morpheus.parsers.windows_event_parser.WindowsEventParser#
- class WindowsEventParser(interested_eventcodes=None)[source]#
Bases:
EventParserThis is class parses windows event logs.
- Parameters:
- interested_eventcodes: typing.Set[int]
Set of interested codes to parse
- Attributes:
columnsList of columns that are being processed.
event_nameEvent name define type of logs that are being processed.
Methods
clean_raw_data(text)Lower casing and replacing escape characters.
Get columns of windows event codes.
parse(text)Parses the Windows raw event.
parse_raw_event(text, event_regex)Processes parsing of a specific type of raw event records received as a dataframe.
- clean_raw_data(text)[source]#
Lower casing and replacing escape characters.
- Parameters:
- textSeriesType
Raw event log text to be clean
- Returns:
- SeriesType
Clean raw event log text
- property columns#
List of columns that are being processed.
- Returns:
- set[str]
Event column names
- property event_name#
Event name define type of logs that are being processed.
- Returns:
- str
Event name
- get_columns()[source]#
Get columns of windows event codes.
- Returns:
- typing.Set[str]
Columns of all configured eventcodes, if no interested eventcodes specified.
- parse(text)[source]#
Parses the Windows raw event.
- Parameters:
- textSeriesType
Raw event log text to be parsed
- Returns:
- DataFrameType
Parsed logs dataframe
- parse_raw_event(text, event_regex)[source]#
Processes parsing of a specific type of raw event records received as a dataframe.
- Parameters:
- textSeriesType
Raw event log text to be parsed.
- event_regex: typing.Dict[str, str]
Required regular expressions for a given event type.
- Returns:
- DataFrameType
Parsed logs dataframe