Project description

cefp

ArcSight CEF Parser

Usage

As module

>>> import cefp
>>> cefp.parse(r'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1')
{'device': {'event_class_id': '100',
  'product': 'threatmanager',
  'vendor': 'security',
  'version': '1.0'},
 'extension': {'act': 'blocked \\, | and =',
  'dst': '1.1.1.1',
  'src': '10.0.0.1'},
 'name': 'detected \\, | and = in message',
 'severity': '10',
 'version': '0'}

As command

$ cefp 'CEF:0|security|threatmanager|1.0|100|detected \\, \| and = in message|10|src=10.0.0.1 act=blocked \\, | and \= dst=1.1.1.1' | jq .
{
  "version": "0",
  "device": {
    "vendor": "security",
    "product": "threatmanager",
    "version": "1.0",
    "event_class_id": "100"
  },
  "name": "detected \\, | and = in message",
  "severity": "10",
  "extension": {
    "src": "10.0.0.1",
    "act": "blocked \\, | and =",
    "dst": "1.1.1.1"
  }
}

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.2

May 28, 2020

0.0.1

May 21, 2018

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cefp-0.0.2.tar.gz (7.8 kB view hashes)

Uploaded May 28, 2020 Source

Hashes for cefp-0.0.2.tar.gz

Hashes for cefp-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`78727a9fe29e14f28d976b261acc13994cdddb88d3db44b318a834aed0d86fc4`
MD5	`eb6a1200afc028fbcbbdbb6c51b27b64`
BLAKE2b-256	`5da2c82a776d983f5722fd20ee8be73ff2a9cc7ae9fa4c17378ecb7e077555fb`