Commit1b8acba

authored

Merge pull request#149 from UncoderIO/gis-7581

Fix empty index field in elastic rule

2 parents5e4f6d4 +f27c9cf commit1b8acbaCopy full SHA for 1b8acba

File tree

-3

lines changed

-3

lines changed

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,10 @@ def is_suitable(self, args, *kwargs) -> bool:`
`20`	`20`	`def__str__(self)->str:`
`21`	`21`	`raiseNotImplementedError("Abstract method")`
`22`	`22`
	`23`	`+@property`
	`24`	`+defdefault_source(self)->dict:`
	`25`	`+returnself._default_source`
	`26`	`+`
`23`	`27`
`24`	`28`	`classFieldMapping:`
`25`	`29`	`def__init__(self,generic_field_name:str,platform_field_name:str):`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,8 @@ class AQLEscapeManager(EscapeManager):`
`10`	`10`	`ValueType.value: [EscapeDetails(pattern=r"(')",escape_symbols=r"'\1")],`
`11`	`11`	`ValueType.regex_value: [`
`12`	`12`	`EscapeDetails(pattern=r"([$^*+()\[\]{}\|.?\-\\])",escape_symbols=r"\\\1"),`
`13`		`-EscapeDetails(pattern=r"(')",escape_symbols=r"'\1")`
`14`		`- ]`
	`13`	`+EscapeDetails(pattern=r"(')",escape_symbols=r"'\1"),`
	`14`	`+ ],`
`15`	`15`	`}`
`16`	`16`
`17`	`17`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -85,13 +85,14 @@ def finalize_query(`
`85`	`85`	`query:str,`
`86`	`86`	`functions:str,`
`87`	`87`	`meta_info:Optional[MetaInfoContainer]=None,`
`88`		`-source_mapping:Optional[SourceMapping]=None,# noqa: ARG002`
	`88`	`+source_mapping:Optional[SourceMapping]=None,`
`89`	`89`	`not_supported_functions:Optional[list]=None,`
`90`	`90`	`*args,# noqa: ARG002`
`91`	`91`	`**kwargs,# noqa: ARG002`
`92`	`92`	`)->str:`
`93`	`93`	`query=super().finalize_query(prefix=prefix,query=query,functions=functions)`
`94`	`94`	`rule=copy.deepcopy(ELASTICSEARCH_DETECTION_RULE)`
	`95`	`+index=source_mapping.log_source_signature.default_source.get("index")ifsource_mappingelseNone`
`95`	`96`	`rule.update(`
`96`	`97`	`{`
`97`	`98`	`"query":query,`
`@@ -105,6 +106,7 @@ def finalize_query(`
`105`	`106`	`"tags":meta_info.tags,`
`106`	`107`	`"threat":self.__create_mitre_threat(meta_info.mitre_attack),`
`107`	`108`	`"false_positives":meta_info.false_positives,`
	`109`	`+"index": [index]ifindexelse [],`
`108`	`110`	`}`
`109`	`111`	`)`
`110`	`112`	`rule_str=json.dumps(rule,indent=4,sort_keys=False,ensure_ascii=False)`

Comments

(0)