pySigma-backend-carbonblack

pySigma CarbonBlack Backend

This is the carbonblack backend for pySigma. It provides the package sigma.backends.carbonblack with the CarbonBlackBackend class. Further, it contains the following processing pipelines in sigma.pipelines.carbonblack:

CarbonBlack_pipeline: Uses Carbon Black Enterprise EDR field mappings
CarbonBlackResponse_pipeline: Uses Carbon Black EDR field mappings

It supports the following output formats:

default: plain CarbonBlack queries
json: JSON output to include query and rule metadata

This backend is currently maintained by:

Cori Smith

Side Notes & Limitations

Backend uses Carbon Black syntax
Pipelines exist for both Carbon Black Enterprise EDR and Carbon Black EDR
Pipelines support linux, windows, and macos product types
Pipelines support the following category types for field mappings
- process_creation
- file_event
- file_change
- file_rename
- file_delete
- image_load
- registry_add
- registry_delete
- registry_event
- registry_set
- network_connection
- firewall
Any unsupported fields or categories will throw errors

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github/workflows		.github/workflows
sigma		sigma
tests		tests
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
poetry.lock		poetry.lock
print-coverage.py		print-coverage.py
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pySigma-backend-carbonblack

pySigma CarbonBlack Backend

Side Notes & Limitations

About

Releases

Packages

Languages

License

slincoln-aiq/pySigma-backend-carbonblack

Folders and files

Latest commit

History

Repository files navigation

pySigma-backend-carbonblack

pySigma CarbonBlack Backend

Side Notes & Limitations

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages