pySigma Sysmon processing pipelines

These details have been verified by PyPI

Project links

Repository

GitHub Statistics

Maintainers

thomaspatzke

These details have not been verified by PyPI

Project description

Tests Coverage Badge Status

pySigma Sysmon Processing Pipeline

This is the Sysmon processing pipeline for pySigma. It provides the package sigma.pipeline.sysmon with the sysmon_pipeline function that returns a ProcessingPipeline object.

Currently the pipeline adds support for the following event types (Sigma logsource category to EventID mapping):

process_creation: 1
file_change: 2
network_connection: 3
process_termination: 5
sysmon_status: 4,16
driver_load: 6
image_load: 7
create_remote_thread: 8
raw_access_thread: 9
process_access: 10
file_event: 11
registry_add: 12
registry_delete: 12
registry_set: 13
registry_rename: 14
registry_event: 12,13,14
create_stream_hash: 15
pipe_created: 17,18
wmi_event: 19,20,21
dns_query: 22
file_delete: 23
clipboard_capture: 24
process_tampering: 25
file_delete_detected: 26
file_block_executable: 27
file_block_shredding: 28
file_executable_detected: 29
sysmon_error: 255

This backend is currently maintained by:

Thomas Patzke

Project details

These details have been verified by PyPI

Project links

Repository

GitHub Statistics

Maintainers

thomaspatzke

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

2.0.0

Nov 30, 2025

1.0.4

Feb 9, 2024

1.0.3

Aug 30, 2023

1.0.2

Feb 6, 2023

1.0.1

Sep 17, 2022

1.0.0

Jul 28, 2022

0.1.6

May 4, 2022

0.1.5

Apr 11, 2022

0.1.4

Apr 8, 2022

0.1.3

Mar 21, 2022

0.1.2

Mar 15, 2022

0.1.1

Mar 10, 2022

0.1.0

Feb 16, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_pipeline_sysmon-2.0.0.tar.gz (11.5 kB view details)

Uploaded Nov 30, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl (12.6 kB view details)

Uploaded Nov 30, 2025 Python 3

File details

Details for the file pysigma_pipeline_sysmon-2.0.0.tar.gz.

File metadata

Download URL: pysigma_pipeline_sysmon-2.0.0.tar.gz
Upload date: Nov 30, 2025
Size: 11.5 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pysigma_pipeline_sysmon-2.0.0.tar.gz
Algorithm	Hash digest
SHA256	`a05c4f0d59602c4002bc0a1b9189508454f85ec397f5fd20294d3b56006bee54`
MD5	`d7b16cdc01d048100f124a720b5ee9ba`
BLAKE2b-256	`50636df00f93d61ba5585f80114f4def88e6a9984be91d2b2d80fed5dbc786eb`

See more details on using hashes here.

Provenance

The following attestation bundles were made for pysigma_pipeline_sysmon-2.0.0.tar.gz:

Publisher: release.yml on SigmaHQ/pySigma-pipeline-sysmon

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: pysigma_pipeline_sysmon-2.0.0.tar.gz
- Subject digest: a05c4f0d59602c4002bc0a1b9189508454f85ec397f5fd20294d3b56006bee54
- Sigstore transparency entry: 731802538
- Sigstore integration time: Nov 30, 2025
Source repository:
- Permalink: SigmaHQ/pySigma-pipeline-sysmon@5ba6fa42af071fc52892be4e90a72044eb036e41
- Branch / Tag: refs/tags/v2.0.0
- Owner: https://github.com/SigmaHQ
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@5ba6fa42af071fc52892be4e90a72044eb036e41
- Trigger Event: release

File details

Details for the file pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl.

File metadata

Download URL: pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl
Upload date: Nov 30, 2025
Size: 12.6 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`84575bbde5dd891882306ca1f6ce16bdc592da2e511ac8960012af2efb9d120b`
MD5	`015ae7390a558d31845f602a4ae04f3f`
BLAKE2b-256	`028af8d099ce50e0639bd5da7566834e14cd96a50e6d56b1f3143f93113d1f97`

See more details on using hashes here.

Provenance

The following attestation bundles were made for pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl:

Publisher: release.yml on SigmaHQ/pySigma-pipeline-sysmon

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: pysigma_pipeline_sysmon-2.0.0-py3-none-any.whl
- Subject digest: 84575bbde5dd891882306ca1f6ce16bdc592da2e511ac8960012af2efb9d120b
- Sigstore transparency entry: 731802540
- Sigstore integration time: Nov 30, 2025
Source repository:
- Permalink: SigmaHQ/pySigma-pipeline-sysmon@5ba6fa42af071fc52892be4e90a72044eb036e41
- Branch / Tag: refs/tags/v2.0.0
- Owner: https://github.com/SigmaHQ
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@5ba6fa42af071fc52892be4e90a72044eb036e41
- Trigger Event: release

pysigma-pipeline-sysmon 2.0.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Project description

pySigma Sysmon Processing Pipeline

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance