colander_data_converter.base.types.event
- class colander_data_converter.base.types.event.EventType[source]
Bases:
CommonEntityType
EventType represents metadata for events in Colander. Check the list of supported types.
Example
>>> event_type = EventTypes.HIT.value >>> print(event_type.name) Hit
- Fields:
- Validators:
is_supported_type
»short_name
- class colander_data_converter.base.types.event.EventTypes(*values)[source]
Bases:
Enum
EventTypes provides access to all supported event types.
This class loads event type definitions from the event types JSON file and exposes them as an enum. It also provides a method to look up an event type by its short name.
Example
>>> event_type = EventTypes.HIT.value >>> print(event_type.name) Hit >>> default_type = EventTypes.by_short_name("nonexistent") >>> print(default_type.name) Generic
- ALERT = ALERT
Alert - A notification or warning about a detected security event or anomaly.
- ATTACK = ATTACK
Attack - An event indicating a deliberate attempt to breach, disrupt, or damage a system or network.
- AV_DETECTION = AV_DETECTION
AntiVirus detection - An event where antivirus software detects malicious or suspicious activity.
- COMMUNICATION = COMMUNICATION
Communication - An event involving the exchange of information between entities, such as emails or messages.
- COMPROMISE = COMPROMISE
Compromise - An event indicating that a system, account, or data has been breached or compromised.
- GENERIC = GENERIC
Generic - An event that does not fit into any of the predefined categories.
- HIT = HIT
Hit - An event indicating a match or detection by a rule, signature, or indicator.
- INFECTION = INFECTION
Infection - An event where a system or device is infected by malware or a similar threat.
- PASSIVE_DNS = PASSIVE_DNS
Passive DNS - An event recording historical DNS resolution data observed passively.
- RESOLVE = RESOLVE
Resolution - An event where a domain or hostname is resolved to an IP address.
- TARGETED_ATTACK = TARGETED_ATTACK
Targeted attack - An event representing a focused and intentional attack against a specific entity or asset.
- default = GENERIC