This is the OCSF processing pipeline for pySigma. It provides the package sigma.pipeline.ocsf with the ocsf_pipeline function that returns a ProcessingPipeline object.
Currently the pipeline adds support for the following event types (Sigma logsource category to OCSF class mapping):
- application
- antivirus
- create_stream_hash
- dns
- dns_query
- driver_load
- firewall
- file_access
- file_change
- file_delete
- file_event
- file_executable_detected
- file_rename
- image_load
- network_connection
- process_access
- process_creation
- process_tampering
- process_termination
- registry_add
- registry_delete
- registry_event
- registry_rename
- registry_set
- sysmon_error
This pipeline is currently maintained by: