Skip to content
/ defender_schemas_to_kustainer Public

Python script that maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KapiteinKrapBijKas/defender_schemas_to_kustainer

BranchesTags

Repository files navigation

demo

Defender XDR schemas to Kustainer

Python script that maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance by parsing the open source Microsoft documentation. These schemas will be created as tables in the AdvancedHunting database.

Requirements

  • uv
  • docker compose

Clone repository

Clone this repository including submodules:

git clone --recurse-submodules https://github.com/KapiteinKrapBijKas/defender_schemas_to_kustainer

Start kustainer

You can use docker compose to start a persistent Kustainer instance. The persistent data will be mapped to the kustodata directory in the root of this project:

docker compose up -d

Create venv and install dependencies

uv sync

Run script

uv run main.py

List created tables

curl -X post -H 'Content-Type: application/json' -d '{"db": "AdvancedHunting", "csl":".show tables"}' http://localhost:8080/v1/rest/mgmt | jq

Query sample data

curl -X post -H 'Content-Type: application/json' -d '{"db": "AdvancedHunting", "csl":"EmailUrlInfo | take 1"}' http://localhost:8080/v2/rest/query | jq

About

Python script that maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages