pySigma Elasticsearch backend supporting Lucene, ES|QL (with correlations) and EQL queries

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 (LGPLv3) (LGPL-3.0-only)
  • Author: Thomas Patzke
  • Requires: Python <4.0, >=3.8
Classifiers

Project description

Tests Coverage Badge Status

pySigma Elasticsearch Backend

This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch with the LuceneBackend class.

It supports the following output formats:

  • default: Lucene queries.
  • dsl_lucene: DSL with embedded Lucene queries.
  • eql: Elastic Event Query Language queries.
  • kibana_ndjson: Kibana NDJSON with Lucene queries.

Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch:

  • ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
  • ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
  • ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
  • ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
  • zeek_raw in zeek submodule: Zeek raw JSON log field naming.
  • ecs_kubernetes in kubernetes submodule: ECS mapping for Kubernetes audit logs ingested with Kubernetes integration

This backend is currently maintained by:

Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 (LGPLv3) (LGPL-3.0-only)
  • Author: Thomas Patzke
  • Requires: Python <4.0, >=3.8
Classifiers

Release history Release notifications | RSS feed

1.1.3

This version

1.1.2

1.1.1

1.1.0

1.0.12

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.2.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_elasticsearch-1.1.2.tar.gz (24.1 kB view details)

Uploaded Source

Built Distribution

pysigma_backend_elasticsearch-1.1.2-py3-none-any.whl (31.8 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_elasticsearch-1.1.2.tar.gz.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.2.tar.gz
Algorithm Hash digest
SHA256 b9c69e768ee9335c533407a5fbc4f37e09b1181ceafe470effdbd504aa0c3ecb
MD5 949689c7f6e4866d06bc36b4687c470a
BLAKE2b-256 f47316f4f9033c973821ee2283265c0ebac060a6f699b1aad4ba0ab242636404

See more details on using hashes here.

File details

Details for the file pysigma_backend_elasticsearch-1.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_elasticsearch-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 10843c651ef38cf4f4593ac795859696dbee790868fa28c344398b780bb36785
MD5 903a6f32a15f51f6f8e20f4ffb8bedb5
BLAKE2b-256 d1d06b05d48ad9467538f64d3c16d5d1f2f92f8d59655079651e5718c6c7fcc7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page