pySigma Elasticsearch backend
Project description
pySigma Elasticsearch Backend
This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch
with the LuceneBackend
class.
It supports the following output formats:
- default: Lucene queries.
- dsl_lucene: DSL with embedded Lucene queries.
- kibana_ndjson: Kibana NDJSON with Lucene queries.
Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch
:
- ecs_windows in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
- ecs_windows_old in windows submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.
- ecs_zeek_beats in zeek submodule: Zeek ECS mapping from Elastic.
- ecs_zeek_corelight in zeek submodule: Zeek ECS mapping from Corelight.
- zeek_raw in zeek submodule: Zeek raw JSON log field naming.
This backend is currently maintained by:
Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pysigma_backend_elasticsearch-1.0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e0a3d2f05a78e413d041a2768f9e9b15dd6ff19fe9a274d2bef30292b8d29858 |
|
MD5 | b096d87f2bcd57be04547ad6fdb7362e |
|
BLAKE2b-256 | 3563ee1ad2356065f10f92e6c726360918bf2ed3658d0d6755e1683e1b88a039 |
Close
Hashes for pysigma_backend_elasticsearch-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 55b49763d3c9c11c6d5422894a47c90665691fd6e7141d3bea9b8824a0b9b85e |
|
MD5 | 4c13ca66b33b43802b1a2ad71fd04712 |
|
BLAKE2b-256 | e37c15ab6debfa3d2270819b0f91f4a7d299c2fdf1c6dde71be0229bdfefd469 |