Skip to content

README.md

Latest commit

 

History

History
104 lines (75 loc) · 3.45 KB

README.md

File metadata and controls

104 lines (75 loc) · 3.45 KB

Dynamite SDK

Dynamite SDK is the companion software development kit to Dynamite Network Security Monitor.

The main purpose of this SDK is provide a set of wrappers for working with the events generated by the NSM.

Requires Python 3.6 or higher.

Install With...

python setup.py install

Documentation

https://dynamite-sdk-lite.s3-us-west-2.amazonaws.com/index.html

Installation

  1. Install with python setup.py install

  2. Copy dynamite_sdk/config.cfg.example to /etc/dynamite/dynamite_sdk/config.cfg

  3. Edit /etc/dynamite/dynamite_sdk/config.cfg to point to your DynamiteNSM monitor.

  4. Test with:

    from dynamite_sdk.search import Search
from datetime import datetime, timedelta

start = datetime.now() - timedelta(minutes=5)
end = datetime.now()

search = Search('events')
search.execute_query(start, end)

for event in search.events:
    print(event)

    Results:

    [zeek][conn][2019-10-30 14:26:22.033000+00:00]192.168.53.158:34351 -> 169.254.169.123:123
[zeek][conn][2019-10-30 14:25:21.227000+00:00]183.192.249.90:1349 -> 192.168.53.158:23
[zeek][conn][2019-10-30 14:24:49.196000+00:00]45.136.109.82:52217 -> 192.168.53.158:9725
[zeek][conn][2019-10-30 14:23:56.248000+00:00]192.168.53.158:58849 -> 169.254.169.123:123
[zeek][conn][2019-10-30 14:23:47.054000+00:00]167.71.61.167:43260 -> 192.168.53.158:80
[zeek][conn][2019-10-30 14:22:55.206000+00:00]92.118.160.29:61511 -> 192.168.53.158:139
[zeek][conn][2019-10-30 14:22:33.707000+00:00]125.161.190.27:55400 -> 192.168.53.158:5900

Basic Usage

Search within a specific index or log.

from dynamite_sdk.search import Search

start = datetime.now() - timedelta(minutes=5)
end = datetime.now()

search = Search('conn')
search.execute_query(start, end, search_filter="http")
print(search.events)

...

[<dynamite_sdk.objects.events.ConnectionEvent object at 0x11c418588>]

Or retrieve results as pandas Dataframe

search = Search('conn')
search.execute_query(start, end, search_filter="http", as_dataframe=True)

...

  event_type                       event_time  ... history                 uid
0       conn 2019-10-30 09:05:50.235000+00:00  ...      Sr  Ci2dHF1KTpWT94hhdl

Checkout Example Notebooks

Supported Search Indices

  • event - All Zeek logs normalized to timestamp, source, and destination fields.
  • conn - Zeek conn.log (With location information)
  • flows - Zeek conn.log (With location information)
  • dhcp - Zeek dhcp.log
  • dns - Zeek dns.log
  • http - Zeek http.log
  • sip - Zeek sip.log
  • snmp - Zeek snmp.log
  • ssh - Zeek ssh.log