colander_data_converter.base.types.event

class colander_data_converter.base.types.event.EventType[source]

Bases: CommonEntityType

EventType represents metadata for events in Colander. Check the list of supported types.

Example

>>> event_type = EventTypes.HIT.value
>>> print(event_type.name)
Hit
Fields:

Validators:
validator is_supported_type  »  short_name[source]
class colander_data_converter.base.types.event.EventTypes(*values)[source]

Bases: Enum

EventTypes provides access to all supported event types.

This class loads event type definitions from the event types JSON file and exposes them as an enum. It also provides a method to look up an event type by its short name.

Example

>>> event_type = EventTypes.HIT.value
>>> print(event_type.name)
Hit
>>> default_type = EventTypes.by_short_name("nonexistent")
>>> print(default_type.name)
Generic
classmethod by_short_name(short_name)[source]
ALERT = ALERT

Alert - A notification or warning about a detected security event or anomaly.

ATTACK = ATTACK

Attack - An event indicating a deliberate attempt to breach, disrupt, or damage a system or network.

AV_DETECTION = AV_DETECTION

AntiVirus detection - An event where antivirus software detects malicious or suspicious activity.

COMMUNICATION = COMMUNICATION

Communication - An event involving the exchange of information between entities, such as emails or messages.

COMPROMISE = COMPROMISE

Compromise - An event indicating that a system, account, or data has been breached or compromised.

GENERIC = GENERIC

Generic - An event that does not fit into any of the predefined categories.

HIT = HIT

Hit - An event indicating a match or detection by a rule, signature, or indicator.

INFECTION = INFECTION

Infection - An event where a system or device is infected by malware or a similar threat.

PASSIVE_DNS = PASSIVE_DNS

Passive DNS - An event recording historical DNS resolution data observed passively.

RESOLVE = RESOLVE

Resolution - An event where a domain or hostname is resolved to an IP address.

TARGETED_ATTACK = TARGETED_ATTACK

Targeted attack - An event representing a focused and intentional attack against a specific entity or asset.

default = GENERIC