Cybersecurity investigation model

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for PakitoSec from gravatar.com PakitoSec

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: PakitoSec
  • Tags cybersecurity , incident-response , observability , threat-intelligence , reporting , graph
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Cyvest – Cyber Investigation Model

Reusable investigation domain models, visitor helpers, and reporting utilities for incident responders. Cyvest provides a consistent data model for threat intelligence, observables, and result checks while keeping the visitor layer extensible for bespoke workflows.

Features

  • Composition-friendly report builder that nests containers and checks.
  • Observable graph with automatic score/level propagation across relationships.
  • Visitor implementations for generating JSON/markdown reports or capturing follow-up actions.
  • Tested patterns for merging external intel feeds (VirusTotal, sandbox runs, allow-lists).

Installation

Cyvest targets Python 3.10+ and is published on PyPI:

uv pip install cyvest

Quick start

Create a new report with nested containers and observables:

from cyvest import Level, ObsType, ReportBuilder, Scope

builder = ReportBuilder(graph=True)

with builder.container("body", scope=Scope.BODY) as body:
    check = body.add_check("url_scan", description="Detected suspicious URL")
    check.add_observable_chain(
        [
            {
                "obs_type": ObsType.URL,
                "value": "http://example.test",
                "intel": {"name": "sandbox", "score": 4, "level": Level.SUSPICIOUS},
            }
        ]
    )

report = builder.build()
print(report.to_json())

Run the bundled example:

uv sync
uv run python examples/basic_report.py

Development workflow

Set up dependencies with uv:

uv sync

Execute the unit suite:

uv run pytest tests

Lint and format using Ruff:

uv run ruff check
uv run ruff format --check

Graph & model axioms

  1. Cyclic graphs on observables or containables are not supported.
  2. Every root containable model must be visited. (Observables may be skipped because parent links are tracked.)
  3. Child observables do not update result checks linked only to their parents.
  4. A ResultCheck score cannot be changed by an observable that is mutated elsewhere.
  5. Adding an observable to a ResultCheck promotes the check to at least Level.INFO (a Level.NONE check becomes INFO).

See examples/ and the tests under tests/ for more scenarios, including how to subclass the provided visitors to integrate your own tooling.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for PakitoSec from gravatar.com PakitoSec

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: PakitoSec
  • Tags cybersecurity , incident-response , observability , threat-intelligence , reporting , graph
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

5.4.1

5.4.0

5.3.3

5.3.2

5.3.1

5.3.0

5.2.1

5.2.0

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.4

5.0.3

5.0.2

5.0.0

4.4.1

4.4.0

4.3.0

4.2.0

4.1.0

4.0.0

3.2.0

3.1.0

3.0.1

3.0.0

2.0.1

2.0.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cyvest-0.2.0.tar.gz (24.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cyvest-0.2.0-py3-none-any.whl (23.3 kB view details)

Uploaded Python 3

File details

Details for the file cyvest-0.2.0.tar.gz.

File metadata

  • Download URL: cyvest-0.2.0.tar.gz
  • Upload date:
  • Size: 24.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cyvest-0.2.0.tar.gz
Algorithm Hash digest
SHA256 98b1377a45e9a486dd64dfe75b31019631350e0e6171edcc8e9965196626bcd6
MD5 8fa4d685535a778d3ec2d36f1bb7456e
BLAKE2b-256 da66916c1b795fe6596351056692d6664c92092ff31168a6da7ba34f98a862d5

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyvest-0.2.0.tar.gz:

Publisher: ci.yml on PakitoSec/cyvest

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cyvest-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: cyvest-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 23.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cyvest-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 da6aa4123eafb64e0da55b3a5f8580e507fa706773eef0b6b0033e7020f7a22c
MD5 2f862d4616b02a95a29f8ff104dbe9e9
BLAKE2b-256 29459d666c091867daee88332592091eec7467a257a7a472f54613d082569c64

See more details on using hashes here.

Provenance

The following attestation bundles were made for cyvest-0.2.0-py3-none-any.whl:

Publisher: ci.yml on PakitoSec/cyvest

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page