# Cybersecurity Log Generator
A comprehensive Python package for generating synthetic cybersecurity logs across all 24 cyberdefense pillars with realistic attack patterns and threat intelligence.
## Features
- **24 Cyberdefense Pillars**: Generate logs for all major cybersecurity domains
- **Realistic Attack Patterns**: Simulate real-world threats and attack scenarios
- **Multiple Log Types**: Support for IDS, web access, endpoint, Windows events, Linux syslog, firewall, and more
- **Threat Actor Simulation**: Generate logs for known threat actors (APT29, APT28, Lazarus, etc.)
- **Correlated Events**: Create realistic attack chains with correlated events
- **Campaign Generation**: Simulate coordinated attack campaigns
- **Multiple Export Formats**: JSON, CSV, Syslog, CEF, LEEF
- **REST API**: FastAPI-based web service for log generation
- **MCP Server**: Model Context Protocol server for AI integration
- **CLI Tools**: Command-line interface for easy usage
## Installation
### From PyPI (Recommended)
```bash
pip install cybersecurity-log-generator
```
### From Source
```bash
git clone https://github.com/your-org/cybersecurity-log-generator.git
cd cybersecurity-log-generator
pip install -e .
```
## Quick Start
### Command Line Usage
```bash
# Generate basic IDS logs
cybersecurity-log-gen generate --type ids --count 100
# Generate authentication pillar logs
cybersecurity-log-gen pillar --pillar authentication --count 200 --output auth_logs.json
# List all supported types and pillars
cybersecurity-log-gen list-types
```
### Python API Usage
```python
from cybersecurity_log_generator import LogGenerator, EnhancedLogGenerator
from cybersecurity_log_generator.core.models import LogType, CyberdefensePillar
# Basic log generation
generator = LogGenerator()
logs = generator.generate_logs(LogType.IDS, count=100, time_range="24h")
# Enhanced pillar-specific generation
enhanced_generator = EnhancedLogGenerator()
logs = enhanced_generator.generate_logs(CyberdefensePillar.AUTHENTICATION, count=200)
# Generate correlated events
correlated_logs = enhanced_generator.generate_correlated_events(
pillars=[CyberdefensePillar.AUTHENTICATION, CyberdefensePillar.NETWORK_SECURITY],
count=100,
correlation_strength=0.8
)
# Generate campaign logs
campaign_logs = enhanced_generator.generate_campaign_logs(
threat_actor="APT29",
duration="72h",
target_count=150
)
```
### REST API Usage
```bash
# Start the API server (default port 9021)
python -m cybersecurity_log_generator.api
# Generate logs via API
curl -X POST "http://localhost:9021/generate" \
-H "Content-Type: application/json" \
-d '{"log_type": "ids", "count": 100, "time_range": "24h"}'
# Generate pillar logs via API
curl -X POST "http://localhost:9021/pillar" \
-H "Content-Type: application/json" \
-d '{"pillar": "authentication", "count": 200, "time_range": "24h"}'
```
### MCP Server Usage
The MCP (Model Context Protocol) server provides AI integration capabilities for Claude Desktop and Cursor IDE. **Note: This is NOT a REST API** - it uses JSON-RPC protocol.
#### Quick Start
```bash
# STDIO mode (for Cursor IDE) - Recommended
python -m cybersecurity_log_generator.mcp_server.server --transport stdio
# HTTP mode (for remote access) - JSON-RPC over HTTP
python -m cybersecurity_log_generator.mcp_server.server --transport http --host 0.0.0.0 --port 8003
# Using Docker
docker-compose up cybersecurity-log-generator-stdio --build
```
#### Cursor IDE Configuration
Create `~/.cursor/mcp.json`:
```json
{
"mcpServers": {
"cybersecurity_log_generator": {
"command": "/path/to/cybersecurity_log_generator/venv/bin/python",
"args": ["/path/to/cybersecurity_log_generator/mcp_server/server.py"],
"env": {
"PYTHONPATH": "/path/to/cybersecurity_log_generator"
}
}
}
}
```
#### Claude Desktop Configuration
Create `~/.claude/mcp.json`:
```json
{
"mcpServers": {
"cybersecurity_log_generator": {
"command": "/path/to/cybersecurity_log_generator/venv/bin/python",
"args": ["/path/to/cybersecurity_log_generator/mcp_server/server.py"],
"env": {
"PYTHONPATH": "/path/to/cybersecurity_log_generator"
}
}
}
}
```
**Available MCP Tools:**
- `generate_logs` - Generate basic cybersecurity logs
- `generate_pillar_logs` - Generate logs for specific cyberdefense pillars
- `generate_campaign_logs` - Generate coordinated attack campaigns
- `generate_correlated_logs` - Generate correlated events across pillars
- `generate_siem_priority_logs` - Generate SIEM priority logs
- `export_logs` - Export logs in various formats
- `analyze_log_patterns` - Analyze log patterns and provide insights
**MCP Server Features:**
- AI model integration for intelligent log generation
- Tool-based interface for AI assistants
- Real-time log generation and analysis
- VictoriaLogs integration for log ingestion
- Comprehensive tool documentation
- Docker support with docker-compose
**Important:** The MCP server uses JSON-RPC protocol, not REST API. For REST API usage, see the "REST API Usage" section above.
