{ "info": { "author": "Brian Wylie", "author_email": "brian.wylie@kitware.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy" ], "description": "Bro Analysis Tools (BAT) |travis| |Coverage Status| |supported-versions| |license|\n================================================================================================================\n\n**Bro Analysis Tools**\n\nThe BAT Python package supports the processing and analysis of Bro data with Pandas, scikit-learn, and Spark\n\n\nWhy BAT?\n--------\nBro already has a flexible, powerful scripting language why should I use BAT?\n\n**Offloading:** Running complex tasks like statistics, state machines, machine learning, etc.. should\nbe offloaded from Bro so that Bro can focus on the efficient processing of high volume network traffic.\n\n**Data Analysis:** We have a large set of support classes that help bridge from raw Bro data to packages\nlike Pandas, scikit-learn, and Spark. We also have example notebooks that show step-by-step how to get\nfrom here to there.\n\nExample: Pull in Bro Logs as Python Dictionaries\n------------------------------------------------\n\n.. code-block:: python\n\n from bat import bro_log_reader\n ...\n # Run the bro reader on a given log file\n reader = bro_log_reader.BroLogReader('dhcp.log')\n for row in reader.readrows():\n pprint(row)\n\n\n**Output:** Each row is a nice Python Dictionary with timestamps and types properly converted.\n\n::\n\n {'assigned_ip': '192.168.84.10',\n 'id.orig_h': '192.168.84.10',\n 'id.orig_p': 68,\n 'id.resp_h': '192.168.84.1',\n 'id.resp_p': 67,\n 'lease_time': datetime.timedelta(49710, 23000),\n 'mac': '00:20:18:eb:ca:54',\n 'trans_id': 495764278,\n 'ts': datetime.datetime(2012, 7, 20, 3, 14, 12, 219654),\n 'uid': 'CJsdG95nCNF1RXuN5'}\n ...\n\nExample: Bro log to Pandas DataFrame (in one line of code)\n----------------------------------------------------------\n.. code-block:: python\n\n from bat.log_to_dataframe import LogToDataFrame\n ...\n # Create a Pandas dataframe from a Bro log\n bro_df = LogToDataFrame('/path/to/dns.log')\n\n # Print out the head of the dataframe\n print(bro_df.head())\n\n\n**Output:** All the Bro log data is in a Pandas DataFrame with proper types and timestamp as the index\n\n::\n\n query id.orig_h id.orig_p id.resp_h \\\n ts\n 2013-09-15 17:44:27.631940 guyspy.com 192.168.33.10 1030 4.2.2.3\n 2013-09-15 17:44:27.696869 www.guyspy.com 192.168.33.10 1030 4.2.2.3\n 2013-09-15 17:44:28.060639 devrubn8mli40.cloudfront.net 192.168.33.10 1030 4.2.2.3\n 2013-09-15 17:44:28.141795 d31qbv1cthcecs.cloudfront.net 192.168.33.10 1030 4.2.2.3\n 2013-09-15 17:44:28.422704 crl.entrust.net 192.168.33.10 1030 4.2.2.3\n\n\nMore Examples\n-------------\n- Easy ingestion of any Bro Log into Python (dynamic tailing and log rotations are handled)\n- Bro Logs to Pandas Dataframes and Scikit-Learn\n- Dynamically monitor files.log and make VirusTotal Queries\n- Dynamically monitor http.log and show 'uncommon' User Agents\n- Running Yara Signatures on Extracted Files\n- Checking x509 Certificates\n- Anomaly Detection\n- See `BAT Examples `__ for more details.\n\nAnalysis Notebooks\n------------------\nBAT enables the processing, analysis, and machine learning of realtime data coming from Bro.\n\n- Bro to Scikit-Learn: `Bro to Scikit `__\n- Bro to Matplotlib: `Bro to Plot `__\n- Bro to Parquet to Spark: `Bro->Parquet->Spark `__\n- Bro to Kafka to Spark: `Bro->Kafka->Spark `__\n- Clustering: Picking K (or not): `Clustering K Hyperparameter `__\n- Anomaly Detection Exploration: `Anomaly Detection `__\n- Risky Domains Stats and Deployment: `Risky Domains `__\n\nInstall\n-------\n\n::\n\n $ pip install bat\n\n\nDocumentation\n-------------\n\n`bat-tools.readthedocs.org `__\n\n\nThanks\n------\n- The DummyEncoder is based on Tom Augspurger's great PyData Chicago 2016 `Talk `__\n\n|kitware-logo|\n\n.. |kitware-logo| image:: https://www.kitware.com/img/small_logo_over.png\n :target: https://www.kitware.com\n :alt: Kitware Logo\n.. |travis| image:: https://img.shields.io/travis/Kitware/bat.svg\n :target: https://travis-ci.org/Kitware/bat\n.. |Coverage Status| image:: https://coveralls.io/repos/github/Kitware/bat/badge.svg?branch=master\n :target: https://coveralls.io/github/Kitware/bat?branch=master\n.. |version| image:: https://img.shields.io/pypi/v/bat.svg\n :target: https://pypi.python.org/pypi/bat\n.. |wheel| image:: https://img.shields.io/pypi/wheel/bat.svg\n :target: https://pypi.python.org/pypi/bat\n.. |supported-versions| image:: https://img.shields.io/pypi/pyversions/bat.svg\n :target: https://pypi.python.org/pypi/bat\n.. |supported-implementations| image:: https://img.shields.io/pypi/implementation/bat.svg\n :target: https://pypi.python.org/pypi/bat\n.. |license| image:: https://img.shields.io/badge/License-Apache%202.0-green.svg\n :target: https://choosealicense.com/licenses/apache-2.0\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/kitware/bat", "keywords": "Bro", "license": "Apache", "maintainer": "", "maintainer_email": "", "name": "bat_min", "package_url": "https://pypi.org/project/bat_min/", "platform": "", "project_url": "https://pypi.org/project/bat_min/", "project_urls": { "Homepage": "https://github.com/kitware/bat" }, "release_url": "https://pypi.org/project/bat_min/0.3.2/", "requires_dist": null, "requires_python": "", "summary": "Bro Analysis Tools", "version": "0.3.2" }, "last_serial": 3261077, "releases": { "0.3.2": [ { "comment_text": "", "digests": { "md5": "7b1ed3d856e106a272fd3235b7ee6c81", "sha256": "db9907b0515699725e088b33e555dee07fc0753415a6f5e88ec86037381a0a36" }, "downloads": -1, "filename": "bat_min-0.3.2.tar.gz", "has_sig": false, "md5_digest": "7b1ed3d856e106a272fd3235b7ee6c81", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22354, "upload_time": "2017-10-18T21:30:34", "url": "https://files.pythonhosted.org/packages/e7/2d/00f59be7fe8eb970e6571eeb626fabff010efb103e1589f273ea5260bcf1/bat_min-0.3.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "7b1ed3d856e106a272fd3235b7ee6c81", "sha256": "db9907b0515699725e088b33e555dee07fc0753415a6f5e88ec86037381a0a36" }, "downloads": -1, "filename": "bat_min-0.3.2.tar.gz", "has_sig": false, "md5_digest": "7b1ed3d856e106a272fd3235b7ee6c81", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22354, "upload_time": "2017-10-18T21:30:34", "url": "https://files.pythonhosted.org/packages/e7/2d/00f59be7fe8eb970e6571eeb626fabff010efb103e1589f273ea5260bcf1/bat_min-0.3.2.tar.gz" } ] }