- class WindowsEventParser(interested_eventcodes=None)[source]
Bases:
morpheus.parsers.event_parser.EventParserThis is class parses windows event logs.
- Parameters:
- interested_eventcodes: typing.Set[int]
Set of interested codes to parse
- Attributes:
columnsevent_name
List of columns that are being processed.
Event name define type of logs that are being processed.
Methods
clean_raw_data(text)Lower casing and replacing escape characters.
Get columns of windows event codes.
parse(text)Parses the Windows raw event.
parse_raw_event(text, event_regex)Processes parsing of a specific type of raw event records received as a dataframe.
- clean_raw_data(text)[source]
Lower casing and replacing escape characters.
- Parameters:
- textcudf.Series
Raw event log text to be clean
- Returns:
- cudf.Series
Clean raw event log text
- property columns
List of columns that are being processed.
- Returns:
- typing.Set[str]
Event column names
- property event_name
Event name define type of logs that are being processed.
- Returns:
- str
Event name
- get_columns()[source]
Get columns of windows event codes.
- Returns:
- typing.Set[str]
Columns of all configured eventcodes, if no interested eventcodes specified.
- parse(text)[source]
Parses the Windows raw event.
- Parameters:
- textcudf.Series
Raw event log text to be parsed
- Returns:
- cudf.DataFrame
Parsed logs dataframe
- parse_raw_event(text, event_regex)[source]
Processes parsing of a specific type of raw event records received as a dataframe.
- Parameters:
- textcudf.Series
- event_regex: typing.Dict[str, any]
Raw event log text to be parsed.
Required regular expressions for a given event type.
- Returns:
- cudf.DataFrame
Parsed logs dataframe
