Send .mans to ElasticSearch

These details have not been verified by PyPI

Project links

Homepage

Project description

mans_to_es

Parses the FireEye HX .mans triage collections and send them to ElasticSearch

About
Getting started
Contributing
Disclaimer

About

mans_to_es is an open source tool for parsing FireEye HX .mans triage collections and send them to ElasticSearch.

Mans file is a zipped collection of xml that we parse using xmltodict. It uses pandas and multiprocessing to speed up the parsing with xml files.

Getting started

Installation

pip install mans-to-es

Developing

If you want to develop with the script you can download and place it under /usr/local/bin and make it executable.

Usage as script

$ mans_to_es.py --help
usage: MANS to ES [-h] [--filename FILENAME] [--name NAME] [--index INDEX]
                  [--es_host ES_HOST] [--es_port ES_PORT]
                  [--cpu_count CPU_COUNT] [--bulk_size BULK_SIZE] [--version]

Push .mans information in Elasticsearch index

optional arguments:
  -h, --help            show this help message and exit
  --filename FILENAME   Path of the .mans file
  --name NAME           Timeline name
  --index INDEX         ES index name
  --es_host ES_HOST     ES host
  --es_port ES_PORT     ES port
  --cpu_count CPU_COUNT
                        cpu count
  --bulk_size BULK_SIZE
                        Bulk size for multiprocessing parsing and upload
  --version             show program's version number and exit

Usage as lib

>>> from mans_to_es import MansToEs
>>> a = MansToEs()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() missing 5 required positional arguments: 'filename', 'index', 'name', 'es_host', and 'es_port'
>>> a = MansToEs(filename = '<file.mans>', index="<index>", name="<name>", es_host="localhost", es_port=9200)
>>> a.run()

Contributing

If you want to contribute to mans_to_es, be sure to review the contributing guidelines. This project adheres to mans_to_es code of conduct. By participating, you are expected to uphold this code.

**We use GitHub issues for tracking requests and bugs.

Disclaimer

This is not an official FireEye product. Bugs are expected.

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.6

May 20, 2020

1.5

May 19, 2020

1.4

Oct 3, 2019

1.3

Jul 29, 2019

1.0

Jul 24, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mans_to_es-1.6.tar.gz (10.2 kB view details)

Uploaded May 20, 2020 Source

Built Distribution

mans_to_es-1.6-py3-none-any.whl (13.4 kB view details)

Uploaded May 20, 2020 Python 3

File details

Details for the file mans_to_es-1.6.tar.gz.

File metadata

Download URL: mans_to_es-1.6.tar.gz
Upload date: May 20, 2020
Size: 10.2 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2

File hashes

Hashes for mans_to_es-1.6.tar.gz
Algorithm	Hash digest
SHA256	`3a05bc46febd7c07b83faa13a429cdc33cb3d91683c733996533ec8695c0c4a9`
MD5	`3bd1bb8c1670206a73c7443eb96b2aaa`
BLAKE2b-256	`0162b4260ba40f55af4a82e4fb5b41f381fa3bb0537489b8fa3efb713b6bbb00`

See more details on using hashes here.

File details

Details for the file mans_to_es-1.6-py3-none-any.whl.

File metadata

Download URL: mans_to_es-1.6-py3-none-any.whl
Upload date: May 20, 2020
Size: 13.4 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2

File hashes

Hashes for mans_to_es-1.6-py3-none-any.whl
Algorithm	Hash digest
SHA256	`69ffceaa9e13e67308bff4f9454b22bd6975fadf15dec4509af042fca78fdbd9`
MD5	`73516fa7bef4772225b7e0f7fa9fc2b5`
BLAKE2b-256	`adea8e4bee4376acbbd507e7439b92fd4ea516a6038a6c7e30882e33a9b206b6`