NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit594d3c5

committed

Merge branch 'main' into gis-8556

2 parentsbdf940f +bf008fe commit594d3c5Copy full SHA for 594d3c5

File tree

83 files changed

+993

-392

lines changed

uncoder-core
- app/translator
  - const.py
  - core
    - exceptions
      - core.py
    - mapping.py
    - parser.py
    - render.py
    - str_value_manager.py
  - mappings/platforms
  - platforms
    - anomali
      - __init__.py
      - const.py
      - mapping.py
      - renders
        __init__.py
        anomali.py
    - base
      - aql
        mapping.py
        parsers
        aql.py
        str_value_manager.py
      - sql
        escape_manager.py
        str_value_manager.py
    - elasticsearch/renders
      - esql.py
    - palo_alto
      - __init__.py
      - const.py
      - functions
        __init__.py
        const.py
        manager.py
      - mapping.py
      - renders
        base.py
        cortex_xdr.py
        cortex_xsiam.py
    - sigma
      - mapping.py
      - parsers
        sigma.py
      - str_value_manager.py
  - translator.py
- requirements.txt
uncoder-os
- Dockerfile
- package.json
- src/pages/UncoderEditor
  - UncoderEditor.sass

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

83 files changed

+993

-392

lines changed

`‎uncoder-core/app/translator/const.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,4 @@`
`9`	`9`
`10`	`10`	`CTI_IOCS_PER_QUERY_LIMIT=25`
`11`	`11`
`12`		`-DEFAULT_VALUE_TYPE=Union[int,str,StrValue,list[Union[int,str,StrValue]]]`
	`12`	`+DEFAULT_VALUE_TYPE=Union[bool,int,str,StrValue,list[Union[int,str,StrValue]]]`

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,12 @@ def __init__(self, platform_name: str, fields: list[str], mapping: Optional[str]`
`17`	`17`	`super().__init__(message)`
`18`	`18`
`19`	`19`
	`20`	`+classUnsupportedMappingsException(BasePlatformException):`
	`21`	`+def__init__(self,platform_name:str,mappings:list[str]):`
	`22`	`+message=f"Platform{platform_name} does not support these mappings:{mappings}."`
	`23`	`+super().__init__(message)`
	`24`	`+`
	`25`	`+`
`20`	`26`	`classStrictPlatformFieldException(BasePlatformException):`
`21`	`27`	`def__init__(self,platform_name:str,field_name:str):`
`22`	`28`	message=f"Source field `{field_name}` has no mapping for platform{platform_name}."

`‎uncoder-core/app/translator/core/mapping.py‎`

Lines changed: 29 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`fromabcimportABC,abstractmethod`
`4`	`4`	`fromtypingimportTYPE_CHECKING,Optional,TypeVar,Union`
`5`	`5`
`6`		`-fromapp.translator.core.exceptions.coreimportStrictPlatformException`
	`6`	`+fromapp.translator.core.exceptions.coreimportStrictPlatformException,UnsupportedMappingsException`
`7`	`7`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`8`	`8`	`fromapp.translator.mappings.utils.load_from_filesimportLoaderFileMappings`
`9`	`9`
`@@ -116,7 +116,7 @@ def prepare_mapping(self) -> dict[str, SourceMapping]:`
`116`	`116`	`default_mapping=SourceMapping(source_id=DEFAULT_MAPPING_NAME)`
`117`	`117`	`formapping_dictinself._loader.load_platform_mappings(self._platform_dir):`
`118`	`118`	`log_source_signature=self.prepare_log_source_signature(mapping=mapping_dict)`
`119`		`-if (source_id:=mapping_dict.get("source"))==DEFAULT_MAPPING_NAME:`
	`119`	`+if (source_id:=mapping_dict["source"])==DEFAULT_MAPPING_NAME:`
`120`	`120`	`default_mapping.log_source_signature=log_source_signature`
`121`	`121`	`ifself.skip_load_default_mappings:`
`122`	`122`	`continue`
`@@ -152,7 +152,7 @@ def prepare_fields_mapping(field_mapping: dict) -> FieldsMapping:`
`152`	`152`	`defprepare_log_source_signature(self,mapping:dict)->LogSourceSignature:`
`153`	`153`	`raiseNotImplementedError("Abstract method")`
`154`	`154`
`155`		`-defget_suitable_source_mappings(`
	`155`	`+defget_source_mappings_by_fields_and_log_sources(`
`156`	`156`	`self,field_names:list[str],log_sources:dict[str,list[Union[int,str]]]`
`157`	`157`	`)->list[SourceMapping]:`
`158`	`158`	`by_log_sources_and_fields= []`
`@@ -170,6 +170,17 @@ def get_suitable_source_mappings(`
`170`	`170`
`171`	`171`	`returnby_log_sources_and_fieldsorby_fieldsor [self._source_mappings[DEFAULT_MAPPING_NAME]]`
`172`	`172`
	`173`	`+defget_source_mappings_by_ids(self,source_mapping_ids:list[str])->list[SourceMapping]:`
	`174`	`+source_mappings= []`
	`175`	`+forsource_mapping_idinsource_mapping_ids:`
	`176`	`+ifsource_mapping:=self.get_source_mapping(source_mapping_id):`
	`177`	`+source_mappings.append(source_mapping)`
	`178`	`+`
	`179`	`+ifnotsource_mappings:`
	`180`	`+source_mappings= [self.get_source_mapping(DEFAULT_MAPPING_NAME)]`
	`181`	`+`
	`182`	`+returnsource_mappings`
	`183`	`+`
`173`	`184`	`defget_source_mapping(self,source_id:str)->Optional[SourceMapping]:`
`174`	`185`	`returnself._source_mappings.get(source_id)`
`175`	`186`
`@@ -218,3 +229,18 @@ def prepare_mapping(self) -> dict[str, SourceMapping]:`
`218`	`229`	`)`
`219`	`230`
`220`	`231`	`returnsource_mappings`
	`232`	`+`
	`233`	`+`
	`234`	`+classBaseStrictLogSourcesPlatformMappings(ABC,BasePlatformMappings):`
	`235`	`+defget_source_mappings_by_ids(self,source_mapping_ids:list[str])->list[SourceMapping]:`
	`236`	`+source_mappings= []`
	`237`	`+forsource_mapping_idinsource_mapping_ids:`
	`238`	`+ifsource_mapping_id==DEFAULT_MAPPING_NAME:`
	`239`	`+continue`
	`240`	`+ifsource_mapping:=self.get_source_mapping(source_mapping_id):`
	`241`	`+source_mappings.append(source_mapping)`
	`242`	`+`
	`243`	`+ifnotsource_mappings:`
	`244`	`+raiseUnsupportedMappingsException(platform_name=self.details.name,mappings=source_mapping_ids)`
	`245`	`+`
	`246`	`+returnsource_mappings`

