Tool used for converting jiffies from iptables xt_recent into timestamps.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for peppelinux from gravatar.com peppelinux

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

pyjq

A simple Python package to Query Json Data.

Features

  • Supports pure json files
  • Supports multiple json objects in a file, delimited by newlines (/n)
  • Supports gzipped files
  • Supports customizabile filters
  • Supports pure datetime range filters

Todo

The filters could be extended easily, adopting Python3 stdlib operator. See pyjq.PyJQ.filter to extend ops mapping.

Installation

pip install pyjq

Example data

See example/alerts.json. pyjq works on lines by lines (splitted by \n). It have been used for Wazuh alert json files and Django dumps.

pyjq -j examples/django_dump.json -limit 2 -filter 'fields__original_url == https://google.com'
pyjq -j examples/django_dump.json -limit 2 -filter 'model == urlshortener.urlshortener'

Usage

Apply some custom filters with AND and OR operators on Wazuh Alert file

pyjq -j ../Scaricati/alerts.json -filter 'agent__ip == 172.16.16.102 and agent__name == telegram-gw or agent__ip == 172.16.16.108'

Contains operator

pyjq -j ../Scaricati/alerts.json -filter 'rule__description in iptables and agent__name == dev-bastion'

Convert a specified filed to a pure datetime object and filter in a specified range

pyjq -j ../Scaricati/alerts.json -start_datetime 2020-04-06T10:22:00 -end_datetime 2020-04-06T13:22:00 -datetime_field timestamp

Use a gzipped json file directly

pyjq -j ../Scaricati/alerts.json.gzip

Limit results to 2

pyjq -j ../Scaricati/alerts.json  -limit 2

Author

Giuseppe De Marco giuseppe.demarco@unical.it

Credits

Wazuh SIEM group @GarrLab

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for peppelinux from gravatar.com peppelinux

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.8.0

0.7.0

0.6.9

0.6.8

0.6.6

0.6.4

0.6.0

This version

0.4

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyjq-ng-0.4.tar.gz (4.0 kB view details)

Uploaded Source

Built Distribution

pyjq_ng-0.4-py3-none-any.whl (5.4 kB view details)

Uploaded Python 3

File details

Details for the file pyjq-ng-0.4.tar.gz.

File metadata

  • Download URL: pyjq-ng-0.4.tar.gz
  • Upload date:
  • Size: 4.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.7.4

File hashes

Hashes for pyjq-ng-0.4.tar.gz
Algorithm Hash digest
SHA256 6d7a62e8b5c0a14644628bd210b4142cdfef6ed4e3f49d85459e2f60b369c7eb
MD5 c4b24a3f64c1b53c5f7ea4ee85969e02
BLAKE2b-256 989b67ba5a39effdfd891706d55dc90d326f4b59f6609af7697f5ec65c768b5c

See more details on using hashes here.

File details

Details for the file pyjq_ng-0.4-py3-none-any.whl.

File metadata

  • Download URL: pyjq_ng-0.4-py3-none-any.whl
  • Upload date:
  • Size: 5.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.7.4

File hashes

Hashes for pyjq_ng-0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 268f1f28a78a3f834a39a48ffd69a884fce2100fc17ba9bf65f0c50efb1da529
MD5 a2193876c45b3f903b760ecbae908f8b
BLAKE2b-256 50e7b2e28ce7d25d93764f87432080c5137d45d51a7616fe5f4c322148ea67a4

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page