| Name | mimizuku JSON |
| Version |
0.2.34
JSON |
| download |
| home_page | https://github.com/pyama86/mimizuku |
| Summary | A package for anomaly detection using Isolation Forest for Wazuh Alerts |
| upload_time | 2024-09-13 07:10:33 |
| maintainer | None |
| docs_url | None |
| author | pyama86 |
| requires_python | >=3.6 |
| license | None |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Mimizuku: Anomaly Detection for Wazuh Alerts
Mimizuku is a Python library designed for anomaly detection based on filesystem and command auditing events extracted from Wazuh alerts. It leverages unsupervised learning techniques to identify unusual activities in system logs, making it ideal for security-related use cases, such as detecting unauthorized file modifications or suspicious command executions.
## Features
- **Wazuh Alerts Integration**: Specifically designed to process Wazuh alert logs for anomaly detection.
- **Flexible Anomaly Detection**: Detects anomalies using filesystem events and command executions based on custom rules.
- **Customizable Settings**: Configure parameters such as the number of neighbors, contamination rate, and file/user ignore lists.
- **Filesystem Event Monitoring**: Automatically identifies suspicious file changes.
- **Command Auditing**: Detects anomalies in command execution patterns.
- **Model Persistence**: Easily save and load trained models for future use.
## Installation
```bash
pip install mimizuku
```
## Usage
### 1. Initialize and Train the Model
```python
import pandas as pd
from mimizuku import Mimizuku
# Initialize the model with custom settings
model = Mimizuku(contamination=0.001, n_neighbors=5)
# Train the model using a Wazuh alert log file or DataFrame
model.fit("./training.json")
# Save the trained model for later use
model.save_model("./models")
```
### 2. Load and Use the Model for Anomaly Detection
```python
import pandas as pd
from mimizuku import Mimizuku
from mimizuku.rules.audit_command import AuditCommand
from mimizuku.rules.fs_notify import FsNotify
# Initialize the model
n_neighbors = 5
contamination = 0.001
ignore_user_names = ["root"]
fsn = FsNotify(
n_neighbors=n_neighbors,
contamination=contamination,
)
ac = AuditCommand(
n_neighbors=n_neighbors,
contamination=contamination,
ignore_user_names=ignore_user_names,
)
model = Mimizuku()
model.add_rule(fsn)
model.add_rule(ac)
# Train the model with a log file or DataFrame
model.fit("./training.json")
# Save the trained model
model.save_model("./models")
# Load the model and use it for prediction
loaded_model = Mimizuku.load_model("./models")
anomalies_df = loaded_model.predict("./test.json")
# Display detected anomalies
print("Detected anomalies:")
print(anomalies_df)
```
## Customization Options
### Parameters for Model Initialization:
- **`n_neighbors`**: Number of neighbors to use for the Local Outlier Factor algorithm.
- **`contamination`**: Proportion of the dataset that is expected to be anomalous.
### Model Persistence:
- **`save_model(model_path)`**: Saves the trained model and vectorizer to a specified path.
- **`load_model(model_path)`**: Loads a saved model and applies ignore lists during prediction.
## Example Log Format
The input data for the model is expected to be in JSON format, following the Wazuh alert structure. Below is an example of a Wazuh alert log entry that Mimizuku can process:
```json
{
"syscheck": {
"path": "/etc/passwd",
"event": "modified",
"audit": {
"effective_user": {
"name": "root"
}
}
},
"agent": {
"name": "my-hostname"
},
"rule": {
"id": "550",
"level": 7
}
}
```
## License
Mimizuku is licensed under the MIT License.
