Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitde479f3

Browse files
committed
fix small bugs which appear while translating
1 parent44ef47a commitde479f3

File tree

6 files changed

+15
-4
lines changed

6 files changed

+15
-4
lines changed

‎siem-converter/app/converter/core/parser.py‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
fromapp.converter.core.models.platform_detailsimportPlatformDetails
2525
fromapp.converter.core.models.parser_outputimportSiemContainer,MetaInfoContainer
2626
fromapp.converter.core.tokenizerimportQueryTokenizer,TOKEN_TYPE
27+
fromapp.converter.core.exceptions.parserimportTokenizerGeneralException
2728

2829

2930
classParser(ABC):
@@ -43,6 +44,8 @@ def get_tokens_and_source_mappings(self,
4344
query:str,
4445
log_sources:Dict[str,List[str]]
4546
)->Tuple[List[TOKEN_TYPE],List[SourceMapping]]:
47+
ifnotquery:
48+
raiseTokenizerGeneralException("Can't translate empty query. Please provide more details")
4649
tokens=self.tokenizer.tokenize(query=query)
4750
field_tokens=self.tokenizer.filter_tokens(tokens,Field)
4851
field_names= [field.source_nameforfieldinfield_tokens]

‎siem-converter/app/converter/platforms/chronicle/const.py‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
rule_id = "<rule_id_place_holder>"
99
status = "<status_place_holder>"
1010
severity = "<severity_place_holder>"
11+
falsepositives = "<falsepositives_place_holder>"
1112
1213
events:
1314
<query_placeholder>

‎siem-converter/app/converter/platforms/chronicle/renders/chronicle_rule.py‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,4 +95,5 @@ def finalize_query(self, prefix: str, query: str, functions: str, meta_info: Met
9595
rule=rule.replace("<rule_id_place_holder>",meta_info.id)
9696
rule=rule.replace("<severity_place_holder>",meta_info.severity)
9797
rule=rule.replace("<status_place_holder>",meta_info.status)
98+
rule=rule.replace("<falsepositives_place_holder>",', '.join(meta_info.false_positives))
9899
returnrule

‎siem-converter/app/converter/platforms/elasticsearch/renders/detection_rule.py‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ def finalize_query(self, prefix: str, query: str, functions: str, meta_info: Met
6464
"tags":meta_info.mitre_attack,
6565
"false_positives":meta_info.false_positives
6666
})
67-
rule_str=json.dumps(rule,indent=4,sort_keys=False)
67+
rule_str=json.dumps(rule,indent=4,sort_keys=False,ensure_ascii=False)
6868
ifnot_supported_functions:
6969
rendered_not_supported=self.render_not_supported_functions(not_supported_functions)
7070
returnrule_str+rendered_not_supported

‎siem-converter/app/converter/platforms/sigma/parsers/sigma.py‎

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919

2020

2121
importre
22-
fromtypingimportList
22+
fromtypingimportList,Union
2323

2424
fromapp.converter.platforms.sigma.constimportSIGMA_RULE_DETAILS
2525
fromapp.converter.platforms.sigma.mappingimportSigmaMappings,sigma_mappings
@@ -47,9 +47,16 @@ def __parse_mitre_attack(tags: List[str]) -> List[str]:
4747

4848
returnresult
4949

50+
@staticmethod
51+
def__parse_false_positives(false_positives:Union[str,List[str],None])->list:
52+
ifisinstance(false_positives,str):
53+
return [i.strip()foriinfalse_positives.split(',')]
54+
returnfalse_positives
55+
5056
def_get_meta_info(self,rule:dict,source_mapping_ids:List[str])->MetaInfoContainer:
5157
returnMetaInfoContainer(
5258
title=rule.get("title"),
59+
id_=rule.get('id'),
5360
description=rule.get("description"),
5461
author=rule.get("author"),
5562
date=rule.get("date"),
@@ -58,7 +65,7 @@ def _get_meta_info(self, rule: dict, source_mapping_ids: List[str]) -> MetaInfoC
5865
mitre_attack=self.__parse_mitre_attack(rule.get("tags", [])),
5966
severity=rule.get("level"),
6067
status=rule.get("status"),
61-
false_positives=rule.get("falsepositives"),
68+
false_positives=self.__parse_false_positives(rule.get("falsepositives")),
6269
source_mapping_ids=source_mapping_ids
6370
)
6471

‎siem-converter/app/dictionaries/uncoder_meta_info_roota.json‎

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,6 @@
5555
{"name":"logscale-lql-query","description":"Falcon LogScale Query" },
5656
{"name":"mde-kql-query","description":"Microsoft Defender for Endpoint Query" },
5757
{"name":"qradar-aql-query","description":"IBM QRadar Query" },
58-
{"name":"sigma-yml-rule","description":"Sigma Rule" },
5958
{"name":"athena-sql-query","description":"AWS Athena Query (Security Lake)" },
6059
{"name":"chronicle-yaral-query","description":"Chronicle Security Query" }
6160
]

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp