def on_crypto_ransom(self, evt):
logger.debug('Got crypto ransom event')
cmdline, exe = None, None
try:
p = psutil.Process(evt.pid)
cmdline = p.cmdline()
exe = p.exe()
except (psutil.NoSuchProcess, psutil.AccessDenied):
pid_profile = self.engine.pid_profiles.get(evt.pid)
if pid_profile is not None:
cmdline = pid_profile.get('cmdline')
exe = cmdline[0] if cmdline else None
crypto_ransom_event = {
'pid': evt.pid,
'path': evt.path,
'cmdline': cmdline,
'exe': exe,
'timestamp': datetime.datetime.now().isoformat()
}
self.web.ctx['events'].append(crypto_ransom_event)
self.web.socketio.emit('event', crypto_ransom_event)
评论列表
文章目录
