pySigma NetWitness backend
Project description
pySigma NetWitness Backend
This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class.
Further, it contains the following processing pipelines in sigma.pipelines.netwitness:
- netwitness_windows_pipeline: NetWitness mapping and conversions for Windows
This backend is currently maintained by:
Requirements
Installation
pip install pysigma-backend-netwitness
Example
- Create a file
main.pywith:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline
netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())
conversion_result: list[str] = netwitness_backend.convert(
SigmaCollection.from_yaml(
"""
title: Test
status: test
logsource:
product: windows
category: process_creation
detection:
sel:
CommandLine: test
condition: sel
"""
)
)
print(conversion_result[0])
Run the example with:
$ python main.py
reference.id = '4688' && param = 'test'
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pysigma_backend_netwitness-0.3.0.tar.gz.
File metadata
- Download URL: pysigma_backend_netwitness-0.3.0.tar.gz
- Upload date:
- Size: 23.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.9 {"installer":{"name":"uv","version":"0.9.9"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ea86cf0fa0ddddd4ea0f045a5ffef4dc59abee19b419ec45b94d629321c9514
|
|
| MD5 |
6d280326ccbf4e33778a872bbfdf5f10
|
|
| BLAKE2b-256 |
b68094ea32e0077833cf0bf3aa1d56e2e8ee21e255fc1ae8f6a9757af37e675d
|
File details
Details for the file pysigma_backend_netwitness-0.3.0-py3-none-any.whl.
File metadata
- Download URL: pysigma_backend_netwitness-0.3.0-py3-none-any.whl
- Upload date:
- Size: 23.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.9 {"installer":{"name":"uv","version":"0.9.9"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8654cb63a40f55ba0f6a14923a67102f7110b68a6c8d0ca6cb2ed8684d7e6ca7
|
|
| MD5 |
6531ee6189fa6b460188170ec06e9c1d
|
|
| BLAKE2b-256 |
a82f91887b6e5bf902f2c8d2013ce84cceb4f5c918549c6c5c698a43cd3a634c
|
