Python Engine

class eql.PythonEngine(config=None)[source]

Converter from EQL to Python callbacks.

add_custom_function(name, func)[source]

Load a python function into the EQL engine.

add_output_hook(f)[source]

Register a callback to receive events as they are output from the engine.

add_query(query)[source]

Convert an analytic and load into the engine.

add_queries(queries)[source]

Add multiple queries to the engine.

add_analytic(analytic)[source]

Convert an analytic and load into the engine.

add_analytics(analytics)

Add multiple analytics to the engine.

finalize()[source]

Send the engine an EOF signal, so that aggregating pipes can finish.

stream_event(event)[source]

Stream a single Event through the engine.

stream_events(events, finalize=True)[source]

Stream Event objects through the engine.