NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit716329e

committed

Merge branch 'refs/heads/prod' into gis-8085

# Conflicts:#app/translator/core/exceptions/core.py

1 parent8f1d145 commit716329eCopy full SHA for 716329e

File tree

5 files changed

+15

-6

lines changed

uncoder-core/app/translator
- core
  - exceptions
    - core.py
  - render.py
- mappings/platforms
  - palo_alto_cortex
    - default.yml
  - qradar
    - default.yml
- platforms/palo_alto/renders
  - cortex_xsiam.py

5 files changed

+15

-6

lines changed

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,12 @@`
`1`	`1`	`fromtypingimportOptional`
`2`	`2`
`3`	`3`
`4`		`-classNotImplementedException(BaseException): ...`
	`4`	`+classNotImplementedException(BaseException):`
	`5`	`+ ...`
`5`	`6`
`6`	`7`
`7`		`-classBasePlatformException(BaseException): ...`
	`8`	`+classBasePlatformException(BaseException):`
	`9`	`+ ...`
`8`	`10`
`9`	`11`
`10`	`12`	`classStrictPlatformException(BasePlatformException):`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,7 @@ class PlatformQueryRender(QueryRender):`
`197`	`197`	`not_token="not"`
`198`	`198`
`199`	`199`	`group_token="(%s)"`
	`200`	`+query_parts_delimiter=" "`
`200`	`201`
`201`	`202`	`field_value_map=BaseQueryFieldValue(or_token=or_token)`
`202`	`203`
`@@ -292,6 +293,10 @@ def wrap_query_with_meta_info(self, meta_info: MetaInfoContainer, query: str) ->`
`292`	`293`	`def_finalize_search_query(query:str)->str:`
`293`	`294`	`returnquery`
`294`	`295`
	`296`	`+def_join_query_parts(self,prefix:str,query:str,functions:str)->str:`
	`297`	`+parts=filter(lambdas:bool(s),map(str.strip, [prefix,self._finalize_search_query(query),functions]))`
	`298`	`+returnself.query_parts_delimiter.join(parts)`
	`299`	`+`
`295`	`300`	`deffinalize_query(`
`296`	`301`	`self,`
`297`	`302`	`prefix:str,`
`@@ -303,8 +308,7 @@ def finalize_query(`
`303`	`308`	`*args,# noqa: ARG002`
`304`	`309`	`**kwargs,# noqa: ARG002`
`305`	`310`	`)->str:`
`306`		`-parts=filter(lambdas:bool(s),map(str.strip, [prefix,self._finalize_search_query(query),functions]))`
`307`		`-query=" ".join(parts)`
	`311`	`+query=self._join_query_parts(prefix,query,functions)`
`308`	`312`	`query=self.wrap_query_with_meta_info(meta_info=meta_info,query=query)`
`309`	`313`	`ifnot_supported_functions:`
`310`	`314`	`rendered_not_supported=self.render_not_supported_functions(not_supported_functions)`
`@@ -391,7 +395,7 @@ def _generate_from_tokenized_query_container(self, query_container: TokenizedQue`
`391`	`395`	`defined_raw_log_fields=self.generate_raw_log_fields(`
`392`	`396`	`fields=query_container.meta_info.query_fields,source_mapping=source_mapping`
`393`	`397`	`)`
`394`		`-prefix+=f"\n{defined_raw_log_fields}\n"`
	`398`	`+prefix+=f"\n{defined_raw_log_fields}"`
`395`	`399`	`result=self.generate_query(tokens=query_container.tokens,source_mapping=source_mapping)`
`396`	`400`	`exceptStrictPlatformExceptionaserr:`
`397`	`401`	`errors.append(err)`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -125,3 +125,4 @@ field_mapping:`
`125`	`125`	`SourceOS:xdm.source.host.os`
`126`	`126`	`DestinationOS:xdm.target.host.os`
`127`	`127`	`url_category:xdm.network.http.url_category`
	`128`	`+EventSeverity:xdm.alert.severity`

`‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -64,4 +64,5 @@ field_mapping:`
`64`	`64`	`DestinationOS:DestinationOS`
`65`	`65`	`TargetUserName:DestinationUserName`
`66`	`66`	`SourceUserName:SourceUserName`
`67`		`-url_category:XForceCategoryByURL`
	`67`	`+url_category:XForceCategoryByURL`
	`68`	`+EventSeverity:EventSeverity`

`‎uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -147,6 +147,7 @@ class CortexXQLQueryRender(PlatformQueryRender):`
`147`	`147`	`or_token="or"`
`148`	`148`	`and_token="and"`
`149`	`149`	`not_token="not"`
	`150`	`+query_parts_delimiter="\n"`
`150`	`151`
`151`	`152`	`field_value_map=CortexXQLFieldValue(or_token=or_token)`
`152`	`153`	`comment_symbol="//"`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit716329e

File tree

5 files changed

5 files changed

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

`‎uncoder-core/app/translator/core/render.py‎`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎`

`‎uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py‎`

0 commit comments