NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit8d06469

authored

Merge pull request#192 from UncoderIO/gis-8502

Gis 8502

2 parents3f24987 +9a8bdba commit8d06469Copy full SHA for 8d06469

File tree

6 files changed

+94

-5

lines changed

uncoder-core/app/translator
- core
  - exceptions
    - core.py
  - mixins
    - rule.py
  - models
    - query_container.py
- platforms/elasticsearch
  - __init__.py
  - const.py
  - parsers
    - detection_rule.py

6 files changed

+94

-5

lines changed

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -84,5 +84,9 @@ class InvalidJSONStructure(InvalidRuleStructure):`
`84`	`84`	`rule_type:str="JSON"`
`85`	`85`
`86`	`86`
	`87`	`+classInvalidTOMLStructure(InvalidRuleStructure):`
	`88`	`+rule_type:str="TOML"`
	`89`	`+`
	`90`	`+`
`87`	`91`	`classInvalidXMLStructure(InvalidRuleStructure):`
`88`	`92`	`rule_type:str="XML"`

`‎uncoder-core/app/translator/core/mixins/rule.py‎`

Lines changed: 18 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,16 @@`
`1`	`1`	`importjson`
`2`	`2`	`fromtypingimportUnion`
`3`	`3`
	`4`	`+importtoml`
`4`	`5`	`importxmltodict`
`5`	`6`	`importyaml`
`6`	`7`
`7`		`-fromapp.translator.core.exceptions.coreimportInvalidJSONStructure,InvalidXMLStructure,InvalidYamlStructure`
	`8`	`+fromapp.translator.core.exceptions.coreimport (`
	`9`	`+InvalidJSONStructure,`
	`10`	`+InvalidTOMLStructure,`
	`11`	`+InvalidXMLStructure,`
	`12`	`+InvalidYamlStructure,`
	`13`	`+)`
`8`	`14`	`fromapp.translator.core.mitreimportMitreConfig,MitreInfoContainer`
`9`	`15`
`10`	`16`
`@@ -50,3 +56,14 @@ def load_rule(text: Union[str, bytes]) -> dict:`
`50`	`56`	`returnxmltodict.parse(text)`
`51`	`57`	`exceptExceptionaserr:`
`52`	`58`	`raiseInvalidXMLStructure(error=str(err))fromerr`
	`59`	`+`
	`60`	`+`
	`61`	`+classTOMLRuleMixin:`
	`62`	`+mitre_config:MitreConfig=MitreConfig()`
	`63`	`+`
	`64`	`+@staticmethod`
	`65`	`+defload_rule(text:str)->dict:`
	`66`	`+try:`
	`67`	`+returntoml.loads(text)`
	`68`	`+excepttoml.TomlDecodeErroraserr:`
	`69`	`+raiseInvalidTOMLStructure(error=str(err))fromerr`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,18 +39,26 @@ def __init__(`
`39`	`39`	`trigger_threshold:Optional[str]=None,`
`40`	`40`	`query_frequency:Optional[str]=None,`
`41`	`41`	`query_period:Optional[str]=None,`
	`42`	`+from_:Optional[str]=None,`
	`43`	`+interval:Optional[str]=None,`
`42`	`44`	`)->None:`
`43`	`45`	`self.trigger_operator=trigger_operator`
`44`	`46`	`self.trigger_threshold=trigger_threshold`
`45`	`47`	`self.query_frequency=query_frequency`
`46`	`48`	`self.query_period=query_period`
	`49`	`+self.from_=from_`
	`50`	`+self.interval=interval`
`47`	`51`
`48`	`52`
`49`	`53`	`classMetaInfoContainer:`
`50`	`54`	`def__init__(`
`51`	`55`	`self,`
`52`	`56`	`*,`
`53`	`57`	`id_:Optional[str]=None,`
	`58`	`+index:Optional[list[str]]=None,`
	`59`	`+language:Optional[str]=None,`
	`60`	`+risk_score:Optional[int]=None,`
	`61`	`+type_:Optional[str]=None,`
`54`	`62`	`title:Optional[str]=None,`
`55`	`63`	`description:Optional[str]=None,`
`56`	`64`	`author:Optional[list[str]]=None,`
`@@ -73,6 +81,10 @@ def __init__(`
`73`	`81`	`)->None:`
`74`	`82`	`self.id=id_orstr(uuid.uuid4())`
`75`	`83`	`self.title=titleor""`
	`84`	`+self.index=indexor []`
	`85`	`+self.language=languageor""`
	`86`	`+self.risk_score=risk_score`
	`87`	`+self.type_=type_or""`
`76`	`88`	`self.description=descriptionor""`
`77`	`89`	`self.author= [v.strip()forvinauthor]ifauthorelse []`
`78`	`90`	`self.date=dateordatetime.now().date().strftime("%Y-%m-%d")`

