Reputation: 391
Pythonic approach to nested data?
I'm processing the output of a forensic perl program in Python 2.7. Assuming you wanted to parse the below data into a nested object for ingestion into another program (e.g. splunk, etc...)
I'm struggling with conceptualization of how the data should be presented programmatically without losing myself into the vastness of nested objects. I tried to find some good resources online for how to best approach writing a nested object but failed horribly.
Any additional resources regarding this subject outside those found on SO/Python manual would be greatly appreciated.
Raw data
appcompatflags v.20130930
(NTUSER.DAT, Software) Extracts AppCompatFlags for Windows.
Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CompatibilityAssistant\Store
Fri Jul 10 11:00:24 2015 - E:\VMware-player-4.0.6-1035888.exe
Fri Jul 10 11:00:24 2015 - C:\Users\aUser\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe
Fri Jul 10 11:00:24 2015 - C:\Users\aUser\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
Fri Jul 10 11:00:24 2015 - C:\Users\aUser\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncConfig.exe
Fri Jul 10 11:00:24 2015 - E:\AdbeRdr11000_mui_Std\Setup.exe
The field/values I've considered using
Top Level Name - NTUser
'''
I'm not positive this is correct for JSON. The program runs off a declaration of which
registry I want to parse (e.g. NTUSER, SYSTEM, etc...) Generating a multitude
of results from various plugins found within the program.
'''
Fields : Values
Plugin_Name: appcompatflags v.20130930, someOtherPlugin
Description: (NTUSER.DAT, Software) Extracts AppCompatFlags for Windows.
Location: Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Date: Fri Jul 10 11:00:24 2015, Fri Jul 10 11:00:24 2015, etc...
Result: E:\VMware-player-4.0.6-1035888.exe, E:\AdbeRdr11000_mui_Std\Setup.exe
Edit: I recognize this is a general question, I'm still really new to programming and I'm hopeful someone on SO can help alleviate the headache this is causing me by pointing me in the right direction.
Upvotes: 1
Views: 99
Answers (1)
Reputation: 188
Not sure what you mean by "parsing directly into JSON". In order to get the data you have into a JSON format, you do need to run it through some sort of script, in this case I assume you have chosen to write it in Python. Within this script, you'll be parsing the values into a dict, and then outputting this dict as a JSON file.
Here's an example of how your JSON could look:
{
"NTUser": {
"appcompat": {
"description": "(NTUSER.DAT, Software) Extracts AppCompatFlags for Windows.",
"location": "Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags",
"data": [
{"date": "Fri Jul 10 11:00:24 2015", "result": "E:\VMware-player-4.0.6-1035888.exe"},
{"date": "Fri Jul 10 11:00:24 2015", "result": "E:\AdbeRdr11000_mui_Std\Setup.exe"}
]
},
"some_other_plugin": {},
},
"SomeOtherRegistry": {}
}
With regards to further reading, the Wikipedia page has some good explanations and examples for how to represent various kinds of data in JSON format. On the Python side, I would learn about how dictionaries work - a dict will map directly to JSON, so working with dicts is crucial.
Upvotes: 1
Related Questions
- How do I write JSON data to a file?
- Fetch: POST JSON data
- Convert form data to JavaScript object with jQuery
- How to convert JSON data into a Python object?
- How do I POST JSON data with cURL?
- Binary Data in JSON String. Something better than Base64
- How to POST JSON data with Python Requests?
- Posting a File and Associated Data to a RESTful WebService preferably as JSON
- Can't install mysql-python (newer versions) in Windows