TonyCrespoMe / mans_to_es

Parses the FireEye HX .mans triage collections and sends them to ElasticSearch

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool


Version GitHub license HitCount

Parses the FireEye HX .mans triage collections and send them to ElasticSearch

Table of Contents

  1. About
  2. Getting started
  3. Contributing
  4. Disclaimer


mans_to_es is an open source tool for parsing FireEye HX .mans triage collections and send them to ElasticSearch.

Mans file is a zipped collection of xml that we parse using xmltodict. It uses pandas and multiprocessing to speed up the parsing with xml files.

Getting started


pip install mans-to-es


If you want to develop with the script you can download and place it under /usr/local/bin and make it executable.

Usage as script

$ --help
usage: MANS to ES [-h] [--filename FILENAME] [--name NAME] [--index INDEX]
                  [--es_host ES_HOST] [--es_port ES_PORT]
                  [--cpu_count CPU_COUNT] [--bulk_size BULK_SIZE] [--version]

Push .mans information in Elasticsearch index

optional arguments:
  -h, --help            show this help message and exit
  --filename FILENAME   Path of the .mans file
  --name NAME           Timeline name
  --index INDEX         ES index name
  --es_host ES_HOST     ES host
  --es_port ES_PORT     ES port
  --cpu_count CPU_COUNT
                        cpu count
  --bulk_size BULK_SIZE
                        Bulk size for multiprocessing parsing and upload
  --version             show program's version number and exit

Usage as lib

>>> from mans_to_es import MansToEs
>>> a = MansToEs()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() missing 5 required positional arguments: 'filename', 'index', 'name', 'es_host', and 'es_port'
>>> a = MansToEs(filename = '<file.mans>', index="<index>", name="<name>", es_host="localhost", es_port=9200)


If you want to contribute to mans_to_es, be sure to review the contributing guidelines. This project adheres to mans_to_es code of conduct. By participating, you are expected to uphold this code.

**We use GitHub issues for tracking requests and bugs.


This is not an official FireEye product. Bugs are expected.


Parses the FireEye HX .mans triage collections and sends them to ElasticSearch

License:Apache License 2.0


Language:Python 100.0%