Raw data
{
"_id": null,
"home_page": "https://github.com/pyama86/mimizuku",
"name": "mimizuku",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "pyama86",
"author_email": "www.kazu.com@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e3/4f/81506bf63e56778b6ce4f4c7eb2c6ae0388d94fb5d738f6c8a2eee46980c/mimizuku-0.2.34.tar.gz",
"platform": null,
"description": "# Mimizuku: Anomaly Detection for Wazuh Alerts\n\nMimizuku is a Python library designed for anomaly detection based on filesystem and command auditing events extracted from Wazuh alerts. It leverages unsupervised learning techniques to identify unusual activities in system logs, making it ideal for security-related use cases, such as detecting unauthorized file modifications or suspicious command executions.\n\n## Features\n\n- **Wazuh Alerts Integration**: Specifically designed to process Wazuh alert logs for anomaly detection.\n- **Flexible Anomaly Detection**: Detects anomalies using filesystem events and command executions based on custom rules.\n- **Customizable Settings**: Configure parameters such as the number of neighbors, contamination rate, and file/user ignore lists.\n- **Filesystem Event Monitoring**: Automatically identifies suspicious file changes.\n- **Command Auditing**: Detects anomalies in command execution patterns.\n- **Model Persistence**: Easily save and load trained models for future use.\n\n## Installation\n\n```bash\npip install mimizuku\n```\n\n## Usage\n\n### 1. Initialize and Train the Model\n\n```python\nimport pandas as pd\nfrom mimizuku import Mimizuku\n\n# Initialize the model with custom settings\nmodel = Mimizuku(contamination=0.001, n_neighbors=5)\n\n# Train the model using a Wazuh alert log file or DataFrame\nmodel.fit(\"./training.json\")\n\n# Save the trained model for later use\nmodel.save_model(\"./models\")\n```\n\n### 2. Load and Use the Model for Anomaly Detection\n\n```python\nimport pandas as pd\n\nfrom mimizuku import Mimizuku\nfrom mimizuku.rules.audit_command import AuditCommand\nfrom mimizuku.rules.fs_notify import FsNotify\n\n# Initialize the model\nn_neighbors = 5\ncontamination = 0.001\nignore_user_names = [\"root\"]\n\nfsn = FsNotify(\n n_neighbors=n_neighbors,\n contamination=contamination,\n)\nac = AuditCommand(\n n_neighbors=n_neighbors,\n contamination=contamination,\n ignore_user_names=ignore_user_names,\n)\n\nmodel = Mimizuku()\nmodel.add_rule(fsn)\nmodel.add_rule(ac)\n\n# Train the model with a log file or DataFrame\nmodel.fit(\"./training.json\")\n\n# Save the trained model\nmodel.save_model(\"./models\")\n\n# Load the model and use it for prediction\nloaded_model = Mimizuku.load_model(\"./models\")\nanomalies_df = loaded_model.predict(\"./test.json\")\n\n# Display detected anomalies\nprint(\"Detected anomalies:\")\nprint(anomalies_df)\n```\n\n## Customization Options\n\n### Parameters for Model Initialization:\n- **`n_neighbors`**: Number of neighbors to use for the Local Outlier Factor algorithm.\n- **`contamination`**: Proportion of the dataset that is expected to be anomalous.\n\n### Model Persistence:\n- **`save_model(model_path)`**: Saves the trained model and vectorizer to a specified path.\n- **`load_model(model_path)`**: Loads a saved model and applies ignore lists during prediction.\n\n## Example Log Format\n\nThe input data for the model is expected to be in JSON format, following the Wazuh alert structure. Below is an example of a Wazuh alert log entry that Mimizuku can process:\n\n```json\n{\n \"syscheck\": {\n \"path\": \"/etc/passwd\",\n \"event\": \"modified\",\n \"audit\": {\n \"effective_user\": {\n \"name\": \"root\"\n }\n }\n },\n \"agent\": {\n \"name\": \"my-hostname\"\n },\n \"rule\": {\n \"id\": \"550\",\n \"level\": 7\n }\n}\n```\n\n## License\n\nMimizuku is licensed under the MIT License.\n",
"bugtrack_url": null,
"license": null,
"summary": "A package for anomaly detection using Isolation Forest for Wazuh Alerts",
"version": "0.2.34",
"project_urls": {
"Homepage": "https://github.com/pyama86/mimizuku"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e2c35bcf47b90e87bcf7824e560624b8bbdc9f1de5964993427abe6efd2b66bb",
"md5": "f591a2baaa9838755beb58e6d3afd027",
"sha256": "b768576fe5298b06c339ab780d7fe3c905c21577fc324c017482d544345fee1d"
},
"downloads": -1,
"filename": "mimizuku-0.2.34-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f591a2baaa9838755beb58e6d3afd027",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 8046,
"upload_time": "2024-09-13T07:10:31",
"upload_time_iso_8601": "2024-09-13T07:10:31.755255Z",
"url": "https://files.pythonhosted.org/packages/e2/c3/5bcf47b90e87bcf7824e560624b8bbdc9f1de5964993427abe6efd2b66bb/mimizuku-0.2.34-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e34f81506bf63e56778b6ce4f4c7eb2c6ae0388d94fb5d738f6c8a2eee46980c",
"md5": "2ee66eb09522e7baa96ea05ae38b957a",
"sha256": "50321cbc8d42abb5fd66347f50ece3b278623fb9c202cc7c70d686df6bada711"
},
"downloads": -1,
"filename": "mimizuku-0.2.34.tar.gz",
"has_sig": false,
"md5_digest": "2ee66eb09522e7baa96ea05ae38b957a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 7165,
"upload_time": "2024-09-13T07:10:33",
"upload_time_iso_8601": "2024-09-13T07:10:33.345413Z",
"url": "https://files.pythonhosted.org/packages/e3/4f/81506bf63e56778b6ce4f4c7eb2c6ae0388d94fb5d738f6c8a2eee46980c/mimizuku-0.2.34.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-13 07:10:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pyama86",
"github_project": "mimizuku",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "mimizuku"
}
