pySigma NetWitness backend

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers
Report project as malware

Project description

Test status Test coverage Package version Supported Python versions Release status

pySigma NetWitness Backend

This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class. Further, it contains the following processing pipelines in sigma.pipelines.netwitness:

  • netwitness_windows_pipeline: NetWitness mapping and conversions for Windows

This backend is currently maintained by:

Requirements

Installation

pip install pysigma-backend-netwitness

Example

  • Create a file main.py with:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline

netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())

conversion_result: list[str] = netwitness_backend.convert(
    SigmaCollection.from_yaml(
        """
        title: Test
        status: test
        logsource:
            product: windows
            category: process_creation
        detection:
            sel:
                CommandLine: test
            condition: sel
        """
    )
)

print(conversion_result[0])

Run the example with:

$ python main.py

reference.id = '4688' && param = 'test'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Release history Release notifications | RSS feed

0.3.0

This version

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_netwitness-0.2.5.tar.gz (20.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pysigma_backend_netwitness-0.2.5-py3-none-any.whl (22.3 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_netwitness-0.2.5.tar.gz.

File metadata

  • Download URL: pysigma_backend_netwitness-0.2.5.tar.gz
  • Upload date:
  • Size: 20.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.3 Linux/6.8.0-1021-azure

File hashes

Hashes for pysigma_backend_netwitness-0.2.5.tar.gz
Algorithm Hash digest
SHA256 075de8c08fb4da9b25534e24f651f7e96f079a5c7bb3010a1a9e75d9b03c78d8
MD5 d847b4208c9fc3071beb9b1577141196
BLAKE2b-256 8f4b71e60d96ed2dc9e7e9a92da9be94623521f7d51329dd4e6a45c26188b156

See more details on using hashes here.

File details

Details for the file pysigma_backend_netwitness-0.2.5-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_netwitness-0.2.5-py3-none-any.whl
Algorithm Hash digest
SHA256 80408e5868341f1de97a8268bff0c0248fe10136993e338c86cf90204db4e896
MD5 d40f65dbaa5653a029c3cf294b1271c8
BLAKE2b-256 1ce07d3912740fa405cb0fc661d3a4615094410903c96d70bdafc015f26adb5c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page