`‎uncoder-core/app/translator/core/parser.py‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,8 @@ def get_source_mappings(`
`80`	`80`	`self,field_tokens:list[Field],log_sources:dict[str,list[Union[int,str]]]`
`81`	`81`	`)->list[SourceMapping]:`
`82`	`82`	`field_names= [field.source_nameforfieldinfield_tokens]`
`83`		`-source_mappings=self.mappings.get_suitable_source_mappings(field_names=field_names,log_sources=log_sources)`
	`83`	`+source_mappings=self.mappings.get_source_mappings_by_fields_and_log_sources(`
	`84`	`+field_names=field_names,log_sources=log_sources`
	`85`	`+ )`
`84`	`86`	`self.tokenizer.set_field_tokens_generic_names_map(field_tokens,source_mappings,self.mappings.default_mapping)`
`85`	`87`	`returnsource_mappings`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 3 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@`
`31`	`31`	`fromapp.translator.core.exceptions.parserimportUnsupportedOperatorException`
`32`	`32`	`fromapp.translator.core.exceptions.renderimportUnsupportedRenderMethod`
`33`	`33`	`fromapp.translator.core.functionsimportPlatformFunctions`
`34`		`-fromapp.translator.core.mappingimportDEFAULT_MAPPING_NAME,BasePlatformMappings,LogSourceSignature,SourceMapping`
	`34`	`+fromapp.translator.core.mappingimportBasePlatformMappings,LogSourceSignature,SourceMapping`
`35`	`35`	`fromapp.translator.core.models.functions.baseimportFunction,RenderedFunctions`
`36`	`36`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`37`	`37`	`fromapp.translator.core.models.query_containerimportMetaInfoContainer,RawQueryContainer,TokenizedQueryContainer`
`@@ -90,7 +90,7 @@ def _map_bool_value(value: bool) -> str:`
`90`	`90`	`def_pre_process_value(`
`91`	`91`	`self,`
`92`	`92`	`field:str,`
`93`		`-value:Union[int,str,StrValue],`
	`93`	`+value:Union[bool,int,str,StrValue],`
`94`	`94`	`value_type:str=ValueType.value,`
`95`	`95`	`wrap_str:bool=False,`
`96`	`96`	`wrap_int:bool=False,`
`@@ -384,17 +384,6 @@ def finalize(self, queries_map: dict[str, str]) -> str:`
`384`	`384`
`385`	`385`	`returnresult`
`386`	`386`
`387`		`-def_get_source_mappings(self,source_mapping_ids:list[str])->Optional[list[SourceMapping]]:`
`388`		`-source_mappings= []`
`389`		`-forsource_mapping_idinsource_mapping_ids:`
`390`		`-ifsource_mapping:=self.mappings.get_source_mapping(source_mapping_id):`
`391`		`-source_mappings.append(source_mapping)`
`392`		`-`
`393`		`-ifnotsource_mappings:`
`394`		`-source_mappings= [self.mappings.get_source_mapping(DEFAULT_MAPPING_NAME)]`
`395`		`-`
`396`		`-returnsource_mappings`
`397`		`-`
`398`	`387`	`defgenerate_from_raw_query_container(self,query_container:RawQueryContainer)->str:`
`399`	`388`	`returnself.finalize_query(`
`400`	`389`	`prefix="",query=query_container.query,functions="",meta_info=query_container.meta_info`
`@@ -464,7 +453,7 @@ def _generate_from_tokenized_query_container_by_source_mapping(`
`464`	`453`	`defgenerate_from_tokenized_query_container(self,query_container:TokenizedQueryContainer)->str:`
`465`	`454`	`queries_map= {}`
`466`	`455`	`errors= []`
`467`		`-source_mappings=self._get_source_mappings(query_container.meta_info.source_mapping_ids)`
	`456`	`+source_mappings=self.mappings.get_source_mappings_by_ids(query_container.meta_info.source_mapping_ids)`
`468`	`457`
`469`	`458`	`forsource_mappinginsource_mappings:`
`470`	`459`	`try:`

