Archive

Archive for June, 2016

Sanitising WSA export dates

2016/06/14 Comments off

As AV solutions go, Webroot’s Secure Anywhere (WSA) does a decent enough job of protecting against known and unknown threats; but I’ve always has disagreements with the administrative web interface for device management. As a work around if I’ve needed to extensively analyse the endpoints in any way I’ve typically exported the data from the interface to manipulate the data using typical toolkits (grep/Excel/etc.).

There’s still a problem with the exported data in terms of easy manipulation, namely the the chosen date format; which is frankly bizarre given it’s generated by a digital platform in the first place – Example: November 30 2015 16:25. Anyone that has spent any time sorting data sets by date will immediately see problems with this format.

Released today, sanitiseWebroot.py simply reads the standard WSA “export to CSV” file, modifies the date format of the relevant fields and creates a new *-sanitised.csv file. The dates are more easily machine sortable, in the format YYYY-MM-DD HH:MM.

user@waitean-asus:~/Webroot# ./sanitiseWebroot.py
Script sanitises the date format from Webroot Secure Anywhere’s “Export to CSV” output

script expects a single parameter, the filename of the original .csv file

script will create a single csv file with more sensible date format

USAGE:
./sanitiseWebroot.py exportToCSV.csv

user@waitean-asus:~/Webroot# ./sanitiseWebroot.py WebrootExampleExport.csv
[*] Opening file: WebrootExampleExport.csv
[*] Updating date fields….
100 records processed…
200 records processed…
300 records processed…
400 records processed…
500 records processed…
[*] Processing complete. 510 corrected and written to WebrootExampleExport-Sanitised.csv

The tool is basic enough, but if you regularly encounter WSA and haven’t already created a similar tool to work with the data, this script may (hopefully) prevent you from pulling your hair out.

–Andrew Waite

P.S. if you’re a developer, please take the time to review ISO 8601 to stop these tools be needed in the future.

Advertisements
Categories: Malware, Python