Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commiteccbae3

Browse files
committed
resolve conflicts
1 parent93ceff9 commiteccbae3

File tree

43 files changed

+155
-71
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

43 files changed

+155
-71
lines changed

‎uncoder-core/app/translator/core/custom_types/time.py‎

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,17 @@ class TimeFrameType(CustomEnum):
77
days="days"
88
hours="hours"
99
minutes="minutes"
10+
11+
12+
classTimePartType(CustomEnum):
13+
day="day"
14+
day_of_week="day_of_week"
15+
day_of_year="day_of_year"
16+
hour="hour"
17+
microsecond="microsecond"
18+
millisecond="millisecond"
19+
minute="minute"
20+
month="month"
21+
quarter="quarter"
22+
second="second"
23+
year="year"

‎uncoder-core/app/translator/core/exceptions/core.py‎

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
fromtypingimportOptional
2+
3+
14
classNotImplementedException(BaseException):
25
...
36

@@ -7,8 +10,19 @@ class BasePlatformException(BaseException):
710

811

912
classStrictPlatformException(BasePlatformException):
10-
def__init__(self,platform_name:str,field_name:str):
11-
message=f"Platform{platform_name} has strict mapping. Source field{field_name} has no mapping."
13+
field_name:str=None
14+
15+
def__init__(
16+
self,platform_name:str,field_name:str,mapping:Optional[str]=None,detected_fields:Optional[list]=None
17+
):
18+
message= (
19+
f"Platform{platform_name} has strict mapping. "
20+
f"Source fields:{', '.join(detected_fields)ifdetected_fieldselsefield_name} has no mapping."
21+
f" Mapping file:{mapping}."
22+
ifmapping
23+
else""
24+
)
25+
self.field_name=field_name
1226
super().__init__(message)
1327

1428

‎uncoder-core/app/translator/core/models/field.py‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,11 @@ def value(self) -> Union[int, str, StrValue, list[Union[int, str, StrValue]]]:
7676
returnself.values[0]
7777
returnself.values
7878

79+
@value.setter
80+
defvalue(self,new_value:Union[int,str,StrValue,list[Union[int,str,StrValue]]])->None:
81+
self.values= []
82+
self.__add_value(new_value)
83+
7984
def__add_value(self,value:Optional[Union[int,str,StrValue,list,tuple]])->None:
8085
ifvalueandisinstance(value, (list,tuple)):
8186
forvinvalue:

‎uncoder-core/app/translator/core/render.py‎

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -283,8 +283,14 @@ def apply_token(self, token: Union[FieldValue, Keyword, Identifier], source_mapp
283283

284284
defgenerate_query(self,tokens:list[TOKEN_TYPE],source_mapping:SourceMapping)->str:
285285
result_values= []
286+
unmapped_fields=set()
286287
fortokenintokens:
287-
result_values.append(self.apply_token(token=token,source_mapping=source_mapping))
288+
try:
289+
result_values.append(self.apply_token(token=token,source_mapping=source_mapping))
290+
exceptStrictPlatformExceptionaserr:
291+
unmapped_fields.add(err.field_name)
292+
ifunmapped_fields:
293+
raiseStrictPlatformException(self.details.name,"",source_mapping.source_id,sorted(unmapped_fields))
288294
return"".join(result_values)
289295

290296
defwrap_with_meta_info(self,query:str,meta_info:Optional[MetaInfoContainer])->str:

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,3 +125,4 @@ field_mapping:
125125
SourceOS:xdm.source.host.os
126126
DestinationOS:xdm.target.host.os
127127
url_category:xdm.network.http.url_category
128+
EventSeverity:xdm.alert.severity

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@ field_mapping:
1010
#dns-record: dns-record
1111
dns_query_name:xdm.network.dns.dns_question.name
1212
QueryName:xdm.network.dns.dns_question.name
13-
query:xdm.network.dns.dns_question.name
13+
query:xdm.network.dns.dns_question.name
14+
dns-record-type:xdm.network.dns.dns_question.type

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,4 +28,5 @@ field_mapping:
2828
ParentIntegrityLevel:causality_actor_process_integrity_level
2929
ParentLogonId:causality_actor_process_logon_id
3030
ParentProduct:causality_actor_process_signature_product
31-
ParentCompany:causality_actor_process_signature_vendor
31+
ParentCompany:causality_actor_process_signature_vendor
32+
EventType:event_sub_type

‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,12 @@ field_mapping:
1313
dst-port:
1414
-DstPort
1515
-DestinationPort
16+
-remoteport
1617
dst-hostname:DstHost
1718
src-hostname:SrcHost
18-
src-port:SourcePort
19+
src-port:
20+
-SourcePort
21+
-localport
1922
src-ip:
2023
-sourceip
2124
-source_ip
@@ -27,11 +30,14 @@ field_mapping:
2730
-destination_ip
2831
-destinationIP
2932
-destinationaddress
33+
-destination
3034
User:
3135
-userName
3236
-EventUserName
3337
CommandLine:Command
34-
Protocol:IPProtocol
38+
Protocol:
39+
-IPProtocol
40+
-protocol
3541
Application:
3642
-Application
3743
-application
@@ -57,11 +63,16 @@ field_mapping:
5763
SourceMAC:
5864
-SourceMAC
5965
-MAC
66+
-sourceMAC
6067
DestinationMAC:DestinationMAC
6168
SourceOS:
6269
-SourceOS
6370
-OS
6471
DestinationOS:DestinationOS
6572
TargetUserName:DestinationUserName
6673
SourceUserName:SourceUserName
67-
url_category:XForceCategoryByURL
74+
url_category:XForceCategoryByURL
75+
EventSeverity:EventSeverity
76+
Source:
77+
-Source
78+
-source

‎uncoder-core/app/translator/mappings/platforms/qradar/dns.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,5 @@ field_mapping:
1212
dns-query:URL
1313
parent-domain:parent-domain
1414
dns-answer:dns-answer
15-
dns-record:URL
15+
dns-record:URL
16+
dns-record-type:DNSRecordType

‎uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ field_mapping:
2424
cs-host:
2525
-UrlHost
2626
-URL Host
27+
-URL Domain
2728
cs-referrer:
2829
-URL Referrer
2930
-Referrer URL

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp