Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite25af9b

Browse files
committed
gis-9099 add microsoft sentinel to one vendor flow
1 parent5f93815 commite25af9b

File tree

3 files changed

+20
-6
lines changed

3 files changed

+20
-6
lines changed

‎uncoder-core/app/translator/core/models/query_container.py‎

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,8 @@ def __init__(
6565
date:Optional[str]=None,
6666
output_table_fields:Optional[list[Field]]=None,
6767
query_fields:Optional[list[Field]]=None,
68+
function_fields:Optional[list[Field]]=None,
69+
function_fields_map:Optional[dict[str,list[Field]]]=None,
6870
license_:Optional[str]=None,
6971
severity:Optional[str]=None,
7072
references:Optional[list[str]]=None,
@@ -76,7 +78,7 @@ def __init__(
7678
parsed_logsources:Optional[dict]=None,
7779
timeframe:Optional[timedelta]=None,
7880
query_period:Optional[timedelta]=None,
79-
mitre_attack:MitreInfoContainer=MitreInfoContainer(),
81+
mitre_attack:Optional[MitreInfoContainer]=None,
8082
raw_metainfo_container:Optional[RawMetaInfoContainer]=None,
8183
)->None:
8284
self.id=id_orstr(uuid.uuid4())
@@ -86,23 +88,25 @@ def __init__(
8688
self.risk_score=risk_score
8789
self.type_=type_or""
8890
self.description=descriptionor""
89-
self.author= [v.strip()forvinauthor]ifauthorelse []
91+
self.author= [v.strip()forvinauthor]ifauthorandauthor!= [None]else []
9092
self.date=dateordatetime.now().date().strftime("%Y-%m-%d")
9193
self.output_table_fields=output_table_fieldsor []
9294
self.query_fields=query_fieldsor []
95+
self.function_fields=function_fieldsor []
96+
self.function_fields_map=function_fields_mapor {}
9397
self.license=license_or"DRL 1.1"
9498
self.severity=severityorSeverityType.low
9599
self.references=referencesor []
96100
self.tags=tagsor []
97-
self.mitre_attack=mitre_attackorNone
101+
self.mitre_attack=mitre_attackorMitreInfoContainer()
98102
self.raw_mitre_attack=raw_mitre_attackor []
99103
self.status=statusor"stable"
100104
self.false_positives=false_positivesor []
101105
self._source_mapping_ids=source_mapping_idsor [DEFAULT_MAPPING_NAME]
102106
self.parsed_logsources=parsed_logsourcesor {}
103107
self.timeframe=timeframe
104108
self.query_period=query_period
105-
self.raw_metainfo_container=raw_metainfo_container
109+
self.raw_metainfo_container=raw_metainfo_containerorRawMetaInfoContainer()
106110

107111
@property
108112
defauthor_str(self)->str:

‎uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
fromapp.translator.constimportDEFAULT_VALUE_TYPE
2323
fromapp.translator.core.mappingimportLogSourceSignature
2424
fromapp.translator.core.models.platform_detailsimportPlatformDetails
25+
fromapp.translator.core.models.query_containerimportRawQueryContainer
2526
fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender
2627
fromapp.translator.managersimportrender_manager
2728
fromapp.translator.platforms.microsoft.constimportmicrosoft_sentinel_query_details
@@ -144,3 +145,6 @@ def generate_prefix(self, log_source_signature: LogSourceSignature, functions_pr
144145
@staticmethod
145146
def_finalize_search_query(query:str)->str:
146147
returnf"| where{query}"ifqueryelse""
148+
149+
defgenerate_from_raw_query_container(self,query_container:RawQueryContainer)->str:
150+
returnquery_container.query

‎uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
fromapp.translator.core.custom_types.meta_infoimportSeverityType
2727
fromapp.translator.core.mappingimportSourceMapping
2828
fromapp.translator.core.models.platform_detailsimportPlatformDetails
29-
fromapp.translator.core.models.query_containerimportMetaInfoContainer,MitreInfoContainer
29+
fromapp.translator.core.models.query_containerimportMetaInfoContainer,MitreInfoContainer,RawQueryContainer
3030
fromapp.translator.managersimportrender_manager
3131
fromapp.translator.platforms.microsoft.constimportDEFAULT_MICROSOFT_SENTINEL_RULE,microsoft_sentinel_rule_details
3232
fromapp.translator.platforms.microsoft.mappingimportMicrosoftSentinelMappings,microsoft_sentinel_rule_mappings
@@ -107,7 +107,8 @@ def finalize_query(
107107
*args,# noqa: ARG002
108108
**kwargs,# noqa: ARG002
109109
)->str:
110-
query=super().finalize_query(prefix=prefix,query=query,functions=functions)
110+
ifnotkwargs.get("raw_query",False):
111+
query=super().finalize_query(prefix=prefix,query=query,functions=functions)
111112
rule=copy.deepcopy(DEFAULT_MICROSOFT_SENTINEL_RULE)
112113
rule["query"]=query
113114
rule["displayName"]=meta_info.titleor_AUTOGENERATED_TEMPLATE
@@ -130,3 +131,8 @@ def finalize_query(
130131
json_rule=json.dumps(rule,indent=4,sort_keys=False)
131132
json_rule=self.wrap_with_unmapped_fields(json_rule,unmapped_fields)
132133
returnself.wrap_with_not_supported_functions(json_rule,not_supported_functions)
134+
135+
defgenerate_from_raw_query_container(self,query_container:RawQueryContainer)->str:
136+
returnself.finalize_query(
137+
prefix="",query=query_container.query,functions="",meta_info=query_container.meta_info,raw_query=True
138+
)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp