NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit0c64c32

committed

gis-9415 add global alternative mapping

1 parent0383ff3 commit0c64c32Copy full SHA for 0c64c32

File tree

4 files changed

+17

-9

lines changed

uncoder-core/app/translator
- core
  - mapping.py
  - models
    - query_container.py
- mappings/platforms/global_alternative/ocsf
  - default.yml
- platforms/splunk
  - mapping.py

4 files changed

+17

-9

lines changed

`‎uncoder-core/app/translator/core/mapping.py‎`

Lines changed: 10 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,8 @@`
`1`	`1`	`from __future__importannotations`
`2`	`2`
	`3`	`+importos`
`3`	`4`	`fromabcimportABC,abstractmethod`
`4`		`-fromtypingimportTYPE_CHECKING,Optional,TypeVar,Union`
	`5`	`+fromtypingimportTYPE_CHECKING,ClassVar,Optional,TypeVar,Union`
`5`	`6`
`6`	`7`	`fromapp.translator.core.exceptions.coreimport (`
`7`	`8`	`StrictPlatformException,`
`@@ -16,6 +17,7 @@`
`16`	`17`
`17`	`18`
`18`	`19`	`DEFAULT_MAPPING_NAME="default"`
	`20`	`+GLOBAL_ALTERNATIVE_MAPPING_DIR="global_alternative"`
`19`	`21`
`20`	`22`
`21`	`23`	`classLogSourceSignature(ABC):`
`@@ -113,14 +115,15 @@ class BasePlatformMappings:`
`113`	`115`	`is_strict_mapping:bool=False`
`114`	`116`	`skip_load_default_mappings:bool=True`
`115`	`117`	`extend_default_mapping_with_all_fields:bool=False`
`116`		`-global_mappings:list[str]= []`
	`118`	`+global_alternative_mappings:ClassVar[list[str]]= []`
`117`	`119`
`118`	`120`	`def__init__(self,platform_dir:str,platform_details:PlatformDetails):`
`119`	`121`	`self._loader=LoaderFileMappings()`
`120`	`122`	`self.details=platform_details`
`121`	`123`	`self._source_mappings=self.prepare_mapping(platform_dir)`
`122`	`124`	`self._alternative_mappings=self.prepare_alternative_mapping(platform_dir)`
`123`		`-global_alternative_mappings=self.prepare_global_alternative_mapping()`
	`125`	`+ifself.global_alternative_mappings:`
	`126`	`+self._alternative_mappings.update(self.prepare_global_alternative_mapping())`
`124`	`127`
`125`	`128`	`defupdate_default_source_mapping(self,default_mapping:SourceMapping,fields_mapping:FieldsMapping)->None:`
`126`	`129`	`default_mapping.fields_mapping.update(fields_mapping)`
`@@ -132,8 +135,10 @@ def prepare_alternative_mapping(self, platform_dir: str) -> dict[str, dict[str,`
`132`	`135`	`returnalternative_mappings`
`133`	`136`
`134`	`137`	`defprepare_global_alternative_mapping(self)->dict[str,dict[str,SourceMapping]]:`
`135`		`-globa_alternative_mappings= {}`
`136`		`-returngloba_alternative_mappings`
	`138`	`+global_alternative_mappings= {}`
	`139`	`+fornameinself.global_alternative_mappings:`
	`140`	`+global_alternative_mappings[name]=self.prepare_mapping(os.path.join(GLOBAL_ALTERNATIVE_MAPPING_DIR,name))`
	`141`	`+returnglobal_alternative_mappings`
`137`	`142`
`138`	`143`	`defprepare_mapping(self,platform_dir:str)->dict[str,SourceMapping]:`
`139`	`144`	`source_mappings= {}`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ class RawQueryContainer:`
`136`	`136`	`classRawQueryDictContainer:`
`137`	`137`	`query:dict`
`138`	`138`	`language:str`
`139`		`-meta_info:dict`
	`139`	`+meta_info:MetaInfoContainer=field(default_factory=MetaInfoContainer)`
`140`	`140`
`141`	`141`
`142`	`142`	`@dataclass`

`‎uncoder-core/app/translator/mappings/global_alternative/ocsf/default.yml‎renamed to ‎uncoder-core/app/translator/mappings/platforms/global_alternative/ocsf/default.yml‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`platform:Global OCSF`
`2`	`2`	`source:default`
`3`	`3`
`4`		`-default_log_source:{}`
`5`	`4`
`6`	`5`	`fieldmappings:`
`7`	`6`	`IntegrityLevel:process.integrity`

`‎uncoder-core/app/translator/platforms/splunk/mapping.py‎`

Lines changed: 6 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-fromtypingimportOptional`
	`1`	`+fromtypingimportClassVar,Optional`
`2`	`2`
`3`	`3`	`fromapp.translator.core.mappingimportBasePlatformMappings,LogSourceSignature`
`4`	`4`	`fromapp.translator.platforms.splunk.constimportsplunk_alert_details,splunk_query_details`
`@@ -39,9 +39,13 @@ def __str__(self) -> str:`
`39`	`39`
`40`	`40`
`41`	`41`	`classSplunkMappings(BasePlatformMappings):`
	`42`	`+global_alternative_mappings:ClassVar[list[str]]= ["ocsf"]`
	`43`	`+`
`42`	`44`	`defprepare_log_source_signature(self,mapping:dict)->SplunkLogSourceSignature:`
`43`	`45`	`log_source=mapping.get("log_source", {})`
`44`		`-default_log_source=mapping["default_log_source"]`
	`46`	`+default_log_source= (`
	`47`	`+mapping.get("default_log_source")ifmapping.get("default_log_source")else {"source":"WinEventLog: *"}`
	`48`	`+ )`
`45`	`49`	`returnSplunkLogSourceSignature(`
`46`	`50`	`sources=log_source.get("source"),`
`47`	`51`	`source_types=log_source.get("sourcetype"),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0c64c32

File tree

4 files changed

4 files changed

`‎uncoder-core/app/translator/core/mapping.py‎`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

`‎uncoder-core/app/translator/mappings/global_alternative/ocsf/default.yml‎renamed to ‎uncoder-core/app/translator/mappings/platforms/global_alternative/ocsf/default.yml‎`

`‎uncoder-core/app/translator/platforms/splunk/mapping.py‎`

0 commit comments