Plugin Class Reference

Inheritance diagram for Plugin:

Collaboration diagram for Plugin:

Public Member Functions
str	desc (self)
str	name (self)
ProcessingPipeline	pipeline (self, GulpPluginParams plugin_params=None, **kwargs)
GulpPluginType	type (self)
str	version (self)
Public Member Functions inherited from PluginBase
None	__init__ (self, str path, AsyncEngine collab=None, AsyncElasticsearch elastic=None, **kwargs)
None	cleanup (self)
list[str]	depends_on (self)
str	event_type_field (self)
str	get_unmapped_field_name (self, str field)
GulpRequestStatus	ingest (self, str index, str req_id, int client_id, int operation_id, str context, str|list[dict] source, str ws_id, GulpPluginParams plugin_params=None, GulpIngestionFilter flt=None, **kwargs)
tuple[dict, GulpMapping]	ingest_plugin_initialize (self, str index, str|dict source, bool skip_mapping=False, ProcessingPipeline pipeline=None, str mapping_file=None, str mapping_id=None, GulpPluginParams plugin_params=None)
bool	internal (self)
logging.Logger	logger (cls)
list[GulpPluginOption]	options (self)
list[GulpDocument]	record_to_gulp_document (self, int operation_id, int client_id, str context, str source, TmpIngestStats fs, any record, int record_idx, GulpMapping custom_mapping=None, dict index_type_mapping=None, str plugin=None, GulpPluginParams plugin_params=None, **kwargs)
dict	run_command (self, GulpPluginParams p)
ProcessingPipeline	sigma_plugin_initialize (self, ProcessingPipeline pipeline=None, str mapping_file=None, str mapping_id=None, str product=None, GulpPluginParams plugin_params=None)
list[str]	tags (self)

Additional Inherited Members
Public Attributes inherited from PluginBase
list	buffer = []
str	client_id = None
	collab = collab
tuple	context = (None,)
	elastic = elastic
str	index = None
str	operation_id = None
	path = path
str	req_id = None
str	ws_id = None
Protected Member Functions inherited from PluginBase
list[GulpDocument]	_build_gulpdocuments (self, list[FieldMappingEntry] fme, int idx, int operation_id, str context, str plugin, int client_id, str raw_event, str original_id, str src_file, int timestamp=None, int timestamp_nsec=None, str event_code=None, list[str] cat=None, int duration_nsec=0, GulpLogLevel gulp_log_level=None, str original_log_level=None, bool remove_raw_event=False, **kwargs)
list[dict]	_build_ingestion_chunk_for_ws (self, list[dict] docs, GulpIngestionFilter flt=None)
list[GulpDocument]	_call_record_to_gulp_document_funcs (self, int operation_id, int client_id, str context, str source, TmpIngestStats fs, any record, int record_idx, GulpMapping custom_mapping=None, dict index_type_mapping=None, str plugin=None, GulpPluginParams plugin_params=None, Callable record_to_gulp_document_fun=None, **kwargs)
GulpRequestStatus	_finish_ingestion (self, str index, str|dict source, str req_id, int client_id, str ws_id, TmpIngestStats fs, GulpIngestionFilter flt=None)
TmpIngestStats	_flush_buffer (self, str index, TmpIngestStats fs, str ws_id, str req_id, GulpIngestionFilter flt=None, bool wait_for_refresh=False)
TmpIngestStats	_ingest_record (self, str index, GulpDocument|dict doc, TmpIngestStats fs, str ws_id, str req_id, GulpIngestionFilter flt=None, bool flush_enabled=True, **kwargs)
list[FieldMappingEntry]	_map_source_key (self, GulpPluginParams plugin_params, GulpMapping custom_mapping, str source_key, Any v, dict index_type_mapping=None, bool ignore_custom_mapping=False, **kwargs)
TmpIngestStats	_parser_failed (self, TmpIngestStats fs, str|dict source, Exception|str ex)
tuple[GulpMapping, GulpPluginParams]	_process_plugin_params (self, GulpMapping custom_mapping, GulpPluginParams plugin_params=None)
tuple[TmpIngestStats, bool]	_process_record (self, str index, any record, int record_idx, Callable my_record_to_gulp_document_fun, str ws_id, str req_id, int operation_id, int client_id, str context, str source, TmpIngestStats fs, GulpMapping custom_mapping=None, dict index_type_mapping=None, str plugin=None, GulpPluginParams plugin_params=None, GulpIngestionFilter flt=None, **kwargs)
TmpIngestStats	_record_failed (self, TmpIngestStats fs, any entry, str|dict source, Exception|str ex)
any	_type_checks (self, any v, str k, dict index_type_mapping)

Detailed Description

Definition at line 9 of file windows.py.

Member Function Documentation

desc()

str desc

(

self

)

Returns a description of the plugin.

Reimplemented from PluginBase.

Definition at line 10 of file windows.py.

    def desc(self) -> str:
        return "provides pysigma pipeline for converting Windows specific sigma rules to elasticsearch DSL queries targeting Windows events stored by Gulp."
 

Here is the caller graph for this function:

name()

str name

(

self

)

Returns the name of the plugin.

Reimplemented from PluginBase.

Definition at line 16 of file windows.py.

    def name(self) -> str:
        return "sigma_pipeline_windows_ecs"
 

Here is the caller graph for this function:

pipeline()

ProcessingPipeline pipeline	(		self,
		GulpPluginParams	plugin_params = None,
		**	kwargs )

Returns the pysigma processing pipeline for the plugin, if any.

Args:
    plugin_params (GulpPluginParams, optional): additional parameters to pass to the pipeline. Defaults to None.
    kwargs: additional arguments if any.
Returns:
    ProcessingPipeline: The processing pipeline.

Reimplemented from PluginBase.

Definition at line 22 of file windows.py.

    ) -> ProcessingPipeline:
        Plugin.logger().debug("params: %s" % (plugin_params))
        pipeline = await self.sigma_plugin_initialize(
            pipeline=ecs_windows(),
            mapping_file="windows.json",
            product="windows",
            plugin_params=plugin_params,
        )
        return pipeline

Here is the call graph for this function:

Here is the caller graph for this function:

type()

GulpPluginType type

(

self

)

Returns the plugin type.

Reimplemented from PluginBase.

Definition at line 13 of file windows.py.

    def type(self) -> GulpPluginType:
        return GulpPluginType.SIGMA
 

version()

str version

(

self

)

Returns plugin version.

Reimplemented from PluginBase.

Definition at line 19 of file windows.py.

    def version(self) -> str:
        return "1.0"
 

---

The documentation for this class was generated from the following file:

• src/gulp/plugins/sigma/windows.py