Send .mans to ElasticSearch

Navigation

None

Verified details

These details have been verified by PyPI
Maintainers
Avatar for LDO-CERT from gravatar.com LDO-CERT

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License, Version 2.0

Author: LDO-CERT

Classifiers

Project description

mans_to_es

Version GitHub license HitCount

Parses the FireEye HX .mans triage collections and send them to ElasticSearch

Table of Contents

  1. About
  2. Getting started
  3. Contributing
  4. Disclaimer

About

mans_to_es is an open source tool for parsing FireEye HX .mans triage collections and send them to ElasticSearch.

Mans file is a zipped collection of xml that we parse using xmltodict. It uses pandas and multiprocessing to speed up the parsing with xml files.

Getting started

Installation

pip install mans-to-es

Developing

If you want to develop with the script you can download and place it under /usr/local/bin and make it executable.

Usage as script

$ mans_to_es.py --help
usage: MANS to ES [-h] [--filename FILENAME] [--name NAME] [--index INDEX]
                  [--es_host ES_HOST] [--es_port ES_PORT]
                  [--cpu_count CPU_COUNT] [--bulk_size BULK_SIZE] [--version]

Push .mans information in Elasticsearch index

optional arguments:
  -h, --help            show this help message and exit
  --filename FILENAME   Path of the .mans file
  --name NAME           Timeline name
  --index INDEX         ES index name
  --es_host ES_HOST     ES host
  --es_port ES_PORT     ES port
  --cpu_count CPU_COUNT
                        cpu count
  --bulk_size BULK_SIZE
                        Bulk size for multiprocessing parsing and upload
  --version             show program's version number and exit

Usage as lib

>>> from mans_to_es import MansToEs
>>> a = MansToEs()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() missing 5 required positional arguments: 'filename', 'index', 'name', 'es_host', and 'es_port'
>>> a = MansToEs(filename = '<file.mans>', index="<index>", name="<name>", es_host="localhost", es_port=9200)
>>> a.run()

Contributing

If you want to contribute to mans_to_es, be sure to review the contributing guidelines. This project adheres to mans_to_es code of conduct. By participating, you are expected to uphold this code.

**We use GitHub issues for tracking requests and bugs.

Disclaimer

This is not an official FireEye product. Bugs are expected.

Project details

None

Verified details

These details have been verified by PyPI
Maintainers
Avatar for LDO-CERT from gravatar.com LDO-CERT

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License, Version 2.0

Author: LDO-CERT

Classifiers

Release history Release notifications | RSS feed

This version

1.6

1.5

1.4

1.3

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mans_to_es-1.6.tar.gz (10.2 kB view hashes)

Uploaded Source

Built Distribution

mans_to_es-1.6-py3-none-any.whl (13.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page