Inspired from John Tuckner (@tuckner) and @snake-jump NetWitnes/Netwitness EPL output backend for sigmac
This is the RSA Netwitness backend for pySigma. It provides the package sigma.backends.netwitness with the NetwitnessBackend class.
Further, it contains the following processing pipelines in sigma.pipelines.netwitness:
- Netwitness & Netwitness EPL pipeline for windows
It supports the following output formats:
- RSA Netwitness queries
- RSA Netwitness EPL Rules
This backend is currently maintained by: