- class WindowsEventParser(interested_eventcodes=None)[source]
Bases:
morpheus.parsers.event_parser.EventParserThis is class parses windows event logs.
- Parameters
- interested_eventcodes: typing.Set[int]
Set of interested codes to parse
- Attributes
columnsevent_name
List of columns that are being processed.
Event name define type of logs that are being processed.
Methods
clean_raw_data(text)Lower casing and replacing escape characters. get_columns()Get columns of windows event codes. parse(text)Parses the Windows raw event. parse_raw_event(text, event_regex)Processes parsing of a specific type of raw event records received as a dataframe. - clean_raw_data(text)[source]
Lower casing and replacing escape characters.
- Parameters
- text
Raw event log text to be clean
- Returns
- cudf.Series
Clean raw event log text
- property columns
List of columns that are being processed.
- Returns
- typing.Set[str]
Event column names
- property event_name
Event name define type of logs that are being processed.
- Returns
- str
Event name
- get_columns()[source]
Get columns of windows event codes.
- Returns
- typing.Set[str]
Columns of all configured eventcodes, if no interested eventcodes specified.
- parse(text)[source]
Parses the Windows raw event.
- Parameters
- text
Raw event log text to be parsed
- Returns
- cudf.DataFrame
Parsed logs dataframe
- parse_raw_event(text, event_regex)[source]
Processes parsing of a specific type of raw event records received as a dataframe.
- Parameters
- text
- event_regex: typing.Dict[str, any]
Raw event log text to be parsed.
Required regular expressions for a given event type.
- Returns
- cudf.DataFrame
Parsed logs dataframe
morpheus.parsers.windows_event_parser.WindowsEventParser
(Latest Version)
Previous
morpheus.parsers.windows_event_parser
Next
morpheus.parsers.zeek