Skip to content
/ dynamite-sdk-lite Public

Dynamite SDK is the companion software development kit to Dynamite NSM

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DynamiteAI/dynamite-sdk-lite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
dynamite_sdk
dynamite_sdk
 
 
notebooks/getting_started
notebooks/getting_started
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Dynamite SDK

Dynamite SDK is the companion software development kit to Dynamite Network Security Monitor.

The main purpose of this SDK is provide a set of wrappers for working with the events generated by the NSM.

Requires Python 3.6 or higher.

Install With...

python setup.py install

Documentation

https://dynamite-sdk-lite.s3-us-west-2.amazonaws.com/index.html

Installation

  1. Install with python setup.py install

  2. Copy dynamite_sdk/config.cfg.example to /etc/dynamite/dynamite_sdk/config.cfg

  3. Edit /etc/dynamite/dynamite_sdk/config.cfg to point to your DynamiteNSM monitor.

  4. Test with:

    from dynamite_sdk.search import Search
from datetime import datetime, timedelta

start = datetime.now() - timedelta(minutes=5)
end = datetime.now()

search = Search('events')
search.execute_query(start, end)

for event in search.events:
    print(event)

    Results:

    [zeek][conn][2019-10-30 14:26:22.033000+00:00]192.168.53.158:34351 -> 169.254.169.123:123
[zeek][conn][2019-10-30 14:25:21.227000+00:00]183.192.249.90:1349 -> 192.168.53.158:23
[zeek][conn][2019-10-30 14:24:49.196000+00:00]45.136.109.82:52217 -> 192.168.53.158:9725
[zeek][conn][2019-10-30 14:23:56.248000+00:00]192.168.53.158:58849 -> 169.254.169.123:123
[zeek][conn][2019-10-30 14:23:47.054000+00:00]167.71.61.167:43260 -> 192.168.53.158:80
[zeek][conn][2019-10-30 14:22:55.206000+00:00]92.118.160.29:61511 -> 192.168.53.158:139
[zeek][conn][2019-10-30 14:22:33.707000+00:00]125.161.190.27:55400 -> 192.168.53.158:5900

Basic Usage

Search within a specific index or log.

from dynamite_sdk.search import Search

start = datetime.now() - timedelta(minutes=5)
end = datetime.now()

search = Search('conn')
search.execute_query(start, end, search_filter="http")
print(search.events)

...

[<dynamite_sdk.objects.events.ConnectionEvent object at 0x11c418588>]

Or retrieve results as pandas Dataframe

search = Search('conn')
search.execute_query(start, end, search_filter="http", as_dataframe=True)

...

  event_type                       event_time  ... history                 uid
0       conn 2019-10-30 09:05:50.235000+00:00  ...      Sr  Ci2dHF1KTpWT94hhdl

Checkout Example Notebooks

Supported Search Indices

  • event - All Zeek logs normalized to timestamp, source, and destination fields.
  • conn - Zeek conn.log (With location information)
  • flows - Zeek conn.log (With location information)
  • dhcp - Zeek dhcp.log
  • dns - Zeek dns.log
  • http - Zeek http.log
  • sip - Zeek sip.log
  • snmp - Zeek snmp.log
  • ssh - Zeek ssh.log

About

Dynamite SDK is the companion software development kit to Dynamite NSM

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages