gulp-cli 1.0.4__tar.gz → 1.0.5__tar.gz

{gulp_cli-1.0.4/src/gulp_cli.egg-info → gulp_cli-1.0.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gulp-cli
-Version: 1.0.4
+Version: 1.0.5
 Summary: Command-line client for gULP
 Author-email: Mentat <info@mentat.is>
 Requires-Python: >=3.12
@@ -23,7 +23,7 @@ Requires-Dist: gulp-sdk
 - 👥 **User Management** — create users, manage permissions (admin only)
 - 📋 **Operations** — create/list/manage operations and contexts
 - 🔌 **Plugins** — list/upload/download plugins and mapping files
-- 🗺️ **Enhance Maps** — map `gulp.event_code` to glyph/color per plugin
+- 🗺️ **Enhance Maps** — map document fields (e.g., `gulp.event_code`) to glyph/color per plugin
 - 🖼️ **Glyphs** — create/list/update/delete custom glyphs
 - 🧩 **Dynamic Extensions** — load custom CLI commands from internal or user extension folders
 - 📊 **Stats** — monitor ingestion and query requests

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/README.md

@@ -11,7 +11,7 @@
 - 👥 **User Management** — create users, manage permissions (admin only)
 - 📋 **Operations** — create/list/manage operations and contexts
 - 🔌 **Plugins** — list/upload/download plugins and mapping files
-- 🗺️ **Enhance Maps** — map `gulp.event_code` to glyph/color per plugin
+- 🗺️ **Enhance Maps** — map document fields (e.g., `gulp.event_code`) to glyph/color per plugin
 - 🖼️ **Glyphs** — create/list/update/delete custom glyphs
 - 🧩 **Dynamic Extensions** — load custom CLI commands from internal or user extension folders
 - 📊 **Stats** — monitor ingestion and query requests

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/docs/command-reference.md

@@ -2116,12 +2116,23 @@ gulp-cli mapping delete FILENAME [OPTIONS]
 
 ## Enhance Map Management (`enhance-map`)
 
-Map `gulp.event_code` values per plugin to a glyph and/or color used by the UI.
+Map document field criteria per plugin to a glyph and/or color used by the UI. Criteria can be simple values for exact matches or operator dicts for numeric comparisons.
 
 #### `enhance-map create`
 
 ```bash
-gulp-cli enhance-map create GULP_EVENT_CODE PLUGIN [--glyph-id GLYPH_ID] [--color COLOR]
+gulp-cli enhance-map create PLUGIN MATCH_CRITERIA [--glyph-id GLYPH_ID] [--color COLOR]
+```
+
+Where `MATCH_CRITERIA` is a JSON dict mapping document field names to criteria values:
+- Simple values for exact match: `'{"field":"value"}'`
+- Operator dicts for numeric comparisons: `'{"field":{"eq":value}}'`, `'{"field":{"gte":min,"lte":max}}'`
+- Multiple criteria (all must match): `'{"field1":"value","field2":{"gte":10}}'`
+
+Examples:
+```bash
+gulp-cli enhance-map create win_evtx '{"gulp.event_code":{"eq":4624}}' --glyph-id logon_glyph
+gulp-cli enhance-map create win_evtx '{"severity":{"gte":7,"lte":10}}' --color "#ff0000"
 ```
 
 #### `enhance-map update`

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/docs/examples.md

@@ -132,6 +132,10 @@ gulp-cli ingest file incident-001 win_evtx /path/to/System.evtx
 
 # Optional: delete and recreate operation before ingestion
 gulp-cli ingest file incident-001 win_evtx /path/to/System.evtx --reset-operation
+
+# pass GulpPluginParameters to specify a mapping file for a pcap ingestion
+gulp-cli ingest file test_operation pcap ./ultimate_wireshark_protocols_pcap_220213.p
+cap --plugin-params '{ "mapping_parameters": { "mapping_file": "pcap.json" } }' --reset-operation --wait
 ```
 
 ### Bulk File Ingestion with Wildcard

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/docs/resource-management.md

@@ -305,7 +305,7 @@ gulp mapping delete my_mapping.json
 
 ## Enhance Document Map Management
 
-Enhance document maps let you bind a plugin-specific `gulp.event_code` to a visual style (`glyph_id` and/or `color`).
+Enhance document maps let you map a set of document field criteria within a plugin to a visual style (`glyph_id` and/or `color`). Criteria can be simple values for exact matches or operator dicts for numeric ranges.
 
 ### List Enhance Maps
 
@@ -315,21 +315,33 @@ gulp-cli enhance-map list
 # Filter by plugin
 gulp-cli enhance-map list --flt '{"plugin":"win_evtx"}'
 
-# Filter by event code (as string)
-gulp-cli enhance-map list --flt '{"gulp_event_code":"4624"}'
+# Filter by match_criteria pattern
+gulp-cli enhance-map list --flt '{"match_criteria":{"gulp.event_code":{"eq":4624}}}'
 ```
 
