ArcSight CEF Parser
Project description
cefp
ArcSight CEF Parser
Usage
As module
>>> import cefp
>>> cefp.parse(r'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1')
{'device': {'event_class_id': '100',
'product': 'threatmanager',
'vendor': 'security',
'version': '1.0'},
'extension': {'act': 'blocked \\, | and =',
'dst': '1.1.1.1',
'src': '10.0.0.1'},
'name': 'detected \\, | and = in message',
'severity': '10',
'version': '0'}
As command
$ cefp 'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1' | jq .
{
"version": "0",
"device": {
"vendor": "security",
"product": "threatmanager",
"version": "1.0",
"event_class_id": "100"
},
"name": "detected \\, | and = in message",
"severity": "10",
"extension": {
"src": "10.0.0.1",
"act": "blocked \\, | and =",
"dst": "1.1.1.1"
}
}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cefp-0.0.2.tar.gz
(7.8 kB
view details)
File details
Details for the file cefp-0.0.2.tar.gz
.
File metadata
- Download URL: cefp-0.0.2.tar.gz
- Upload date:
- Size: 7.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/46.4.0 requests-toolbelt/0.8.0 tqdm/4.23.3 CPython/3.6.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 78727a9fe29e14f28d976b261acc13994cdddb88d3db44b318a834aed0d86fc4 |
|
MD5 | eb6a1200afc028fbcbbdbb6c51b27b64 |
|
BLAKE2b-256 | 5da2c82a776d983f5722fd20ee8be73ff2a9cc7ae9fa4c17378ecb7e077555fb |