No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

panther-utils

Panther Config SDK utilities repo

Match Filters

The deep_equal filter allows you to filter events based on a field match.

from panther_config import detection
from panther_utils import match_filters

# example: match server logs with insecure POST requests
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        match_filters.deep_equal(path="request.method", value="POST"),
        match_filters.deep_equal(path="request.use_ssl", value=False),
    ]
)

Network Filters

The ips_in_cidr filter allows you to filter events based whether IPs are in a CIDR range. The optional path argument can target a dot-separated path to a single IP string or a list of IP strings. The path argument defaults to the Panther field p_any_ip_addresses. This filter uses the python ipaddress module to perform the comparison.

from panther_config import detection
from panther_utils import network_filters

# example: match server logs coming from 10.x.x.x
detection.Rule(
    rule_id="My.Custom.Rule",
    log_types=["ServerLogs.HTTP"],
    filters=[
        network_filters.ips_in_cidr(cidr = "10.0.0.0/8"), # by default, source IPs from p_any_ip_addresses
    ]
)

# example: match server logs coming from 192.168.x.x
detection.Rule(
    rule_id="Internal.Logs",
    log_types=["Custom.InternalLogs"],
    filters=[
        network_filters.ips_in_cidr(cidr = "192.168.0.0/16", path="custom.path.to.ips"), 
    ]
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for panther from gravatar.com panther

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3
  • Author: Panther Labs Inc.
  • Tags security , detection
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.1

0.1.0

0.0.5

0.0.4

This version

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

panther_utils-0.0.3.tar.gz (15.5 kB view details)

Uploaded Source

File details

Details for the file panther_utils-0.0.3.tar.gz.

File metadata

  • Download URL: panther_utils-0.0.3.tar.gz
  • Upload date:
  • Size: 15.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.9.7

File hashes

Hashes for panther_utils-0.0.3.tar.gz
Algorithm Hash digest
SHA256 e2a1c709639661194ffc1c6f582ad350b06b613a1ffc7667a77d94e0484cbdc2
MD5 ccffa689509ef1812d2563cb4148d0af
BLAKE2b-256 11b80fc4b5732212639927bb3da2700f9ee1acfa372bef63c3c1ec7f085c642d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page