 ### Create Enhance Map
 
+Criteria values can be simple values for exact match or operator dicts:
+- `"eq"`: exact equality
+- `"gte"`: greater than or equal
+- `"lte"`: less than or equal
+- Operators can be combined for ranges
+
 ```bash
-# Map Windows logon event to a glyph
-gulp-cli enhance-map create 4624 win_evtx --glyph-id glyph_logon
+# Map event code to a glyph (exact match)
+gulp-cli enhance-map create win_evtx '{"gulp.event_code":{"eq":4624}}' --glyph-id glyph_logon
 
 # Map event to color only
-gulp-cli enhance-map create 4625 win_evtx --color "#ff3300"
+gulp-cli enhance-map create win_evtx '{"gulp.event_code":{"eq":4625}}' --color "#ff3300"
+
+# Map using numeric range
+gulp-cli enhance-map create win_evtx '{"severity_level":{"gte":7,"lte":10}}' --color "#ffaa00"
+
+# Map with multiple criteria (all must match)
+gulp-cli enhance-map create win_evtx '{"gulp.event_code":{"eq":4688},"status":"active"}' --glyph-id glyph_process
 
-# Map event to both glyph and color
-gulp-cli enhance-map create 4688 win_evtx --glyph-id glyph_process --color "#ffaa00"
+# Mix operators and simple values
+gulp-cli enhance-map create win_evtx '{"event_id":{"eq":4624},"provider":"Security-Auditing"}' --color "#00ff00"
 ```
 
 ### Update/Get/Delete Enhance Map

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/src/gulp_cli/_version.py

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
 
-__version__ = version = '1.0.4'
-__version_tuple__ = version_tuple = (1, 0, 4)
+__version__ = version = '1.0.5'
+__version_tuple__ = version_tuple = (1, 0, 5)
 
-__commit_id__ = commit_id = 'g769890cb0'
+__commit_id__ = commit_id = 'g99de7be1e'

{gulp_cli-1.0.4 → gulp_cli-1.0.5}/src/gulp_cli/commands/enhance_map.py

@@ -13,21 +13,23 @@ app = typer.Typer(help="Enhance document map management")
 
 @app.command("create")
 def enhance_map_create(
-    gulp_event_code: int = typer.Argument(..., help="gulp.event_code to map"),
     plugin: str = typer.Argument(..., help="Plugin name"),
+    match_criteria: str = typer.Argument(..., help="JSON dict mapping document fields to criteria values (e.g., '{\"gulp.event_code\": {\"eq\": 4624}}'). Values can be simple values for exact match or operator dicts with 'eq', 'gte', 'lte' keys."),
     glyph_id: str | None = typer.Option(None, "--glyph-id", help="Glyph ID to map"),
     color: str | None = typer.Option(None, "--color", help="Color to map (e.g. #ff0000)"),
 ) -> None:
-    """Create an enhance map entry for plugin+event code."""
+    """Create an enhance map entry for plugin + match criteria."""
 
     async def _run() -> None:
         if glyph_id is None and color is None:
             raise typer.BadParameter("At least one of --glyph-id or --color must be provided")
 
+        criteria_dict = parse_json_option(match_criteria, field_name="match_criteria")
+        
         async with get_client() as client:
             data = await client.plugins.enhance_map_create(
-                gulp_event_code=gulp_event_code,
                 plugin=plugin,
+                match_criteria=criteria_dict,
                 glyph_id=glyph_id,
                 color=color,
             )

{gulp_cli-1.0.4 → gulp_cli-1.0.5/src/gulp_cli.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gulp-cli
-Version: 1.0.4
+Version: 1.0.5
 Summary: Command-line client for gULP
 Author-email: Mentat <info@mentat.is>
 Requires-Python: >=3.12
@@ -23,7 +23,7 @@ Requires-Dist: gulp-sdk
 - 👥 **User Management** — create users, manage permissions (admin only)
 - 📋 **Operations** — create/list/manage operations and contexts
 - 🔌 **Plugins** — list/upload/download plugins and mapping files
-- 🗺️ **Enhance Maps** — map `gulp.event_code` to glyph/color per plugin
+- 🗺️ **Enhance Maps** — map document fields (e.g., `gulp.event_code`) to glyph/color per plugin
 - 🖼️ **Glyphs** — create/list/update/delete custom glyphs
 - 🧩 **Dynamic Extensions** — load custom CLI commands from internal or user extension folders
 - 📊 **Stats** — monitor ingestion and query requests