pySigma Elasticsearch backend
Project description
pySigma Elasticsearch Backend
This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch
with the LuceneBackend
class.
It supports the following output formats:
- default: Lucene queries.
- dsl_lucene: DSL with embedded Lucene queries.
- eql: Elastic Event Query Language queries.
- kibana_ndjson: Kibana NDJSON with Lucene queries.
Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch
:
- ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
- ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
- ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
- ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
- zeek_raw in zeek submodule: Zeek raw JSON log field naming.
This backend is currently maintained by:
Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pysigma_backend_elasticsearch-1.0.12.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 01ad66f90782c16578b027519ce7cd29e982eb7b8863d27f2a57708e8e72bb5d |
|
MD5 | 1f88926ff1b076ced2467e46a9fc1fbe |
|
BLAKE2b-256 | 723071e4028dcf47a4c0017c48b7b2cb58219252be893f86ef375825e31fc78b |
Close
Hashes for pysigma_backend_elasticsearch-1.0.12-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4e26244041e2f755a006d700ac35b338f8a8b769b60392c2f6be1b69909ba5bf |
|
MD5 | cd77fddc4de2f8f3e21e6e764867574d |
|
BLAKE2b-256 | a1af514b239409a140496f9af6626505ac98dd912a458d332ec4a032720f13d5 |