📖 **For detailed MCP server documentation, configuration examples, and troubleshooting, see the [MCP Server README](cybersecurity_log_generator/README.md)**
## Supported Log Types
- **IDS**: Intrusion Detection System logs
- **Web Access**: Web application access logs
- **Endpoint**: Endpoint Detection and Response logs
- **Windows Event**: Windows Event Logs
- **Linux Syslog**: Linux system logs
- **Firewall**: Firewall and network security logs
## Supported Cyberdefense Pillars
- **Authentication**: Login attempts, failures, MFA events
- **Authorization**: Permission changes, access control
- **Network Security**: Firewall, IDS/IPS, network monitoring
- **Endpoint Security**: EDR, malware detection, system events
- **Cloud Security**: AWS, Azure, GCP security events
- **Container Security**: Kubernetes, Docker security logs
- **Data Protection**: Encryption, data loss prevention
- **Incident Response**: Security incidents, forensics
- **Threat Intelligence**: IOCs, threat indicators
- **Vulnerability Management**: CVE tracking, patch management
- And 14 more pillars...
## Export Formats
```python
from cybersecurity_log_generator.utils import export_logs
# Export in different formats
export_logs(logs, format="json", output_path="logs.json")
export_logs(logs, format="csv", output_path="logs.csv")
export_logs(logs, format="syslog", output_path="logs.syslog")
export_logs(logs, format="cef", output_path="logs.cef")
export_logs(logs, format="leef", output_path="logs.leef")
```
## Configuration
Create a `config.yaml` file or set environment variables:
```yaml
# config.yaml
default_count: 100
default_time_range: "24h"
output_format: "json"
include_metadata: true
realistic_patterns: true
correlation_enabled: true
victorialogs_url: "http://localhost:9428"
victorialogs_enabled: false
# API settings
api_host: "0.0.0.0"
api_port: 9021
api_workers: 1
```
Or use environment variables:
```bash
export CYBERSECURITY_LOG_DEFAULT_COUNT=200
export CYBERSECURITY_LOG_DEFAULT_TIME_RANGE="48h"
export CYBERSECURITY_LOG_OUTPUT_FORMAT="csv"
export CYBERSECURITY_LOG_API_PORT=9021
export CYBERSECURITY_LOG_API_HOST="0.0.0.0"
```
### API Server Configuration
The REST API server runs on **port 9021** by default. You can customize this:
```bash
# Use default port 9021
python -m cybersecurity_log_generator.api
# Use custom port
uvicorn cybersecurity_log_generator.api:app --host 0.0.0.0 --port 8080
# Use environment variable
export CYBERSECURITY_LOG_API_PORT=8080
python -m cybersecurity_log_generator.api
```
## Testing
```bash
# Run all tests
pytest
# Run specific test categories
pytest tests/test_generator.py
pytest tests/test_enhanced_generator.py
pytest tests/test_api.py
pytest tests/test_integration.py
# Run with coverage
pytest --cov=cybersecurity_log_generator
```
## Development
```bash
# Install development dependencies
pip install -e ".[dev]"
# Run linting
black cybersecurity_log_generator/
flake8 cybersecurity_log_generator/
# Run type checking
mypy cybersecurity_log_generator/
```
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Run the test suite
6. Submit a pull request
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Support
- **Documentation**: [GitHub Wiki](https://github.com/your-org/cybersecurity-log-generator/wiki)
- **Issues**: [GitHub Issues](https://github.com/your-org/cybersecurity-log-generator/issues)
- **Discussions**: [GitHub Discussions](https://github.com/your-org/cybersecurity-log-generator/discussions)
## Changelog
### v1.0.0
- Initial release
- Support for 24 cyberdefense pillars
- Multiple log types and formats
- REST API and CLI tools
- MCP server integration
- Comprehensive test suite
Raw data
{
"_id": null,
"home_page": "https://github.com/tredkar/hd-syntheticdata",
"name": "cybersecurity-log-generator",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "cybersecurity, log generation, security testing, synthetic data, threat simulation, SIEM, SOC, security analysis, penetration testing, red team, blue team",
