pySigma NetWitness backend

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers
Report project as malware

Project description

Test status Test coverage Package version Supported Python versions Release status

pySigma NetWitness Backend

This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class. Further, it contains the following processing pipelines in sigma.pipelines.netwitness:

  • netwitness_windows_pipeline: NetWitness mapping and conversions for Windows

This backend is currently maintained by:

Requirements

Installation

pip install pysigma-backend-netwitness

Example

  • Create a file main.py with:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline

netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())

conversion_result: list[str] = netwitness_backend.convert(
    SigmaCollection.from_yaml(
        """
        title: Test
        status: test
        logsource:
            product: windows
            category: process_creation
        detection:
            sel:
                CommandLine: test
            condition: sel
        """
    )
)

print(conversion_result[0])

Run the example with:

$ python main.py

reference.id = '4688' && param = 'test'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.5

0.2.4

0.2.3

0.2.2

This version

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_netwitness-0.2.1.tar.gz (19.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pysigma_backend_netwitness-0.2.1-py3-none-any.whl (21.8 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_netwitness-0.2.1.tar.gz.

File metadata

  • Download URL: pysigma_backend_netwitness-0.2.1.tar.gz
  • Upload date:
  • Size: 19.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.0.1 CPython/3.12.3 Linux/6.8.0-1021-azure

File hashes

Hashes for pysigma_backend_netwitness-0.2.1.tar.gz
Algorithm Hash digest
SHA256 ef560b7ca09f0d9775d23e7572a4071ec5ccbe117a7ccf0a2261f5f01bceb31e
MD5 762a027d92d8f25fef5ca298c5024b60
BLAKE2b-256 01cef5e71256bf427c04c18532433cb9a4f59cddc8ba03ca3e50cba3827b7e76

See more details on using hashes here.

File details

Details for the file pysigma_backend_netwitness-0.2.1-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_netwitness-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ccc54cdbd913aff5a04c113a78fdb331d283c2745ce74625d7480e3aa0986d20
MD5 a75cef74d7bf800598f599d1108d4c2a
BLAKE2b-256 7a6e1bd7b508437eba446f06903ee8973b380c721490d62e40e6a7ff792f6a3b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page