pySigma Elasticsearch backend supportinhg Lucene, ES|QL (with correlations) and EQL queries

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 (LGPLv3) (LGPL-3.0-only)
  • Author: Thomas Patzke
  • Requires: Python <4.0, >=3.8
Classifiers

Project description

Tests Coverage Badge Status

pySigma Elasticsearch Backend

This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch with the LuceneBackend class.

It supports the following output formats:

  • default: Lucene queries.
  • dsl_lucene: DSL with embedded Lucene queries.
  • eql: Elastic Event Query Language queries.
  • kibana_ndjson: Kibana NDJSON with Lucene queries.

Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch:

  • ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
  • ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
  • ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
  • ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
  • zeek_raw in zeek submodule: Zeek raw JSON log field naming.

This backend is currently maintained by:

Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 (LGPLv3) (LGPL-3.0-only)
  • Author: Thomas Patzke
  • Requires: Python <4.0, >=3.8
Classifiers

Release history Release notifications | RSS feed

1.1.3

1.1.2

This version

1.1.1

1.1.0

1.0.12

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.2.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_elasticsearch-1.1.1.tar.gz (24.7 kB view details)

Uploaded Source

Built Distribution

pysigma_backend_elasticsearch-1.1.1-py3-none-any.whl (28.9 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_elasticsearch-1.1.1.tar.gz.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.1.tar.gz
Algorithm Hash digest
SHA256 bcfc0cf0a70510e8d8a05d7c479b0a8393ec5a48d16802eb657509107cf75fc0
MD5 a6a76725f19b01991a3df876f09a0f98
BLAKE2b-256 6b84f455f2ef449d9d4642edbebed68a382eeeb2f27a1400ca9d908a3d34c613

See more details on using hashes here.

File details

Details for the file pysigma_backend_elasticsearch-1.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 308c280316a4a1577711dafe56971580c0d71abc0bdcfa49578cb387b8ad5ef3
MD5 b571413a610bf1af908b2b421ed4a82e
BLAKE2b-256 4826e1aeb7c1ea6679ec1a34aa314cda604337232da4ac95cef0d1c5d85e62cb

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page