├── .github └── workflows │ ├── python-publish.yml │ └── testing.yml ├── .gitignore ├── .pylintrc ├── AUTHORS.rst ├── CONTRIBUTING.rst ├── HISTORY.rst ├── LICENSE ├── MANIFEST.in ├── Makefile ├── README.rst ├── codecov.yml ├── docs ├── Makefile ├── authors.rst ├── conf.py ├── contributing.rst ├── database.rst ├── firepit.rst ├── history.rst ├── index.rst ├── installation.rst ├── make.bat ├── modules.rst ├── readme.rst └── usage.rst ├── firepit ├── __init__.py ├── aio │ ├── __init__.py │ ├── asyncpgstorage.py │ ├── asyncstorage.py │ ├── asyncwrapper.py │ └── ingest.py ├── cli.py ├── deref.py ├── exceptions.py ├── paramstix.lark ├── pgcommon.py ├── pgstorage.py ├── props.py ├── query.py ├── raft.py ├── splint.py ├── splitter.py ├── sqlitestorage.py ├── sqlstorage.py ├── stix20.py ├── stix21.py ├── timestamp.py ├── validate.py └── woodchipper.py ├── requirements.txt ├── requirements_dev.txt ├── setup.cfg ├── setup.py ├── tests ├── __init__.py ├── ccoe_investigator_demo.json ├── conftest.py ├── conn_a.json ├── conn_b.json ├── helpers.py ├── mixed-v4-v6.json ├── one_event.json ├── regkey-example.json ├── sds_example.json ├── service-example.json ├── spec_2_1_bundle.json ├── test_asyncingest.py ├── test_asyncstorage.py ├── test_binning.py ├── test_bundle.json ├── test_bundle_2.json ├── test_cli.py ├── test_custom_objects.py ├── test_deref.py ├── test_error_bundle.json ├── test_errors.py ├── test_group.py ├── test_lookup.py ├── test_matching.py ├── test_normalized.py ├── test_null.py ├── test_number_observed.py ├── test_obs_attr.py ├── test_procs.csv ├── test_props.py ├── test_query.py ├── test_raft.py ├── test_rewrite.py ├── test_spec_version_2_1.py ├── test_splint.py ├── test_stix21.py ├── test_stix21_objects.json ├── test_stix_patterns.py ├── test_storage.py ├── test_summary.py ├── test_timestamp.py ├── test_timestamped.py ├── test_validate.py ├── test_value_counts.py └── zeek_example.log └── tox.ini /.github/workflows/python-publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/.github/workflows/python-publish.yml -------------------------------------------------------------------------------- /.github/workflows/testing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/.github/workflows/testing.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/.gitignore -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/.pylintrc -------------------------------------------------------------------------------- /AUTHORS.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/AUTHORS.rst -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/CONTRIBUTING.rst -------------------------------------------------------------------------------- /HISTORY.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/HISTORY.rst -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/Makefile -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/README.rst -------------------------------------------------------------------------------- /codecov.yml: -------------------------------------------------------------------------------- 1 | ignore: 2 | - "tests" 3 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/authors.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../AUTHORS.rst 2 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/conf.py -------------------------------------------------------------------------------- /docs/contributing.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../CONTRIBUTING.rst 2 | -------------------------------------------------------------------------------- /docs/database.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/database.rst -------------------------------------------------------------------------------- /docs/firepit.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/firepit.rst -------------------------------------------------------------------------------- /docs/history.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../HISTORY.rst 2 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/index.rst -------------------------------------------------------------------------------- /docs/installation.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/installation.rst -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/make.bat -------------------------------------------------------------------------------- /docs/modules.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/modules.rst -------------------------------------------------------------------------------- /docs/readme.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../README.rst 2 | -------------------------------------------------------------------------------- /docs/usage.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/docs/usage.rst -------------------------------------------------------------------------------- /firepit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/__init__.py -------------------------------------------------------------------------------- /firepit/aio/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/aio/__init__.py -------------------------------------------------------------------------------- /firepit/aio/asyncpgstorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/aio/asyncpgstorage.py -------------------------------------------------------------------------------- /firepit/aio/asyncstorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/aio/asyncstorage.py -------------------------------------------------------------------------------- /firepit/aio/asyncwrapper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/aio/asyncwrapper.py -------------------------------------------------------------------------------- /firepit/aio/ingest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/aio/ingest.py -------------------------------------------------------------------------------- /firepit/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/cli.py -------------------------------------------------------------------------------- /firepit/deref.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/deref.py -------------------------------------------------------------------------------- /firepit/exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/exceptions.py -------------------------------------------------------------------------------- /firepit/paramstix.lark: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/paramstix.lark -------------------------------------------------------------------------------- /firepit/pgcommon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/pgcommon.py -------------------------------------------------------------------------------- /firepit/pgstorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/pgstorage.py -------------------------------------------------------------------------------- /firepit/props.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/props.py -------------------------------------------------------------------------------- /firepit/query.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/query.py -------------------------------------------------------------------------------- /firepit/raft.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/raft.py -------------------------------------------------------------------------------- /firepit/splint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/splint.py -------------------------------------------------------------------------------- /firepit/splitter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/splitter.py -------------------------------------------------------------------------------- /firepit/sqlitestorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/sqlitestorage.py -------------------------------------------------------------------------------- /firepit/sqlstorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/sqlstorage.py -------------------------------------------------------------------------------- /firepit/stix20.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/stix20.py -------------------------------------------------------------------------------- /firepit/stix21.