-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
released 1.0
- Loading branch information
Showing
6 changed files
with
653 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Files to ignore by git | ||
|
|
||
| # Back-up files | ||
| *~ | ||
| *.swp | ||
|
|
||
| # Generic auto-generated build files | ||
| *.pyc | ||
| *.pyo | ||
|
|
||
| # Specific auto-generated build files | ||
| /.eggs | ||
| /__pycache__ | ||
| /build/ | ||
| /dependencies/ | ||
| /dist/ | ||
| /mans_to_es.egg-info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,52 @@ | ||
| # mans_to_es | ||
| Parses the FireEye HX .mans triage collections and send them to ElasticSearch | ||
|
|
||
| ## Table of Contents | ||
| 1. [About](#about) | ||
| 2. [Getting started](#getting-started) | ||
| 3. [Disclaimer](#disclaimer) | ||
|
|
||
| ## About | ||
| mans_to_es is an open source tool for parsing FireEye HX .mans triage collections and send them to ElasticSearch. | ||
|
|
||
| Mans file is a zipped collection of xml that we parse using [xmltodict](https://github.com/martinblech/xmltodict). | ||
| It uses pandas and multiprocessing to speed up the parsing with xml files. | ||
|
|
||
| ## Getting started | ||
| #### Installation | ||
| ``` | ||
| pip install mans_to_es | ||
| ``` | ||
|
|
||
| #### Usage | ||
|
|
||
| ``` | ||
| usage: MANS to ES [-h] [--filename FILENAME] [--name NAME] [--index INDEX] | ||
| [--es_host ES_HOST] [--es_port ES_PORT] | ||
| [--cpu_count CPU_COUNT] [--bulk_size BULK_SIZE] [--version] | ||
| agaravaglia@timesketch:~$ python3 /usr/local/bin/mans_to_es.py --help | ||
| usage: MANS to ES [-h] [--filename FILENAME] [--name NAME] [--index INDEX] | ||
| [--es_host ES_HOST] [--es_port ES_PORT] | ||
| [--cpu_count CPU_COUNT] [--bulk_size BULK_SIZE] [--version] | ||
| Push .mans information in Elasticsearch index | ||
| optional arguments: | ||
| -h, --help show this help message and exit | ||
| --filename FILENAME Path of the .mans file | ||
| --name NAME Timeline name | ||
| --index INDEX ES index name | ||
| --es_host ES_HOST ES host | ||
| --es_port ES_PORT ES port | ||
| --cpu_count CPU_COUNT | ||
| cpu count | ||
| --bulk_size BULK_SIZE | ||
| Bulk size for multiprocessing parsing and upload | ||
| --version show program's version number and exit | ||
| ``` | ||
|
|
||
|
|
||
|
|
||
| ## Disclaimer | ||
| This is not an official FireEye product. Bugs are expected. |
Empty file.
Oops, something went wrong.