"author": "Cybersecurity Log Generator Team",
"author_email": "Cybersecurity Log Generator Team <support@cybersecurity-log-generator.com>",
"download_url": "https://files.pythonhosted.org/packages/7b/ff/69f844ca8daeae64fefd79661a1c577198e60e4153b2c16749ef56123434/cybersecurity_log_generator-1.0.1.tar.gz",
"platform": null,
"description": "# Cybersecurity Log Generator\n\nA comprehensive Python package for generating synthetic cybersecurity logs across all 24 cyberdefense pillars with realistic attack patterns and threat intelligence.\n\n## Features\n\n- **24 Cyberdefense Pillars**: Generate logs for all major cybersecurity domains\n- **Realistic Attack Patterns**: Simulate real-world threats and attack scenarios\n- **Multiple Log Types**: Support for IDS, web access, endpoint, Windows events, Linux syslog, firewall, and more\n- **Threat Actor Simulation**: Generate logs for known threat actors (APT29, APT28, Lazarus, etc.)\n- **Correlated Events**: Create realistic attack chains with correlated events\n- **Campaign Generation**: Simulate coordinated attack campaigns\n- **Multiple Export Formats**: JSON, CSV, Syslog, CEF, LEEF\n- **REST API**: FastAPI-based web service for log generation\n- **MCP Server**: Model Context Protocol server for AI integration\n- **CLI Tools**: Command-line interface for easy usage\n\n## Installation\n\n### From PyPI (Recommended)\n\n```bash\npip install cybersecurity-log-generator\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/your-org/cybersecurity-log-generator.git\ncd cybersecurity-log-generator\npip install -e .\n```\n\n## Quick Start\n\n### Command Line Usage\n\n```bash\n# Generate basic IDS logs\ncybersecurity-log-gen generate --type ids --count 100\n\n# Generate authentication pillar logs\ncybersecurity-log-gen pillar --pillar authentication --count 200 --output auth_logs.json\n\n# List all supported types and pillars\ncybersecurity-log-gen list-types\n```\n\n### Python API Usage\n\n```python\nfrom cybersecurity_log_generator import LogGenerator, EnhancedLogGenerator\nfrom cybersecurity_log_generator.core.models import LogType, CyberdefensePillar\n\n# Basic log generation\ngenerator = LogGenerator()\nlogs = generator.generate_logs(LogType.IDS, count=100, time_range=\"24h\")\n\n# Enhanced pillar-specific generation\nenhanced_generator = EnhancedLogGenerator()\nlogs = enhanced_generator.generate_logs(CyberdefensePillar.AUTHENTICATION, count=200)\n\n# Generate correlated events\ncorrelated_logs = enhanced_generator.generate_correlated_events(\n pillars=[CyberdefensePillar.AUTHENTICATION, CyberdefensePillar.NETWORK_SECURITY],\n count=100,\n correlation_strength=0.8\n)\n\n# Generate campaign logs\ncampaign_logs = enhanced_generator.generate_campaign_logs(\n threat_actor=\"APT29\",\n duration=\"72h\",\n target_count=150\n)\n```\n\n### REST API Usage\n\n```bash\n# Start the API server (default port 9021)\npython -m cybersecurity_log_generator.api\n\n# Generate logs via API\ncurl -X POST \"http://localhost:9021/generate\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"log_type\": \"ids\", \"count\": 100, \"time_range\": \"24h\"}'\n\n# Generate pillar logs via API\ncurl -X POST \"http://localhost:9021/pillar\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"pillar\": \"authentication\", \"count\": 200, \"time_range\": \"24h\"}'\n```\n\n### MCP Server Usage\n\nThe MCP (Model Context Protocol) server provides AI integration capabilities for Claude Desktop and Cursor IDE. **Note: This is NOT a REST API** - it uses JSON-RPC protocol.