-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.py
More file actions
53 lines (41 loc) · 1.49 KB
/
main.py
File metadata and controls
53 lines (41 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/env python3
"""
CLI entrypoint for the Telemetry Normalization Pipeline.
Usage:
python main.py --input samples/sysmon_sample.json
python main.py --input samples/cloudtrail_sample.json --output output.json
python main.py --input samples/sysmon_sample.json --pretty
"""
import argparse
import json
import sys
import os
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
from src.pipeline import TelemetryPipeline
def main():
parser = argparse.ArgumentParser(
description="Normalize Sysmon/CloudTrail logs into OCSF schema"
)
parser.add_argument("--input", "-i", required=True, help="Path to input JSON/NDJSON file")
parser.add_argument("--output", "-o", help="Path to output file (default: stdout)")
parser.add_argument("--pretty", action="store_true", help="Pretty print output")
args = parser.parse_args()
pipeline = TelemetryPipeline()
normalized, failed = pipeline.process_file(args.input)
indent = 2 if args.pretty else None
output = json.dumps(
[e.to_dict() for e in normalized],
indent=indent,
default=str
)
if args.output:
with open(args.output, "w") as f:
f.write(output)
print(f"✓ Wrote {len(normalized)} normalized events to {args.output}")
if failed:
print(f"⚠ {len(failed)} events failed normalization")
else:
print(output)
print(f"\nStats: {pipeline.stats}", file=sys.stderr)
if __name__ == "__main__":
main()