`‎uncoder-core/app/translator/platforms/elasticsearch/init.py‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,7 @@`
`1`		`-fromapp.translator.platforms.elasticsearch.parsers.detection_ruleimportElasticSearchRuleParser# noqa: F401`
	`1`	`+fromapp.translator.platforms.elasticsearch.parsers.detection_ruleimport (`
	`2`	`+ElasticSearchRuleParser,# noqa: F401`
	`3`	`+ElasticSearchRuleTOMLParser,# noqa: F401`
	`4`	`+)`
`2`	`5`	`fromapp.translator.platforms.elasticsearch.parsers.elasticsearchimportElasticSearchQueryParser# noqa: F401`
`3`	`6`	`fromapp.translator.platforms.elasticsearch.renders.detection_ruleimportElasticSearchRuleRender# noqa: F401`
`4`	`7`	`fromapp.translator.platforms.elasticsearch.renders.elast_alertimportElastAlertRuleRender# noqa: F401`

`‎uncoder-core/app/translator/platforms/elasticsearch/const.py‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`
`6`	`6`	`_ELASTIC_LUCENE_QUERY="elastic-lucene-query"`
`7`	`7`	`_ELASTIC_LUCENE_RULE="elastic-lucene-rule"`
	`8`	`+_ELASTIC_LUCENE_RULE_TOML="elastic-lucene-rule-toml"`
`8`	`9`	`_ELASTIC_KIBANA_RULE="elastic-kibana-rule"`
`9`	`10`	`_ELASTALERT_LUCENE_RULE="elastalert-lucene-rule"`
`10`	`11`	`_ELASTIC_WATCHER_RULE="elastic-watcher-rule"`
`@@ -50,6 +51,14 @@`
`50`	`51`	`**PLATFORM_DETAILS,`
`51`	`52`	`}`
`52`	`53`
	`54`	`+ELASTICSEARCH_RULE_TOML_DETAILS= {`
	`55`	`+"platform_id":_ELASTIC_LUCENE_RULE_TOML,`
	`56`	`+"name":"Elastic Rule TOML",`
	`57`	`+"platform_name":"Detection Rule (Lucene) TOML",`
	`58`	`+"first_choice":0,`
	`59`	`+**PLATFORM_DETAILS,`
	`60`	`+}`
	`61`	`+`
`53`	`62`	`KIBANA_DETAILS= {`
`54`	`63`	`"platform_id":_ELASTIC_KIBANA_RULE,`
`55`	`64`	`"name":"Elastic Kibana Saved Search",`
`@@ -78,6 +87,7 @@`
`78`	`87`	`elasticsearch_esql_query_details=PlatformDetails(**ELASTICSEARCH_ESQL_QUERY_DETAILS)`
`79`	`88`	`elasticsearch_esql_rule_details=PlatformDetails(**ELASTICSEARCH_ESQL_RULE_DETAILS)`
`80`	`89`	`elasticsearch_rule_details=PlatformDetails(**ELASTICSEARCH_RULE_DETAILS)`
	`90`	`+elasticsearch_rule_toml_details=PlatformDetails(**ELASTICSEARCH_RULE_TOML_DETAILS)`
`81`	`91`	`elastalert_details=PlatformDetails(**ELASTALERT_DETAILS)`
`82`	`92`	`kibana_rule_details=PlatformDetails(**KIBANA_DETAILS)`
`83`	`93`	`xpack_watcher_details=PlatformDetails(**XPACK_WATCHER_DETAILS)`