`‎uncoder-core/app/translator/core/str_value_manager.py‎`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,25 @@ def has_spec_symbols(self) -> bool:`
`130`	`130`	`returnany(isinstance(el,BaseSpecSymbol)forelinself.split_value)`
`131`	`131`
`132`	`132`
	`133`	`+RE_STR_SPEC_SYMBOLS_MAP= {`
	`134`	`+"?":ReZeroOrOneQuantifier,`
	`135`	`+"*":ReZeroOrMoreQuantifier,`
	`136`	`+"+":ReOneOrMoreQuantifier,`
	`137`	`+"^":ReCaretSymbol,`
	`138`	`+"$":ReEndOfStrSymbol,`
	`139`	`+".":ReAnySymbol,`
	`140`	`+"[":ReLeftSquareBracket,`
	`141`	`+"]":ReRightSquareBracket,`
	`142`	`+"(":ReLeftParenthesis,`
	`143`	`+")":ReRightParenthesis,`
	`144`	`+"{":ReLeftCurlyBracket,`
	`145`	`+"}":ReRightCurlyBracket,`
	`146`	`+"\|":ReOrOperator,`
	`147`	`+",":ReCommaSymbol,`
	`148`	`+"-":ReHyphenSymbol,`
	`149`	`+}`
	`150`	`+`
	`151`	`+`
`133`	`152`	`CONTAINER_SPEC_SYMBOLS_MAP= {`
`134`	`153`	`SingleSymbolWildCard:"?",`
`135`	`154`	`UnboundLenWildCard:"*",`

`‎uncoder-core/app/translator/mappings/platforms/anomali/common.yml‎`

Lines changed: 31 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,31 @@`
	`1`	`+platform:Anomali`
	`2`	`+description:Common field mapping`
	`3`	`+`
	`4`	`+field_mapping:`
	`5`	`+c-uri-query:url`
	`6`	`+c-useragent:user_agent`
	`7`	`+CommandLine:command_line`
	`8`	`+DestinationHostname:dest`
	`9`	`+DestinationIp:dest_ip`
	`10`	`+DestinationPort:dest_port`
	`11`	`+Details:reg_value_data`
	`12`	`+dst_ip:dest_ip`
	`13`	`+dst_port:dest_port`
	`14`	`+EventID:event_id`
	`15`	`+EventName:event_name`
	`16`	`+FileName:file_name`
	`17`	`+FilePath:file_path`
	`18`	`+Image:image`
	`19`	`+NewProcessName:image`
	`20`	`+OriginalFileName:original_file_name`
	`21`	`+ParentCommandLine:parent_command_line`
	`22`	`+ParentImage:parent_image`
	`23`	`+ParentProcessID:parent_process_id`
	`24`	`+Platform:platform`
	`25`	`+ProcessCommandLine:command_line`
	`26`	`+ProcessID:process_id`
	`27`	`+SourceImage:parent_image`
	`28`	`+SourcePort:src_port`
	`29`	`+TargetFilename:file_name`
	`30`	`+TargetObject:reg_key`
	`31`	`+UserAgent:user_agent`

`‎uncoder-core/app/translator/mappings/platforms/anomali/default.yml‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+platform:Anomali`
	`2`	`+source:default`
	`3`	`+`
	`4`	`+`
	`5`	`+default_log_source:{}`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex_xdr/default.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,6 @@`
	`1`	`+platform:Palo Alto Cortex XDR`
	`2`	`+source:default`
	`3`	`+`
	`4`	`+`
	`5`	`+default_log_source:`
	`6`	`+datamodel:datamodel`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/linux_file_event.yml‎renamed to ‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex_xdr/linux_file_event.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-platform:Palo AltoXSIAM`
	`1`	`+platform:Palo AltoCortex XDR`
`2`	`2`	`source:linux_file_event`
`3`	`3`
`4`	`4`	`log_source:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit594d3c5

File tree

83 files changed

Some content is hidden

83 files changed

`‎uncoder-core/app/translator/const.py‎`

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

`‎uncoder-core/app/translator/core/mapping.py‎`

`‎uncoder-core/app/translator/core/parser.py‎`

`‎uncoder-core/app/translator/core/render.py‎`

`‎uncoder-core/app/translator/core/str_value_manager.py‎`

`‎uncoder-core/app/translator/mappings/platforms/anomali/common.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/anomali/default.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex_xdr/default.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/linux_file_event.yml‎renamed to ‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex_xdr/linux_file_event.yml‎`

0 commit comments