Skip to content

DCSO/pySigma-backend-elasticsearch

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github
.github
 
 
sigma
sigma
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
poetry.lock
poetry.lock
 
 
print-coverage.py
print-coverage.py
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Tests Coverage Badge Status

pySigma Elasticsearch Backend

This is the Elasticsearch backend for pySigma. It provides the package sigma.backends.elasticsearch with the ElasticsearchQueryStringBackend class. Further, it contains the following processing pipelines in sigma.pipelines.elasticsearch:

  • ecs_windows in ecs submodule: ECS mapping for Windows event logs ingested with Winlogbeat.
  • ecs_windows_old in ecs submodule: ECS mapping for Windows event logs ingested with Winlogbeat <= 6.x.

It supports the following output formats:

  • default: plain Elasticsearch query strings
  • kibana: Kibana JSONL with Elasticsearch query strings (not yet implemented)

This backend is currently maintained by:

Further maintainers required! Send a message to Thomas if you want to co-maintain this backend.

About

pySigma Elasticsearch backend

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%