No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

panther-utils

Panther Config SDK utilities repo

Match Filters

The deep_equal filter allows you to filter events based on a field match.

from panther_config import detection
from panther_utils import match_filters

# example: match server logs with insecure POST requests
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        match_filters.deep_equal(path="request.method", value="POST"),
        match_filters.deep_equal(path="request.use_ssl", value=False),
    ]
)

Network Filters

The ips_in_cidr filter allows you to filter events based whether IPs are in a CIDR range. The optional path argument can target a dot-separated path to a single IP string or a list of IP strings. The path argument defaults to the Panther field p_any_ip_addresses. This filter uses the python ipaddress module to perform the comparison.

from panther_config import detection
from panther_utils import network_filters

# example: match server logs coming from 10.x.x.x
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        network_filters.ips_in_cidr(cidr = "10.0.0.0/8"), # by default, source IPs from p_any_ip_addresses
    ]
)

# example: match server logs coming from 192.168.x.x
detection.Rule(
    rule_id="Internal.Logs",
    log_types=["Custom.InternalLogs"],
    filters=[
        network_filters.ips_in_cidr(cidr = "192.168.0.0/16", path="custom.path.to.ips"), 
    ]
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.1

0.1.0

0.0.5

0.0.4

0.0.3

0.0.2

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

panther_utils-0.0.1.tar.gz (15.1 kB view details)

Uploaded Source

File details

Details for the file panther_utils-0.0.1.tar.gz.

File metadata

  • Download URL: panther_utils-0.0.1.tar.gz
  • Upload date:
  • Size: 15.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.9.7

File hashes

Hashes for panther_utils-0.0.1.tar.gz
Algorithm Hash digest
SHA256 0fbdf91cad9f1257e9d3b9c92b311bdba8210da78af2a59686b4b1039f155c36
MD5 30159c9c5eec69f550614961b47e056e
BLAKE2b-256 a704df59e548a18170119c12833eea0e1ed76e79f3fd104946db7dbd1c23ba2d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page