ProcessDicoveryIncident(IncidentXml, Command)
This routine runs a command, providing the incident file name as a parameter. This is quite useful to run commands that expect the original file as one of its parameters.
Note: The typo in the function name will be fixed in future versions.
| IncidentXML | Unicode | The path of the incident XML file. |
| Command | Unicode |
A command to execute The string should contain the string “$filepath$”, which is replaced with the actual filename in the incident XML. |
Returns
None
Example
>>>
DiscoveryIncidentProcessing.ProcessDicoveryIncident(r'C:\ Temp\5371106770671816417.xml',
u'notepad.exe filepath ')
2017-07-19 18:32:45,312 root Debug Processing
C:\Temp\5371106770671816417.xml Encryption
2017-07-19 18:32:45,496 root Debug Processing
\\10.4.228.150\DiscoveryTarget\TestFile.txt
2017-07-19 18:32:45,500 root Debug
Command:notepad.exe
\\10.4.228.150\DiscoveryTarget\TestFile.txt
2017-07-19 18:32:50,898 root Debug
\\10.4.228.150\DiscoveryTarget\TestFile.txt RunCommand Successful
>>>