pySigma Elasticsearch backend supporting Lucene, ES|QL (with correlations) and EQL queries
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
pySigma Elasticsearch Backend
This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch with the LuceneBackend class.
It supports the following output formats:
- default: Lucene queries.
- dsl_lucene: DSL with embedded Lucene queries.
- eql: Elastic Event Query Language queries.
- kibana_ndjson: Kibana NDJSON with Lucene queries.
Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch:
- ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
- ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
- ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
- ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
- zeek_raw in zeek submodule: Zeek raw JSON log field naming.
- ecs_kubernetes in kubernetes submodule: ECS mapping for Kubernetes audit logs ingested with Kubernetes integration
This backend is currently maintained by:
Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pysigma_backend_elasticsearch-1.1.3.tar.gz.
File metadata
- Download URL: pysigma_backend_elasticsearch-1.1.3.tar.gz
- Upload date:
- Size: 24.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 76680f1373d65a3d09ac466fd15e25c7287f6cad5e323326ca790441ba44f99c |
|
| MD5 | 5f11c376d9de46e006308fc37d40f9f8 |
|
| BLAKE2b-256 | dc21752f896a72c719c5207e8db180d5ee499c0f6bb4064bcacfbb22864547cf |
Provenance
The following attestation bundles were made for pysigma_backend_elasticsearch-1.1.3.tar.gz:
Publisher:
release.yml on SigmaHQ/pySigma-backend-elasticsearch
-
Statement type:
https://in-toto.io/Statement/v1- Predicate type:
https://docs.pypi.org/attestations/publish/v1 - Subject name:
pysigma_backend_elasticsearch-1.1.3.tar.gz - Subject digest:
76680f1373d65a3d09ac466fd15e25c7287f6cad5e323326ca790441ba44f99c - Sigstore transparency entry: 146243200
- Sigstore integration time:
- Predicate type:
File details
Details for the file pysigma_backend_elasticsearch-1.1.3-py3-none-any.whl.
File metadata
- Download URL: pysigma_backend_elasticsearch-1.1.3-py3-none-any.whl
- Upload date:
- Size: 31.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a4badec976d6c280c61384c542096f38b92b759ef1a0b7a0a3e4aa51f9c01d57 |
|
| MD5 | 763f794f41bea10f480eb10c9f082bb5 |
|
| BLAKE2b-256 | 3b97b46a22f975e1038ace00b1860b0b507c2dcd46bf2f27a83acc83cf13d210 |
Provenance
The following attestation bundles were made for pysigma_backend_elasticsearch-1.1.3-py3-none-any.whl:
Publisher:
release.yml on SigmaHQ/pySigma-backend-elasticsearch
-
Statement type:
https://in-toto.io/Statement/v1- Predicate type:
https://docs.pypi.org/attestations/publish/v1 - Subject name:
pysigma_backend_elasticsearch-1.1.3-py3-none-any.whl - Subject digest:
a4badec976d6c280c61384c542096f38b92b759ef1a0b7a0a3e4aa51f9c01d57 - Sigstore transparency entry: 146243201
- Sigstore integration time:
- Predicate type:
