pySigma Sysmon processing pipelines

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Thomas Patzke
  • Requires: Python >=3.8, <4.0
Classifiers

Project description

Tests Coverage Badge Status

pySigma Sysmon Processing Pipeline

This is the Sysmon processing pipeline for pySigma. It provides the package sigma.pipeline.sysmon with the sysmon_pipeline function that returns a ProcessingPipeline object.

Currently the pipeline adds support for the following event types (Sigma logsource category to EventID mapping):

  • process_creation: 1
  • file_change: 2
  • network_connection: 3
  • process_termination: 5
  • sysmon_status: 4,16
  • driver_load: 6
  • image_load: 7
  • create_remote_thread: 8
  • raw_access_thread: 9
  • process_access: 10
  • file_event: 11
  • registry_add: 12
  • registry_delete: 12
  • registry_set: 13
  • registry_rename: 14
  • registry_event: 12,13,14
  • create_stream_hash: 15
  • pipe_created: 17,18
  • wmi_event: 19,20,21
  • dns_query: 22
  • file_delete: 23,26
  • clipboard_capture: 24
  • process_tampering: 25
  • sysmon_error: 255

This backend is currently maintained by:

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (LGPL-2.1-only)
  • Author: Thomas Patzke
  • Requires: Python >=3.8, <4.0
Classifiers

Release history Release notifications | RSS feed

This version

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_pipeline_sysmon-1.0.4.tar.gz (11.6 kB view details)

Uploaded Source

Built Distribution

pysigma_pipeline_sysmon-1.0.4-py3-none-any.whl (12.4 kB view details)

Uploaded Python 3

File details

Details for the file pysigma_pipeline_sysmon-1.0.4.tar.gz.

File metadata

File hashes

Hashes for pysigma_pipeline_sysmon-1.0.4.tar.gz
Algorithm Hash digest
SHA256 c56e5ed0840b132d468f6c1634d43a5bbfb3cabf974814ce8abd4386fbf75867
MD5 19bc22759dce28096133976d41ddf4d7
BLAKE2b-256 6020cc26bf9356ff3e0d02e13575dc63508f28c486e9b8d09d3835224b717a28

See more details on using hashes here.

File details

Details for the file pysigma_pipeline_sysmon-1.0.4-py3-none-any.whl.

File metadata

File hashes

Hashes for pysigma_pipeline_sysmon-1.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 fc0b688e779220a9aeb3ceb7cfc368feb9a2df3b082d8365442732795c714d17
MD5 992b725751f4b95e0497d0f452f48ecf
BLAKE2b-256 08e51a86afa6b2ba477e53ab3c1bff6acbba355a4347a6651f87c071fe5b06bf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page