-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathjsontocsv2b.py
More file actions
40 lines (30 loc) · 1.38 KB
/
jsontocsv2b.py
File metadata and controls
40 lines (30 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env python3
#Version 2
# Written by: Keven Murphy
import sys
import pandas as pd
import sqlite3
import io # Import StringIO
header = ["EventTime","EventID","Computer","SecurityID","ContextInfo","Payload","ScriptBlockText","Path","Message",
"CommandLine4688","ParentProcessName4688","NewProcessName4688","Connection6","OperationName81_82",
"Operation82","ResourceURI82","ErrorCode142","AuthenticationMechanism169","ServiceName7045","ServiceType7045",
"StartType7045","ImagePath7045","AccountName7045","EventRecordID","Level","Opcode","Task","Channel",
"OSPath","ClientRunTime","FlowId","ClientId","Fqdn"]
print('Filename converting:', sys.argv[1])
outputfile = sys.argv[1] + '.csv'
print('Output Filename:', outputfile)
readfile = open(sys.argv[1], 'r')
count = -1
while True:
line = readfile.readline()
count += 1
if not line:
break
# Wrap line in StringIO to handle it as a file-like object
df = pd.read_json(io.StringIO(line), orient='records')
if count > 0:
df.to_csv(outputfile, columns=header, encoding='utf-8', sep='|', quotechar="~", index=False, header=False, mode='a')
else:
df.to_csv(outputfile, columns=header, encoding='utf-8', sep='|', quotechar="~", index=False, header=True, mode='w')
readfile.close()
print("NOTE: Resulting output file is | delimintated and uses ~ as the field quote.")