The Python library for interacting with netcap audit records has been published here:
Usage
Read into python dictionary
Currently it is possible to retrieve the audit records as python dictionary:
#!/usr/bin/pythonimport pynetcap as ncreader = nc.NCReader('pcaps/HTTP.ncap.gz')reader.read(dataframe=False)print("RECORDS:")print(reader.records)
Read into pandas dataframe
Retrieving the audit records as pandas dataframe:
#!/usr/bin/pythonimport pynetcap as ncreader = nc.NCReader('pcaps/HTTP.ncap.gz')reader.read(dataframe=True)print("[INFO] completed reading the audit record file:", reader.filepath)print("DATAFRAME:")print(reader.df)
