Parsers
Introduction to Parsers
Learn how SandsBytes uses Python scripts to convert raw triage packages into structured data.
What is a Parser?
In SandsBytes, a Parser is a Python script used to process specific files based on predefined criteria. Its primary goal is to convert triage package files (raw artifacts or scanning results) into a structured and searchable format.
Parser File Structure
To create a custom parser, organize your files into a dedicated folder with the following structure:
| File/Folder | Description |
|---|---|
__init__.py | An empty file to treat the folder as a Python module. |
interface.py | The main execution file called during processing. |
ecs_mapper.yaml | YAML configuration for the Elastic Common Schema (ECS) for normalization. |
requirements.txt | Python dependencies required by your parser. |
icon.png | An image representing the parser in the UI. |
configuration.json | (Auto-generated) Stores metadata for parser imports. |
venv/ | (Auto-generated) The virtual environment for your parser's libraries. |