`‎uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎`

Lines changed: 46 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,12 +15,13 @@`
`15`	`15`	`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
`16`	`16`	`-----------------------------------------------------------------`
`17`	`17`	`"""`
	`18`	`+fromdatetimeimportdatetime`
`18`	`19`
`19`		`-fromapp.translator.core.mixins.ruleimportJsonRuleMixin`
	`20`	`+fromapp.translator.core.mixins.ruleimportJsonRuleMixin,TOMLRuleMixin`
`20`	`21`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`21`		`-fromapp.translator.core.models.query_containerimportMetaInfoContainer,RawQueryContainer`
	`22`	`+fromapp.translator.core.models.query_containerimportMetaInfoContainer,RawMetaInfoContainer,RawQueryContainer`
`22`	`23`	`fromapp.translator.managersimportparser_manager`
`23`		`-fromapp.translator.platforms.elasticsearch.constimportelasticsearch_rule_details`
	`24`	`+fromapp.translator.platforms.elasticsearch.constimportelasticsearch_rule_details,elasticsearch_rule_toml_details`
`24`	`25`	`fromapp.translator.platforms.elasticsearch.parsers.elasticsearchimportElasticSearchQueryParser`
`25`	`26`	`fromapp.translator.tools.utilsimportparse_rule_description_str`
`26`	`27`
`@@ -53,3 +54,45 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:`
`53`	`54`	`mitre_attack=mitre_attack,`
`54`	`55`	`),`
`55`	`56`	`)`
	`57`	`+`
	`58`	`+`
	`59`	`+@parser_manager.register`
	`60`	`+classElasticSearchRuleTOMLParser(ElasticSearchQueryParser,TOMLRuleMixin):`
	`61`	`+details:PlatformDetails=elasticsearch_rule_toml_details`
	`62`	`+`
	`63`	`+defparse_raw_query(self,text:str,language:str)->RawQueryContainer:`
	`64`	`+raw_rule=self.load_rule(text=text)`
	`65`	`+rule=raw_rule.get("rule")`
	`66`	`+metadata=raw_rule.get("metadata")`
	`67`	`+techniques= []`
	`68`	`+forthreat_datainrule.get("threat", []):`
	`69`	`+ifthreat_data.get("technique"):`
	`70`	`+techniques.append(threat_data["technique"][0]["id"].lower())`
	`71`	`+mitre_attack=self.mitre_config.get_mitre_info(`
	`72`	`+tactics=[threat_data["tactic"]["name"].replace(" ","_").lower()forthreat_datainrule.get("threat", [])],`
	`73`	`+techniques=techniques,`
	`74`	`+ )`
	`75`	`+date=None`
	`76`	`+ifmetadata.get("creation_date"):`
	`77`	`+date=datetime.strptime(metadata.get("creation_date"),"%Y/%m/%d").strftime("%Y-%m-%d")`
	`78`	`+returnRawQueryContainer(`
	`79`	`+query=rule["query"],`
	`80`	`+language=language,`
	`81`	`+meta_info=MetaInfoContainer(`
	`82`	`+id_=rule.get("rule_id"),`
	`83`	`+title=rule.get("name"),`
	`84`	`+description=rule.get("description"),`
	`85`	`+author=rule.get("author"),`
	`86`	`+date=date,`
	`87`	`+license_=rule.get("license"),`
	`88`	`+severity=rule.get("severity"),`
	`89`	`+references=rule.get("references"),`
	`90`	`+tags=rule.get("tags"),`
	`91`	`+mitre_attack=mitre_attack,`
	`92`	`+index=rule.get("index"),`
	`93`	`+language=rule.get("language"),`
	`94`	`+risk_score=rule.get("risk_score"),`
	`95`	`+type_=rule.get("type"),`
	`96`	`+raw_metainfo_container=RawMetaInfoContainer(from_=rule.get("from"),interval=rule.get("interval")),`
	`97`	`+ ),`
	`98`	`+ )`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8d06469

File tree

6 files changed

6 files changed

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

`‎uncoder-core/app/translator/core/mixins/rule.py‎`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/init.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/const.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎`

0 commit comments

Movatterモバイル変換

File tree

6 files changed

6 files changed

‎uncoder-core/app/translator/core/exceptions/core.py‎

‎uncoder-core/app/translator/core/mixins/rule.py‎

‎uncoder-core/app/translator/core/models/query_container.py‎

‎uncoder-core/app/translator/platforms/elasticsearch/__init__.py‎

‎uncoder-core/app/translator/platforms/elasticsearch/const.py‎

‎uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎

0 commit comments

`‎uncoder-core/app/translator/core/exceptions/core.py‎`

`‎uncoder-core/app/translator/core/mixins/rule.py‎`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/init.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/const.py‎`

`‎uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎`