Metadata-Version: 2.4
Name: pySigma-pipeline-ocsf
Version: 0.1.1
Summary: pySigma OCSF pipeline
License: MIT
License-File: LICENSE
Author: Hendrik Baecker
Author-email: hb@process-zero.de
Requires-Python: >=3.9,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Dist: pysigma (>=0.11.23,<0.12.0)
Project-URL: Repository, https://github.com/SigmaHQ/pySigma-pipeline-ocsf
Description-Content-Type: text/markdown

![Tests](https://github.com/SigmaHQ/pySigma-pipeline-ocsf/actions/workflows/test.yml/badge.svg)
![Coverage Badge](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/andurin/a90f19ae7754f8b6cb0d9a3c9f624e53/raw/SigmaHQ-pySigma-pipeline-ocsf.json)
![Status](https://img.shields.io/badge/Status-pre--release-orange)

# pySigma ocsf Backend

This is the OCSF processing pipeline for pySigma. It provides the package `sigma.pipeline.ocsf` with the `ocsf_pipeline` function that returns a ProcessingPipeline object.

Currently the pipeline adds support for the following event types (Sigma logsource category to OCSF class mapping):

* application
* antivirus
* create_stream_hash
* dns
* dns_query
* driver_load
* firewall
* file_access
* file_change
* file_delete
* file_event
* file_executable_detected
* file_rename
* image_load
* network_connection
* process_access
* process_creation
* process_tampering
* process_termination
* registry_add
* registry_delete
* registry_event
* registry_rename
* registry_set
* sysmon_error

This pipeline is currently maintained by:

* [Hendrik Baecker](https://github.com/andurin/)

