the values of the Operation field

Would you be willing to share your CSV? Or at least let me know the values of the Operation field you have in your CSV, you can do this easily using pandas:

import pandas as pd
df = pdf.read_csv(path_to_procmon_csv)
df.Operation.value_counts()

[xShuden]

I have the same problem in the "Windows Event Log" file.
Windows Event and Procman file: https://yadi.sk/d/VsCMFq5_nztO7w

[yampelo]

hey, can you reupload the files?

[Alrudin]

I have the same problem. So I edited the csv to only contain readfile events. These are in the https://github.com/yampelo/beagle/blob/master/beagle/transformers/procmon_transformer.py#L15.

I also ran the docker with logger at debug info and added a logger entry to the procmon_transformer. The logger statement never showed up.

So I've attached the csv so you can try. (zipped)
Procmon.zip

[Alrudin]

Found what prevented me from reading in the procmon files.
If you use 24-hour convetion in Windows procmon will use that. a bug assumes that if no 'AM' string present in the log line time is PM. If you add 12 hours to 16 the time is 28 hours which is illegal, this causes an non caught exception in the processor threat.

Created a pull request to fix the bug.