Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4abc013

Browse files
committed
update in render
1 parent36bf9f3 commit4abc013

File tree

3 files changed

+68
-7
lines changed

3 files changed

+68
-7
lines changed
Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
fromapp.translator.platforms.sumo_logic.renders.sumologic_ctiimportSumologicCTI# noqa: F401
2-
fromapp.translator.platforms.sumo_logic.renders.sumologicimportSumologicSearchQueryRender
2+
fromapp.translator.platforms.sumo_logic.renders.sumologicimportSumologicSearchQueryRender
3+
fromapp.translator.platforms.sumo_logic.renders.sumologic_cseimportSumologicCSERender,SumologicCSERuleRender

‎uncoder-core/app/translator/platforms/sumo_logic/const.py‎

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,17 +26,43 @@
2626
SUMOLOGIC_CSE_QUERY_DETAILS= {
2727
"platform_id":"sumologic-cse-query",
2828
"name":"Sumo Logic CSE",
29-
"platform_name":"Query",
29+
"platform_name":"CSEQuery",
3030
**PLATFORM_DETAILS
3131
}
3232

3333
SUMOLOGIC_CSE_RULE_DETAILS= {
3434
"platform_id":"sumologic-cse-rule",
3535
"name":"Sumo Logic CSE Rule",
36-
"platform_name":"Query",
36+
"platform_name":"CSE Rule",
3737
**PLATFORM_DETAILS
3838
}
3939

40+
SEVERITY_MAP= {
41+
'informational':1,
42+
'low':2,
43+
'medium':3,
44+
'high':4,
45+
'critical':5
46+
}
47+
48+
ALLOWED_CATEGORIES= [
49+
"Threat Intelligence",
50+
"Initial Access",
51+
"Execution",
52+
"Persistence",
53+
"Privilege Escalation",
54+
"Defense Evasion",
55+
"Credential Access",
56+
"Discovery",
57+
"Lateral Movement",
58+
"Collection",
59+
"Command and Control",
60+
"Exfiltration",
61+
"Impact"
62+
]
63+
64+
65+
4066
sumologic_search_query_details=PlatformDetails(**SUMOLOGIC_SEARCH_QUERY_DETAILS)
4167
sumologic_cse_query_details=PlatformDetails(**SUMOLOGIC_CSE_QUERY_DETAILS)
4268
sumologic_cse_rule_details=PlatformDetails(**SUMOLOGIC_CSE_RULE_DETAILS)

‎uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cse.py‎

Lines changed: 38 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,19 +16,29 @@
1616
limitations under the License.
1717
-----------------------------------------------------------------
1818
"""
19+
importcopy
20+
importjson
21+
fromtypingimportOptional
22+
fromapp.translator.core.mappingimportSourceMapping
1923
fromapp.translator.core.models.platform_detailsimportPlatformDetails
24+
fromapp.translator.core.models.query_containerimportMetaInfoContainer
2025
fromapp.translator.managersimportrender_manager
2126
fromapp.translator.core.renderimportPlatformQueryRender
2227

23-
fromapp.translator.platforms.sumo_logic.constimportsumologic_search_query_details
28+
fromapp.translator.platforms.sumo_logic.constimport (
29+
SEVERITY_MAP,
30+
sumologic_cse_query_details,
31+
sumologic_cse_rule_details,
32+
DEFAULT_SUMOLOGIC_CSE_RULE
33+
)
2434
fromapp.translator.platforms.sumo_logic.mappingimportSumoLogicMappings,sumologic_mappings
2535
fromapp.translator.platforms.sumo_logic.renders.sumologicimportSumologicFieldValue
2636

2737

2838

2939
@render_manager.register
3040
classSumologicCSERender(PlatformQueryRender):
31-
details:PlatformDetails=sumologic_search_query_details
41+
details:PlatformDetails=sumologic_cse_query_details
3242
mappings:SumoLogicMappings=sumologic_mappings
3343

3444
or_token="OR"
@@ -41,12 +51,36 @@ class SumologicCSERender(PlatformQueryRender):
4151

4252
@render_manager.register
4353
classSumologicCSERuleRender(PlatformQueryRender):
44-
details:PlatformDetails=sumologic_search_query_details
54+
details:PlatformDetails=sumologic_cse_rule_details
4555
mappings:SumoLogicMappings=sumologic_mappings
4656

4757
or_token="OR"
4858
and_token="AND"
4959
not_token="NOT"
5060

5161
field_value_map=SumologicFieldValue(or_token=or_token)
52-
query_pattern="{prefix} {query} {functions}"
62+
query_pattern="{prefix} {query} {functions}"
63+
64+
65+
deffinalize_query(
66+
self,
67+
prefix:str,
68+
query:str,
69+
functions:str,
70+
meta_info:Optional[MetaInfoContainer]=None,
71+
source_mapping:Optional[SourceMapping]=None,# noqa: ARG002
72+
not_supported_functions:Optional[list]=None,
73+
*args,# noqa: ARG002
74+
**kwargs,# noqa: ARG002
75+
)->str:
76+
query=super().finalize_query(prefix=prefix,query=query,functions=functions)
77+
rule=copy.deepcopy(DEFAULT_SUMOLOGIC_CSE_RULE)
78+
rule["name"]=meta_info.titleorrule["name"]ifmeta_infoelserule['name']
79+
rule["description"]=meta_info.descriptionorrule["description"]ifmeta_infoelserule['description']
80+
rule["score"]=SEVERITY_MAP.get(meta_info.severity)ifmeta_infoelseSEVERITY_MAP['medium']
81+
rule["expression"]=query
82+
rule_str=json.dumps(rule,indent=4,sort_keys=False,ensure_ascii=False)
83+
ifnot_supported_functions:
84+
rendered_not_supported=self.render_not_supported_functions(not_supported_functions)
85+
returnrule_str+rendered_not_supported
86+
returnrule_str

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp