Cybersecurity investigation model

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for PakitoSec from gravatar.com PakitoSec

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: PakitoSec
  • Tags cybersecurity , incident-response , observability , threat-intelligence , reporting , graph
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Cyvest – Cyber Investigation Model

Reusable investigation domain models, visitor helpers, and reporting utilities for incident responders. Cyvest provides a consistent data model for threat intelligence, observables, and result checks while keeping the visitor layer extensible for bespoke workflows.

Features

  • Composition-friendly report builder that nests containers and checks.
  • Observable graph with automatic score/level propagation across relationships.
  • Visitor implementations for generating JSON/markdown reports or capturing follow-up actions.
  • Tested patterns for merging external intel feeds (VirusTotal, sandbox runs, allow-lists).

Installation

Cyvest targets Python 3.10+ and is published on PyPI:

uv pip install cyvest

Quick start

Create a new report with nested containers and observables:

from cyvest import Level, ObsType, ReportBuilder, Scope

builder = ReportBuilder(graph=True)

with builder.container("body", scope=Scope.BODY) as body:
    check = body.add_check("url_scan", description="Detected suspicious URL")
    check.add_observable_chain(
        [
            {
                "obs_type": ObsType.URL,
                "value": "http://example.test",
                "intel": {"name": "sandbox", "score": 4, "level": Level.SUSPICIOUS},
            }
        ]
    )

report = builder.build()
print(report.to_json())

Run the bundled example:

uv sync
uv run python examples/basic_report.py

Development workflow

Set up dependencies with uv:

uv sync

Execute the unit suite:

uv run pytest tests

Lint and format using Ruff:

uv run ruff check
uv run ruff format --check

Graph & model axioms

  1. Cyclic graphs on observables or containables are not supported.
  2. Every root containable model must be visited. (Observables may be skipped because parent links are tracked.)
  3. Child observables do not update result checks linked only to their parents.
  4. A ResultCheck score cannot be changed by an observable that is mutated elsewhere.
  5. Adding an observable to a ResultCheck promotes the check to at least Level.INFO (a Level.NONE check becomes INFO).

See examples/ and the tests under tests/ for more scenarios, including how to subclass the provided visitors to integrate your own tooling.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for PakitoSec from gravatar.com PakitoSec

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: PakitoSec
  • Tags cybersecurity , incident-response , observability , threat-intelligence , reporting , graph
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

5.4.1

5.4.0

5.3.3

5.3.2

5.3.1

5.3.0

5.2.1

5.2.0

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.4

5.0.3

5.0.2

5.0.0

4.4.1

4.4.0

4.3.0

4.2.0

4.1.0

4.0.0

3.2.0

3.1.0

3.0.1

3.0.0

2.0.1

2.0.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cyvest-0.1.0.tar.gz (23.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cyvest-0.1.0-py3-none-any.whl (22.2 kB view details)

Uploaded Python 3

File details

Details for the file cyvest-0.1.0.tar.gz.

File metadata

  • Download URL: cyvest-0.1.0.tar.gz
  • Upload date:
  • Size: 23.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cyvest-0.1.0.tar.gz
Algorithm Hash digest
SHA256 53f16cfad41b53e5ec268479145cca913fbe68ff51de9679e1fba13d858d9f1f
MD5 f9f14b656b5f3653f0382fadd4a5a9fa
BLAKE2b-256 5cea28f65a977169c44207ddd3fbe3ba6687178f47709c92ff1efa1a0ece3ca2

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyvest-0.1.0.tar.gz:

Publisher: ci.yml on PakitoSec/cyvest

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cyvest-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: cyvest-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 22.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cyvest-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dcd8174e4059166fe1a7e40813e224f335d3778736438047c10ef24b4c09305f
MD5 66c2300d8693438faee7001bf07487a7
BLAKE2b-256 bc0793571112caad9fb3206d057e4ac87adb2237e7c307f78e1a2d7ba260f396

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyvest-0.1.0-py3-none-any.whl:

Publisher: ci.yml on PakitoSec/cyvest

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page