beagle package

Subpackages

Submodules

beagle.config module

class beagle.config.BeagleConfig(defaults=None, dict_type=<class 'collections.OrderedDict'>, allow_no_value=False, *, delimiters=('=', ':'), comment_prefixes=('#', ';'), inline_comment_prefixes=None, strict=True, empty_lines_in_values=True, default_section='DEFAULT', interpolation=<object object>, converters=<object object>)[source]

Bases: configparser.ConfigParser

get(section: str, key: str, **kwargs)[source]

Get an option value for a given section.

If `vars’ is provided, it must be a dictionary. The option is looked up in `vars’ (if provided), `section’, and in `DEFAULTSECT’ in that order. If the key is not found and `fallback’ is provided, it is used as a fallback value. `None’ can be provided as a `fallback’ value.

If interpolation is enabled and the optional argument `raw’ is False, all interpolations are expanded in the return values.

Arguments `raw’, `vars’, and `fallback’ are keyword only.

The section DEFAULT is special.

beagle.config.expand_env_var(env_var: str)[source]

Expands (potentially nested) env vars by repeatedly applying expandvars and expanduser until interpolation stops having any effect.

beagle.constants module

class beagle.constants.EventTypes[source]

Bases: object

CONNECTION = 'connection'
DNS_LOOKUP = 'dns_lookup'
FILE_COPIED = 'file_copied'
FILE_DELETED = 'file_deleted'
FILE_OPENED = 'file_opened'
FILE_WRITTEN = 'file_written'
HTTP_REQUEST = 'http_request'
LOADED_MODULE = 'loaded_module'
PROCESS_LAUNCHED = 'process_launched'
REG_KEY_DELETED = 'reg_key_deleted'
REG_KEY_OPENED = 'reg_key_opened'
REG_KEY_SET = 'reg_key_set'
class beagle.constants.FieldNames[source]

Bases: object

ALERTED_ON = 'alerted_on'
ALERT_DATA = 'alert_data'
ALERT_NAME = 'alert_name'
COMMAND_LINE = 'command_line'
DEST_FILE = 'dst_file'
EVENT_TYPE = 'event_type'
FILE_NAME = 'file_name'
FILE_PATH = 'file_path'
HASHES = 'hashes'
HIVE = 'hive'
HTTP_HOST = 'http_host'
HTTP_METHOD = 'http_method'
IP_ADDRESS = 'ip_address'
PARENT_COMMAND_LINE = 'parent_command_line'
PARENT_PROCESS_ID = 'parent_process_id'
PARENT_PROCESS_IMAGE = 'parent_process_image'
PARENT_PROCESS_IMAGE_PATH = 'parent_process_image_path'
PORT = 'port'
PROCESS_ID = 'process_id'
PROCESS_IMAGE = 'process_image'
PROCESS_IMAGE_PATH = 'process_image_path'
PROTOCOL = 'protocol'
REG_KEY = 'reg_key'
REG_KEY_PATH = 'reg_path'
REG_KEY_VALUE = 'reg_key_value'
SRC_FILE = 'src_file'
TIMESTAMP = 'timestamp'
URI = 'uri'
class beagle.constants.HTTPMethods[source]

Bases: object

CONNECT = 'CONNECT'
DELETE = 'DELETE'
GET = 'GET'
HEAD = 'HEAD'
OPTIONS = 'OPTIONS'
POST = 'POST'
PUT = 'PUT'
TRACE = 'TRACE'
class beagle.constants.HashAlgos[source]

Bases: object

MD5 = 'md5'
SHA1 = 'sha1'
SHA256 = 'sha256'
class beagle.constants.Protocols[source]

Bases: object

HTTP = 'HTTP'
ICMP = 'ICMP'
TCP = 'TCP'
UDP = 'UDP'

Module contents