pySigma NetWitness backend

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers
Report project as malware

Project description

Test status Test coverage Package version Supported Python versions Release status

pySigma NetWitness Backend

This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class. Further, it contains the following processing pipelines in sigma.pipelines.netwitness:

  • netwitness_windows_pipeline: NetWitness mapping and conversions for Windows

This backend is currently maintained by:

Requirements

Installation

pip install pysigma-backend-netwitness

Example

  • Create a file main.py with:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline

netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())

conversion_result: list[str] = netwitness_backend.convert(
    SigmaCollection.from_yaml(
        """
        title: Test
        status: test
        logsource:
            product: windows
            category: process_creation
        detection:
            sel:
                CommandLine: test
            condition: sel
        """
    )
)

print(conversion_result[0])

Run the example with:

$ python main.py

reference.id = '4688' && param = 'test'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.5

0.2.4

This version

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_netwitness-0.2.3.tar.gz (20.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pysigma_backend_netwitness-0.2.3-py3-none-any.whl (22.3 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_netwitness-0.2.3.tar.gz.

File metadata

  • Download URL: pysigma_backend_netwitness-0.2.3.tar.gz
  • Upload date:
  • Size: 20.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.3 Linux/6.8.0-1021-azure

File hashes

Hashes for pysigma_backend_netwitness-0.2.3.tar.gz
Algorithm Hash digest
SHA256 4be9646b08b52173320dcc206269e46a9ba2304a9708afe41d803d506aa90c2f
MD5 d56f0d29f20babd6fd2ea53907ecf93b
BLAKE2b-256 6604741a2031e79942423df33d76e52b38d262b9ad7d228a68ef3aaec48e649d

See more details on using hashes here.

File details

Details for the file pysigma_backend_netwitness-0.2.3-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_netwitness-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 4c57a1affc33e031302910fd193913cd35d7c3fbcf419695a241871d0d69e573
MD5 98a02ba395a6c48bbf52c7889d6292b9
BLAKE2b-256 20670fd35d8c04312cc328a5cec51f3fadcd2a40d81f7b35af44c9bc5018c797

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page