Metadata-Version: 2.0
Name: bat
Version: 0.1
Summary: BAT: Bro Analysis Tools
Home-page: https://github.com/kitware/bat
Author: Brian Wylie
Author-email: brian.wylie@kitware.com
License: Apache
Keywords: Bro IDS,Python,Networking,Security
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Requires-Dist: pandas
Requires-Dist: requests
Requires-Dist: scikit-learn
Requires-Dist: scipy
Requires-Dist: watchdog
Provides-Extra: all
Requires-Dist: tldextract; extra == 'all'
Requires-Dist: yara-python; extra == 'all'

BroThon |travis| |Coverage Status| |supported-versions| |license|
================================================================================================================

**Bro + Python = BroThon!**

The BroThon package supports the ingestion, processing, and analysis of Bro IDS data with Python.


Why BroThon?
------------
Bro IDS already has a flexible, powerful scripting language why should I use BroThon?

**Offloading:** Running complex tasks (yara sigs on files, state machines, machine learning, etc..) should
be offloaded from Bro IDS so that Bro can focus on the efficient processing of high volume network traffic.

**Python:** Pulling Bro data into Python allows us to leverage a large set of of Python modules for data analysis,
statistics, machine learning and visualization.

**Data Analysis:** A growing set of notebooks/examples using statistics and machine learning on Bro data.

Easy to Use
-----------

.. code-block:: python

    from brothon import bro_log_reader
    ...
        # Run the bro reader on a given log file
        reader = bro_log_reader.BroLogReader('dhcp.log')
        for row in reader.readrows():
            pprint(row)


**Output:** Each row is a nice Python Dictionary with timestamps and types properly converted.

::

    {'assigned_ip': '192.168.84.10',
    'id.orig_h': '192.168.84.10',
    'id.orig_p': 68,
    'id.resp_h': '192.168.84.1',
    'id.resp_p': 67,
    'lease_time': datetime.timedelta(49710, 23000),
    'mac': '00:20:18:eb:ca:54',
    'trans_id': 495764278,
    'ts': datetime.datetime(2012, 7, 20, 3, 14, 12, 219654),
    'uid': 'CJsdG95nCNF1RXuN5'}
    ...

More Examples
-------------
- Easy ingestion of any Bro Log into Python (dynamic tailing and log rotations are handled)
- Bro Logs to Pandas Dataframes and Scikit-Learn
- Dynamically monitor files.log and make VirusTotal Queries
- Dynamically monitor http.log and show 'uncommon' User Agents
- Running Yara Signatures on Extracted Files
- Checking x509 Certificates
- Anomaly Detection
- See `BroThon Examples <https://brothon.readthedocs.io/en/latest/examples.html>`__ for more details.

Analysis Notebooks
------------------
BroThon enables the processing, analysis, and machine learning of realtime data coming from Bro IDS.

- Risky Domains Stats and Deployment: `Risky Domains <https://github.com/Kitware/BroThon/blob/master/notebooks/Risky_Domains.ipynb>`__
- Bro to Scikit-Learn: `Bro to Scikit <https://github.com/Kitware/BroThon/blob/master/notebooks/Bro_to_Scikit_Learn.ipynb>`__
- Bro to Spark: `Bro to Spark <https://github.com/Kitware/BroThon/blob/master/notebooks/Bro_to_Spark.ipynb>`__
- Anomaly Detection Exploration: `Anomaly Detection <https://github.com/Kitware/BroThon/blob/master/notebooks/Anomaly_Detection.ipynb>`__

Install
-------

::

    $ pip install brothon
    or
    $ pip install brothon[all]   # Includes additional dependencies to run all examples (yara, etc)


Documentation
-------------

`BroThon.readthedocs.org <https://BroThon.readthedocs.org/>`__


Thanks
------
- The DummyEncoder is based on Tom Augspurger's great PyData Chicago 2016 `Talk <https://youtu.be/KLPtEBokqQ0>`__

|kitware-logo|

.. |kitware-logo| image:: https://www.kitware.com/img/small_logo_over.png
   :target: https://www.kitware.com
   :alt: Kitware Logo
.. |travis| image:: https://img.shields.io/travis/Kitware/BroThon.svg
   :target: https://travis-ci.org/Kitware/BroThon
.. |Coverage Status| image:: https://coveralls.io/repos/github/Kitware/BroThon/badge.svg?branch=master
   :target: https://coveralls.io/github/Kitware/BroThon?branch=master
.. |version| image:: https://img.shields.io/pypi/v/BroThon.svg
   :target: https://pypi.python.org/pypi/BroThon
.. |wheel| image:: https://img.shields.io/pypi/wheel/BroThon.svg
   :target: https://pypi.python.org/pypi/BroThon
.. |supported-versions| image:: https://img.shields.io/pypi/pyversions/BroThon.svg
   :target: https://pypi.python.org/pypi/BroThon
.. |supported-implementations| image:: https://img.shields.io/pypi/implementation/BroThon.svg
   :target: https://pypi.python.org/pypi/BroThon
.. |license| image:: https://img.shields.io/badge/License-Apache%202.0-green.svg
   :target: https://choosealicense.com/licenses/apache-2.0


