Skip to main content

pySigma Elasticsearch backend supportinhg Lucene, ES|QL (with correlations) and EQL queries

Project description

Tests Coverage Badge Status

pySigma Elasticsearch Backend

This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch with the LuceneBackend class.

It supports the following output formats:

  • default: Lucene queries.
  • dsl_lucene: DSL with embedded Lucene queries.
  • eql: Elastic Event Query Language queries.
  • kibana_ndjson: Kibana NDJSON with Lucene queries.

Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch:

  • ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
  • ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
  • ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
  • ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
  • zeek_raw in zeek submodule: Zeek raw JSON log field naming.

This backend is currently maintained by:

Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_elasticsearch-1.1.0.tar.gz (23.6 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file pysigma_backend_elasticsearch-1.1.0.tar.gz.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.0.tar.gz
Algorithm Hash digest
SHA256 af325b967e0df866f60ac14be4701b9bc7e3e5b5c97fa0b7e6c56d202479c301
MD5 2d9ac1d54085125c3f58b5bd9b254c09
BLAKE2b-256 efa3d11ca6a7cf9cc9d1abe56d9bcf4254a03cf8e8ab3133811c426628b4b360

See more details on using hashes here.

File details

Details for the file pysigma_backend_elasticsearch-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a1ff5038117fb2320b5363cc27a8611d7388936f39db91e8ba57e57e94a4811e
MD5 5e25bc9b11d1591861b85fb7b7d6e9ea
BLAKE2b-256 a3d57fa087b6eadfa36b50436b8a030cecd52b75729aa643819f5df1abc44150

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page