\n\n#### Quick Start\n```bash\n# STDIO mode (for Cursor IDE) - Recommended\npython -m cybersecurity_log_generator.mcp_server.server --transport stdio\n\n# HTTP mode (for remote access) - JSON-RPC over HTTP\npython -m cybersecurity_log_generator.mcp_server.server --transport http --host 0.0.0.0 --port 8003\n\n# Using Docker\ndocker-compose up cybersecurity-log-generator-stdio --build\n```\n\n#### Cursor IDE Configuration\nCreate `~/.cursor/mcp.json`:\n```json\n{\n \"mcpServers\": {\n \"cybersecurity_log_generator\": {\n \"command\": \"/path/to/cybersecurity_log_generator/venv/bin/python\",\n \"args\": [\"/path/to/cybersecurity_log_generator/mcp_server/server.py\"],\n \"env\": {\n \"PYTHONPATH\": \"/path/to/cybersecurity_log_generator\"\n }\n }\n }\n}\n```\n\n#### Claude Desktop Configuration\nCreate `~/.claude/mcp.json`:\n```json\n{\n \"mcpServers\": {\n \"cybersecurity_log_generator\": {\n \"command\": \"/path/to/cybersecurity_log_generator/venv/bin/python\",\n \"args\": [\"/path/to/cybersecurity_log_generator/mcp_server/server.py\"],\n \"env\": {\n \"PYTHONPATH\": \"/path/to/cybersecurity_log_generator\"\n }\n }\n }\n}\n```\n\n**Available MCP Tools:**\n- `generate_logs` - Generate basic cybersecurity logs\n- `generate_pillar_logs` - Generate logs for specific cyberdefense pillars\n- `generate_campaign_logs` - Generate coordinated attack campaigns\n- `generate_correlated_logs` - Generate correlated events across pillars\n- `generate_siem_priority_logs` - Generate SIEM priority logs\n- `export_logs` - Export logs in various formats\n- `analyze_log_patterns` - Analyze log patterns and provide insights\n\n**MCP Server Features:**\n- AI model integration for intelligent log generation\n- Tool-based interface for AI assistants\n- Real-time log generation and analysis\n- VictoriaLogs integration for log ingestion\n- Comprehensive tool documentation\n- Docker support with docker-compose\n\n**Important:** The MCP server uses JSON-RPC protocol, not REST API. For REST API usage, see the \"REST API Usage\" section above.\n\n\ud83d\udcd6 **For detailed MCP server documentation, configuration examples, and troubleshooting, see the [MCP Server README](cybersecurity_log_generator/README.md)**\n\n## Supported Log Types\n\n- **IDS**: Intrusion Detection System logs\n- **Web Access**: Web application access logs\n- **Endpoint**: Endpoint Detection and Response logs\n- **Windows Event**: Windows Event Logs\n- **Linux Syslog**: Linux system logs\n- **Firewall**: Firewall and network security logs\n\n## Supported Cyberdefense Pillars\n\n- **Authentication**: Login attempts, failures, MFA events\n- **Authorization**: Permission changes, access control\n- **Network Security**: Firewall, IDS/IPS, network monitoring\n- **Endpoint Security**: EDR, malware detection, system events\n- **Cloud Security**: AWS, Azure, GCP security events\n- **Container Security**: Kubernetes, Docker security logs\n- **Data Protection**: Encryption, data loss prevention\n- **Incident Response**: Security incidents, forensics\n- **Threat Intelligence**: IOCs, threat indicators\n- **Vulnerability Management**: CVE tracking, patch management\n- And 14 more pillars...\n\n## Export Formats\n\n```python\nfrom cybersecurity_log_generator.utils import export_logs\n\n# Export in different formats\nexport_logs(logs, format=\"json\", output_path=\"logs.json\")\nexport_logs(logs, format=\"csv\", output_path=\"logs.csv\")\nexport_logs(logs, format=\"syslog\", output_path=\"logs.syslog\")\nexport_logs(logs, format=\"cef\", output_path=\"logs.cef\")\nexport_logs(logs, format=\"leef\", output_path=\"logs.leef\")\n```\n\n## Configuration\n\nCreate a `config.yaml` file or set environment variables:\n\n```yaml\n# config.yaml\ndefault_count: 100\ndefault_time_range: \"24h\"\noutput_format: \"json\"\ninclude_metadata: true\nrealistic_patterns: true\ncorrelation_enabled: true\nvictorialogs_url: \"http://localhost:9428\"\nvictorialogs_enabled: false\n# API settings\napi_host: \"0.0.0.0\"\napi_port: 9021\napi_workers: 1\n```\n\nOr use environment variables:\n\n```bash\nexport CYBERSECURITY_LOG_DEFAULT_COUNT=200\nexport CYBERSECURITY_LOG_DEFAULT_TIME_RANGE=\"48h\"\nexport CYBERSECURITY_LOG_OUTPUT_FORMAT=\"csv\"\nexport CYBERSECURITY_LOG_API_PORT=9021\nexport