pySigma Sysmon processing pipelines
Project description
pySigma Sysmon Processing Pipeline
This is the Sysmon processing pipeline for pySigma. It provides the package sigma.pipeline.sysmon
with the sysmon_pipeline
function that returns a ProcessingPipeline object.
Currently the pipeline adds support for the following event types (Sigma logsource category to EventID mapping):
- process_creation: 1
- file_change: 2
- network_connection: 3
- process_termination: 5
- sysmon_status: 4,16
- driver_load: 6
- image_load: 7
- create_remote_thread: 8
- raw_access_thread: 9
- process_access: 10
- file_event: 11
- registry_add: 12
- registry_delete: 12
- registry_set: 13
- registry_rename: 14
- registry_event: 12,13,14
- create_stream_hash: 15
- pipe_created: 17,18
- wmi_event: 19,20,21
- dns_query: 22
- file_delete: 23,26
- clipboard_capture: 24
- process_tampering: 25
- sysmon_error: 255
This backend is currently maintained by:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pysigma_pipeline_sysmon-1.0.4.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c56e5ed0840b132d468f6c1634d43a5bbfb3cabf974814ce8abd4386fbf75867 |
|
MD5 | 19bc22759dce28096133976d41ddf4d7 |
|
BLAKE2b-256 | 6020cc26bf9356ff3e0d02e13575dc63508f28c486e9b8d09d3835224b717a28 |
Close
Hashes for pysigma_pipeline_sysmon-1.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fc0b688e779220a9aeb3ceb7cfc368feb9a2df3b082d8365442732795c714d17 |
|
MD5 | 992b725751f4b95e0497d0f452f48ecf |
|
BLAKE2b-256 | 08e51a86afa6b2ba477e53ab3c1bff6acbba355a4347a6651f87c071fe5b06bf |