pySigma NetWitness backend

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Project description

Test status Test coverage Package version Supported Python versions Release status

pySigma NetWitness Backend

This is the NetWitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetWitnessBackend class. Further, it contains the following processing pipelines in sigma.pipelines.netwitness:

  • netwitness_windows_pipeline: NetWitness mapping and conversions for Windows

This backend is currently maintained by:

Requirements

Installation

pip install pysigma-backend-netwitness

Example

  • Create a file main.py with:
from sigma.collection import SigmaCollection
from sigma.backends.netwitness.netwitness import NetWitnessBackend
from sigma.pipelines.netwitness.windows import netwitness_windows_pipeline

netwitness_backend = NetWitnessBackend(processing_pipeline=netwitness_windows_pipeline())

conversion_result: list[str] = netwitness_backend.convert(
    SigmaCollection.from_yaml(
        """
        title: Test
        status: test
        logsource:
            product: windows
            category: process_creation
        detection:
            sel:
                CommandLine: test
            condition: sel
        """
    )
)

print(conversion_result[0])

Run the example with:

$ python main.py

reference.id = '4688' && param = 'test'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for marcelkwaschny from gravatar.com marcelkwaschny Avatar for nikstuckenbrock from gravatar.com nikstuckenbrock
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Marcel Kwaschny
  • Requires: Python <4.0, >=3.9
Classifiers

Release history Release notifications | RSS feed

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_backend_netwitness-0.1.3.tar.gz (18.3 kB view details)

Uploaded Source

Built Distribution

pysigma_backend_netwitness-0.1.3-py3-none-any.whl (18.8 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_backend_netwitness-0.1.3.tar.gz.

File metadata

  • Download URL: pysigma_backend_netwitness-0.1.3.tar.gz
  • Upload date:
  • Size: 18.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.12.3 Linux/6.8.0-1014-azure

File hashes

Hashes for pysigma_backend_netwitness-0.1.3.tar.gz
Algorithm Hash digest
SHA256 aa00ccb7f2da947f27bb45e11f6e2f04615a7b6336f77fdfdb36a4c4427eeacb
MD5 990169b417112b1def087f6865b9b197
BLAKE2b-256 0c81642c3d90ae15591c449d405a4927c30bd5b4c72feaccd71deabcfaf3a3c6

See more details on using hashes here.

File details

Details for the file pysigma_backend_netwitness-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_backend_netwitness-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 0c817b1a65b244c00ad607a97430473e99266135928757bd336ecfe9e9bbe822
MD5 975d7bb93fa02519eed168dfd29cdab7
BLAKE2b-256 78840e4c80cec9f32af328bbc3f4eda81cf16a8ae994bb3fe457c8bb586e1321

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page