CYBERSECURITY_LOG_API_HOST=\"0.0.0.0\"\n```\n\n### API Server Configuration\n\nThe REST API server runs on **port 9021** by default. You can customize this:\n\n```bash\n# Use default port 9021\npython -m cybersecurity_log_generator.api\n\n# Use custom port\nuvicorn cybersecurity_log_generator.api:app --host 0.0.0.0 --port 8080\n\n# Use environment variable\nexport CYBERSECURITY_LOG_API_PORT=8080\npython -m cybersecurity_log_generator.api\n```\n\n## Testing\n\n```bash\n# Run all tests\npytest\n\n# Run specific test categories\npytest tests/test_generator.py\npytest tests/test_enhanced_generator.py\npytest tests/test_api.py\npytest tests/test_integration.py\n\n# Run with coverage\npytest --cov=cybersecurity_log_generator\n```\n\n## Development\n\n```bash\n# Install development dependencies\npip install -e \".[dev]\"\n\n# Run linting\nblack cybersecurity_log_generator/\nflake8 cybersecurity_log_generator/\n\n# Run type checking\nmypy cybersecurity_log_generator/\n```\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Add tests for new functionality\n5. Run the test suite\n6. Submit a pull request\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\n- **Documentation**: [GitHub Wiki](https://github.com/your-org/cybersecurity-log-generator/wiki)\n- **Issues**: [GitHub Issues](https://github.com/your-org/cybersecurity-log-generator/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/your-org/cybersecurity-log-generator/discussions)\n\n## Changelog\n\n### v1.0.0\n- Initial release\n- Support for 24 cyberdefense pillars\n- Multiple log types and formats\n- REST API and CLI tools\n- MCP server integration\n- Comprehensive test suite\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Generate synthetic cybersecurity logs for testing and analysis across all 24 cyberdefense pillars",
"version": "1.0.1",
"project_urls": {
"Bug Reports": "https://github.com/tredkar/hd-syntheticdata/issues",
"Documentation": "https://github.com/tredkar/hd-syntheticdata/blob/main/README.md",
"Homepage": "https://github.com/tredkar/hd-syntheticdata",
"Repository": "https://github.com/tredkar/hd-syntheticdata"
},
"split_keywords": [
"cybersecurity",
" log generation",
" security testing",
" synthetic data",
" threat simulation",
" siem",
" soc",
" security analysis",
" penetration testing",
" red team",
" blue team"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "ef73d564a351fceb90112750cbdd393d5836908a443c1655312ab07e37dfdb41",
"md5": "ba4be33f99539130447cb1d744b1ce0a",
"sha256": "0f3587524cdc31845d3828b0a26ac41b42657a604145abbc1b0efd22f47c26d1"
},
"downloads": -1,
"filename": "cybersecurity_log_generator-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ba4be33f99539130447cb1d744b1ce0a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 325467,
"upload_time": "2025-10-23T22:32:41",
"upload_time_iso_8601": "2025-10-23T22:32:41.144985Z",
"url": "https://files.pythonhosted.org/packages/ef/73/d564a351fceb90112750cbdd393d5836908a443c1655312ab07e37dfdb41/cybersecurity_log_generator-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "7bff69f844ca8daeae64fefd79661a1c577198e60e4153b2c16749ef56123434",
"md5": "8bec9299f39312d0c9e755827c22bb26",
"sha256": "901406970397c4f801986a28d5615453540ec792e77724c9b23a868b64b39578"
},
"downloads": -1,
"filename": "cybersecurity_log_generator-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "8bec9299f39312d0c9e755827c22bb26",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 254592,
"upload_time": "2025-10-23T22:32:42",
"upload_time_iso_8601": "2025-10-23T22:32:42.797683Z",
"url": "https://files.pythonhosted.org/packages/7b/ff/69f844ca8daeae64fefd79661a1c577198e60e4153b2c16749ef56123434/cybersecurity_log_generator-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-23 22:32:42",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "tredkar",
"github_project": "hd-syntheticdata",
"github_not_found": true,
"lcname": "cybersecurity-log-generator"
}
JSON