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/stix21.py -------------------------------------------------------------------------------- /firepit/timestamp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/timestamp.py -------------------------------------------------------------------------------- /firepit/validate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/validate.py -------------------------------------------------------------------------------- /firepit/woodchipper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/firepit/woodchipper.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | . 2 | -------------------------------------------------------------------------------- /requirements_dev.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/requirements_dev.txt -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/setup.cfg -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/setup.py -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | """Unit test package for firepit.""" 2 | -------------------------------------------------------------------------------- /tests/ccoe_investigator_demo.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/ccoe_investigator_demo.json -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/conn_a.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/conn_a.json -------------------------------------------------------------------------------- /tests/conn_b.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/conn_b.json -------------------------------------------------------------------------------- /tests/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/helpers.py -------------------------------------------------------------------------------- /tests/mixed-v4-v6.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/mixed-v4-v6.json -------------------------------------------------------------------------------- /tests/one_event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/one_event.json -------------------------------------------------------------------------------- /tests/regkey-example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/regkey-example.json -------------------------------------------------------------------------------- /tests/sds_example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/sds_example.json -------------------------------------------------------------------------------- /tests/service-example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/service-example.json -------------------------------------------------------------------------------- /tests/spec_2_1_bundle.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/spec_2_1_bundle.json -------------------------------------------------------------------------------- /tests/test_asyncingest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_asyncingest.py -------------------------------------------------------------------------------- /tests/test_asyncstorage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_asyncstorage.py -------------------------------------------------------------------------------- /tests/test_binning.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_binning.py -------------------------------------------------------------------------------- /tests/test_bundle.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_bundle.json -------------------------------------------------------------------------------- /tests/test_bundle_2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_bundle_2.json -------------------------------------------------------------------------------- /tests/test_cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_cli.py -------------------------------------------------------------------------------- /tests/test_custom_objects.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_custom_objects.py -------------------------------------------------------------------------------- /tests/test_deref.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_deref.py -------------------------------------------------------------------------------- /tests/test_error_bundle.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_error_bundle.json -------------------------------------------------------------------------------- /tests/test_errors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_errors.py -------------------------------------------------------------------------------- /tests/test_group.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_group.py -------------------------------------------------------------------------------- /tests/test_lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_lookup.py -------------------------------------------------------------------------------- /tests/test_matching.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_matching.py -------------------------------------------------------------------------------- /tests/test_normalized.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_normalized.py -------------------------------------------------------------------------------- /tests/test_null.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_null.py -------------------------------------------------------------------------------- /tests/test_number_observed.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_number_observed.py -------------------------------------------------------------------------------- /tests/test_obs_attr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_obs_attr.py -------------------------------------------------------------------------------- /tests/test_procs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_procs.csv -------------------------------------------------------------------------------- /tests/test_props.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_props.py -------------------------------------------------------------------------------- /tests/test_query.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_query.py -------------------------------------------------------------------------------- /tests/test_raft.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_raft.py -------------------------------------------------------------------------------- /tests/test_rewrite.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_rewrite.py -------------------------------------------------------------------------------- /tests/test_spec_version_2_1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_spec_version_2_1.py -------------------------------------------------------------------------------- /tests/test_splint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_splint.py -------------------------------------------------------------------------------- /tests/test_stix21.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_stix21.py -------------------------------------------------------------------------------- /tests/test_stix21_objects.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_stix21_objects.json -------------------------------------------------------------------------------- /tests/test_stix_patterns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_stix_patterns.py -------------------------------------------------------------------------------- /tests/test_storage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_storage.py -------------------------------------------------------------------------------- /tests/test_summary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_summary.py -------------------------------------------------------------------------------- /tests/test_timestamp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_timestamp.py -------------------------------------------------------------------------------- /tests/test_timestamped.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_timestamped.py -------------------------------------------------------------------------------- /tests/test_validate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_validate.py -------------------------------------------------------------------------------- /tests/test_value_counts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/test_value_counts.py -------------------------------------------------------------------------------- /tests/zeek_example.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tests/zeek_example.log -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opencybersecurityalliance/firepit/HEAD/tox.ini --------------------------------------------------------------------------------