Skip to main content

ArcSight CEF Parser

Project description

cefp

ArcSight CEF Parser

Usage

As module

>>> import cefp
>>> cefp.parse(r'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1')
{'device': {'event_class_id': '100',
  'product': 'threatmanager',
  'vendor': 'security',
  'version': '1.0'},
 'extension': {'act': 'blocked \\, | and =',
  'dst': '1.1.1.1',
  'src': '10.0.0.1'},
 'name': 'detected \\, | and = in message',
 'severity': '10',
 'version': '0'}

As command

$ cefp 'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1' | jq .
{
  "version": "0",
  "device": {
    "vendor": "security",
    "product": "threatmanager",
    "version": "1.0",
    "event_class_id": "100"
  },
  "name": "detected \\, | and = in message",
  "severity": "10",
  "extension": {
    "src": "10.0.0.1",
    "act": "blocked \\, | and =",
    "dst": "1.1.1.1"
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cefp-0.0.2.tar.gz (7.8 kB view details)

Uploaded Source

File details

Details for the file cefp-0.0.2.tar.gz.

File metadata

  • Download URL: cefp-0.0.2.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/46.4.0 requests-toolbelt/0.8.0 tqdm/4.23.3 CPython/3.6.10

File hashes

Hashes for cefp-0.0.2.tar.gz
Algorithm Hash digest
SHA256 78727a9fe29e14f28d976b261acc13994cdddb88d3db44b318a834aed0d86fc4
MD5 eb6a1200afc028fbcbbdbb6c51b27b64
BLAKE2b-256 5da2c82a776d983f5722fd20ee8be73ff2a9cc7ae9fa4c17378ecb7e077555fb

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page