No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

panther-utils

Panther Config SDK utilities repo

Match Filters

The deep_equal filter allows you to filter events based on a field match.

from panther_config import detection
from panther_utils import match_filters

# example: match server logs with insecure POST requests
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        match_filters.deep_equal(path="request.method", value="POST"),
        match_filters.deep_equal(path="request.use_ssl", value=False),
    ]
)

Network Filters

The ips_in_cidr filter allows you to filter events based whether IPs are in a CIDR range. The optional path argument can target a dot-separated path to a single IP string or a list of IP strings. The path argument defaults to the Panther field p_any_ip_addresses. This filter uses the python ipaddress module to perform the comparison.

from panther_config import detection
from panther_utils import network_filters

# example: match server logs coming from 10.x.x.x
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        network_filters.ips_in_cidr(cidr = "10.0.0.0/8"), # by default, source IPs from p_any_ip_addresses
    ]
)

# example: match server logs coming from 192.168.x.x
detection.Rule(
    rule_id="Internal.Logs",
    log_types=["Custom.InternalLogs"],
    filters=[
        network_filters.ips_in_cidr(cidr = "192.168.0.0/16", path="custom.path.to.ips"), 
    ]
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.1

0.1.0

0.0.5

0.0.4

0.0.3

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

panther_utils-0.0.2.tar.gz (15.2 kB view details)

Uploaded Source

File details

Details for the file panther_utils-0.0.2.tar.gz.

File metadata

  • Download URL: panther_utils-0.0.2.tar.gz
  • Upload date:
  • Size: 15.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.9.7

File hashes

Hashes for panther_utils-0.0.2.tar.gz
Algorithm Hash digest
SHA256 a53fb6f5d778cecb8727d2fb43b376e06935eb9134081a8f10f3bcb01d4bc776
MD5 692e847e4fe1707dd85f4b930128bfae
BLAKE2b-256 9f1222c5cf7f61943187276e437fa3251fbf7b765cc29bf5c85c7d10d66a5dbd

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page