CSEC_PUBLIC/securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00

Files

History

Wes 3ab8a0be60 Update tests to account for change in 'file_path' value verification

2022-12-13 16:29:18 +00:00

..

source-packages

Add PyYAML .whl files back since they were 'deleted' in the previous commit

2022-10-25 19:15:54 +00:00

__init__.py

Add localfile analyzer and tests

2022-04-25 19:23:35 +00:00

localfile_test.csv

Add localfile analyzer and tests

2022-04-25 19:23:35 +00:00

localfile_test.py

Update tests to account for change in 'file_path' value verification

2022-12-13 16:29:18 +00:00

localfile.json

Update analyzer name/description

2022-04-25 19:27:10 +00:00

localfile.py

Use new list verification function for 'file_path'

2022-12-13 16:28:50 +00:00

localfile.yaml

Remove double quotes to fix issue with file path sourcing from 'localfile.py'

2022-12-08 17:06:43 -05:00

README.md

Adjust verbiage around pillar configuration

2022-05-24 12:36:32 +00:00

requirements.txt

Add localfile analyzer and tests

2022-04-25 19:23:35 +00:00

README.md

Localfile

Description

Utilize a local CSV file (or multiple) for associating a value to contextual data.

Configuration Requirements

file_path - Path(s) used for CSV files containing associative data. CSV files can be dropped in the analyzer directory, with file_path specified like mycsv.csv.

The value in the first column is used for matching
Header information should be supplied, as it is used for dynamically creating result sets
Matches will be aggregated from the provided CSV files

The content of the CSV file(s) should be similar to the following:

Ex.

MatchValue,MatchDescription,MatchReference
abcd1234,ThisIsADescription,https://siteabouthings.abc

The file_path value(s) should be set in the sensoroni pillar, like so:

sensoroni:
  analyzers:
    localfile:
      file_path:
        - $file_path1
        - $file_path2