pySigma NetWitness backend

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers
Report project as malware

Project description

Test status Test coverage Package version Supported Python versions Release status

pySigma NetWitness Backend

This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class. Further, it contains the following processing pipelines in sigma.pipelines.netwitness:

  • netwitness_windows_pipeline: NetWitness mapping and conversions for Windows

This backend is currently maintained by:

Requirements

Installation

pip install pysigma-backend-netwitness

Example

  • Create a file main.py with:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline

netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())

conversion_result: list[str] = netwitness_backend.convert(
    SigmaCollection.from_yaml(
        """
        title: Test
        status: test
        logsource:
            product: windows
            category: process_creation
        detection:
            sel:
                CommandLine: test
            condition: sel
        """
    )
)

print(conversion_result[0])

Run the example with:

$ python main.py

reference.id = '4688' && param = 'test'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

This version

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_netwitness-0.2.0.tar.gz (20.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pysigma_backend_netwitness-0.2.0-py3-none-any.whl (21.8 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_netwitness-0.2.0.tar.gz.

File metadata

  • Download URL: pysigma_backend_netwitness-0.2.0.tar.gz
  • Upload date:
  • Size: 20.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.5 CPython/3.12.3 Linux/6.8.0-1017-azure

File hashes

Hashes for pysigma_backend_netwitness-0.2.0.tar.gz
Algorithm Hash digest
SHA256 ed1bee3d677a468b270cd8f781c7cf2b30c71c188610586af46a3002a6e7f006
MD5 5a60b64739e374a091b601cc099683c0
BLAKE2b-256 532336751c2f1e2b9b1f8f0411af78d577f6f7438e955048e63552565e83455b

See more details on using hashes here.

File details

Details for the file pysigma_backend_netwitness-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_netwitness-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 95c018b856815f0d7a9ac8327389036cb72c2714872f626f7c7338c88d30461c
MD5 6e7f52371f83d3f1bb53b1c746011c4f
BLAKE2b-256 b609786bba983ef63bd598c97b24efc72a449020106fca63e33cfe231b6f2fd2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page