beagle package¶
Subpackages¶
- beagle.backends package
- beagle.common package
- beagle.datasources package
- beagle.nodes package
- beagle.transformers package
- Submodules
- beagle.transformers.base_transformer module
- beagle.transformers.evtx_transformer module
- beagle.transformers.fireeye_ax_transformer module
- beagle.transformers.fireeye_hx_transformer module
- beagle.transformers.generic_transformer module
- beagle.transformers.procmon_transformer module
- beagle.transformers.sysmon_transformer module
- Module contents
- beagle.web package
Submodules¶
beagle.config module¶
-
class
beagle.config.
BeagleConfig
(defaults=None, dict_type=<class 'collections.OrderedDict'>, allow_no_value=False, *, delimiters=('=', ':'), comment_prefixes=('#', ';'), inline_comment_prefixes=None, strict=True, empty_lines_in_values=True, default_section='DEFAULT', interpolation=<object object>, converters=<object object>)[source]¶ Bases:
configparser.ConfigParser
-
get
(section: str, key: str, **kwargs)[source]¶ Get an option value for a given section.
If `vars’ is provided, it must be a dictionary. The option is looked up in `vars’ (if provided), `section’, and in `DEFAULTSECT’ in that order. If the key is not found and `fallback’ is provided, it is used as a fallback value. `None’ can be provided as a `fallback’ value.
If interpolation is enabled and the optional argument `raw’ is False, all interpolations are expanded in the return values.
Arguments `raw’, `vars’, and `fallback’ are keyword only.
The section DEFAULT is special.
-
beagle.constants module¶
-
class
beagle.constants.
EventTypes
[source]¶ Bases:
object
-
CONNECTION
= 'connection'¶
-
DNS_LOOKUP
= 'dns_lookup'¶
-
FILE_COPIED
= 'file_copied'¶
-
FILE_DELETED
= 'file_deleted'¶
-
FILE_OPENED
= 'file_opened'¶
-
FILE_WRITTEN
= 'file_written'¶
-
HTTP_REQUEST
= 'http_request'¶
-
LOADED_MODULE
= 'loaded_module'¶
-
PROCESS_LAUNCHED
= 'process_launched'¶
-
REG_KEY_DELETED
= 'reg_key_deleted'¶
-
REG_KEY_OPENED
= 'reg_key_opened'¶
-
REG_KEY_SET
= 'reg_key_set'¶
-
-
class
beagle.constants.
FieldNames
[source]¶ Bases:
object
-
COMMAND_LINE
= 'command_line'¶
-
DEST_FILE
= 'dst_file'¶
-
EVENT_TYPE
= 'event_type'¶
-
FILE_NAME
= 'file_name'¶
-
FILE_PATH
= 'file_path'¶
-
HASHES
= 'hashes'¶
-
HIVE
= 'hive'¶
-
HTTP_HOST
= 'http_host'¶
-
HTTP_METHOD
= 'http_method'¶
-
IP_ADDRESS
= 'ip_address'¶
-
PARENT_COMMAND_LINE
= 'parent_command_line'¶
-
PARENT_PROCESS_ID
= 'parent_process_id'¶
-
PARENT_PROCESS_IMAGE
= 'parent_process_image'¶
-
PARENT_PROCESS_IMAGE_PATH
= 'parent_process_image_path'¶
-
PORT
= 'port'¶
-
PROCESS_ID
= 'process_id'¶
-
PROCESS_IMAGE
= 'process_image'¶
-
PROCESS_IMAGE_PATH
= 'process_image_path'¶
-
PROTOCOL
= 'protocol'¶
-
REG_KEY
= 'reg_key'¶
-
REG_KEY_PATH
= 'reg_path'¶
-
REG_KEY_VALUE
= 'reg_key_value'¶
-
SRC_FILE
= 'src_file'¶
-
TIMESTAMP
= 'timestamp'¶
-
URI
= 'uri'¶
-
-
class
beagle.constants.
HTTPMethods
[source]¶ Bases:
object
-
CONNECT
= 'CONNECT'¶
-
DELETE
= 'DELETE'¶
-
GET
= 'GET'¶
-
HEAD
= 'HEAD'¶
-
OPTIONS
= 'OPTIONS'¶
-
POST
= 'POST'¶
-
PUT
= 'PUT'¶
-
TRACE
= 'TRACE'¶
-