NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit77fe657

authored

Merge pull request#50 from UncoderIO/rules_fixes

fix minor bugs in platforms rules

2 parents4a2237d +9202880 commit77fe657Copy full SHA for 77fe657

File tree

8 files changed

+15

-13

lines changed

translator/app/translator
- core
  - exceptions
    - parser.py
  - models
    - parser_output.py
- platforms
  - elasticsearch/parsers
    - detection_rule.py
  - logscale/parsers
    - logscale_alert.py
  - microsoft/renders
    - microsoft_sentinel_rule.py
  - splunk
    - parsers
      - splunk_alert.py
    - renders
      - splunk_alert.py
- tools
  - decorators.py

8 files changed

+15

-13

lines changed

`‎translator/app/translator/core/exceptions/parser.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ class QueryParenthesesException(BaseParserException):`
`23`	`23`	`def__init__(self):`
`24`	`24`	`message= (`
`25`	`25`	`"The query logic is broken. In the input, the numbers of opening and closing parentheses "`
`26`		`-"do not match. If you think there's no error, please contact us via GitHub."`
	`26`	`+"do not match. If you think there's no error, please contact us."`
`27`	`27`	`)`
`28`	`28`	`super().__init__(message)`
`29`	`29`

`‎translator/app/translator/core/models/parser_output.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ def __init__(`
`35`	`35`	`self.severity=severityorSeverityType.low`
`36`	`36`	`self.references=referencesor []`
`37`	`37`	`self.tags=tagsor []`
`38`		`-self.mitre_attack=mitre_attackor[]`
	`38`	`+self.mitre_attack=mitre_attackor{}`
`39`	`39`	`self.status=statusor"stable"`
`40`	`40`	`self.false_positives=false_positivesor []`
`41`	`41`	`self.source_mapping_ids=source_mapping_idsor [DEFAULT_MAPPING_NAME]`

`‎translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,8 @@ def _parse_rule(self, text: str) -> dict:`
`32`	`32`	`query=rule["query"]`
`33`	`33`	`description=rule["description"]`
`34`	`34`	`name=rule["name"]`
`35`		`-return {"query":query,"title":name,"description":description}`
	`35`	`+query,logsources=self._parse_log_sources(query)`
	`36`	`+return {"query":query,"title":name,"description":description,"logsources":logsources}`
`36`	`37`
`37`	`38`	`@staticmethod`
`38`	`39`	`def_get_meta_info(source_mapping_ids:list[str],meta_info:dict)->MetaInfoContainer:`
`@@ -41,8 +42,8 @@ def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoCo`
`41`	`42`	`)`
`42`	`43`
`43`	`44`	`defparse(self,text:str)->SiemContainer:`
`44`		`-rule,log_sources=self._parse_rule(text)`
`45`		`-tokens,source_mappings=self.get_tokens_and_source_mappings(rule.get("query"),log_sources)`
	`45`	`+rule=self._parse_rule(text)`
	`46`	`+tokens,source_mappings=self.get_tokens_and_source_mappings(rule.get("query"),rule.get("log_sources", {}))`
`46`	`47`	`returnSiemContainer(`
`47`	`48`	`query=tokens,`
`48`	`49`	`meta_info=self._get_meta_info(`

`‎translator/app/translator/platforms/logscale/parsers/logscale_alert.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoCo`
`43`	`43`	`defparse(self,text:str)->SiemContainer:`
`44`	`44`	`parsed_rule=self._parse_rule(text)`
`45`	`45`	`query,functions=self._parse_query(query=parsed_rule.pop("query"))`
`46`		`-tokens,source_mappings=self.get_tokens_and_source_mappings(text, {})`
	`46`	`+tokens,source_mappings=self.get_tokens_and_source_mappings(query, {})`
`47`	`47`	`returnSiemContainer(`
`48`	`48`	`query=tokens,`
`49`	`49`	`meta_info=self._get_meta_info(`

`‎translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -52,10 +52,10 @@ def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> tuple[list, lis`
`52`	`52`	`tactics= []`
`53`	`53`	`techniques= []`
`54`	`54`
`55`		`-fortacticinmeta_info.mitre_attack.get("tactics"):`
	`55`	`+fortacticinmeta_info.mitre_attack.get("tactics", []):`
`56`	`56`	`tactics.append(tactic["tactic"])`
`57`	`57`
`58`		`-fortechniqueinmeta_info.mitre_attack.get("techniques"):`
	`58`	`+fortechniqueinmeta_info.mitre_attack.get("techniques", []):`
`59`	`59`	`techniques.append(technique["technique_id"])`
`60`	`60`
`61`	`61`	`returntactics,techniques`

`‎translator/app/translator/platforms/splunk/parsers/splunk_alert.py‎`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,8 @@ class SplunkAlertParser(SplunkParser):`
`30`	`30`
`31`	`31`	`@staticmethod`
`32`	`32`	`def_get_meta_info(source_mapping_ids:list[str],meta_info:Optional[str])->MetaInfoContainer:`
`33`		`-description=re.search(r"description\s=\s(?P<query>.+)",meta_info).group("description")`
	`33`	`+description=re.search(r"description\s=\s(?P<query>.+)",meta_info).group()`
	`34`	`+description=description.replace("description = ","")`
`34`	`35`	`returnMetaInfoContainer(source_mapping_ids=source_mapping_ids,description=description)`
`35`	`36`
`36`	`37`	`defparse(self,text:str)->SiemContainer:`
`@@ -40,6 +41,6 @@ def parse(self, text: str) -> SiemContainer:`
`40`	`41`
`41`	`42`	`returnSiemContainer(`
`42`	`43`	`query=tokens,`
`43`		`-meta_info=self._get_meta_info([source_mapping.source_idforsource_mappinginsource_mappings]),`
	`44`	`+meta_info=self._get_meta_info([source_mapping.source_idforsource_mappinginsource_mappings],text),`
`44`	`45`	`functions=functions,`
`45`	`46`	`)`

`‎translator/app/translator/platforms/splunk/renders/splunk_alert.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ class SplunkAlertRender(SplunkQueryRender):`
`43`	`43`	`def__create_mitre_threat(meta_info:MetaInfoContainer)->dict:`
`44`	`44`	`techniques= {"mitre_attack": []}`
`45`	`45`
`46`		`-fortechniqueinmeta_info.mitre_attack.get("techniques"):`
	`46`	`+fortechniqueinmeta_info.mitre_attack.get("techniques", []):`
`47`	`47`	`techniques["mitre_attack"].append(technique["technique_id"])`
`48`	`48`
`49`	`49`	`returntechniques`

`‎translator/app/translator/tools/decorators.py‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,13 +15,13 @@ def exception_handler(args, *kwargs) -> tuple[bool, str]:`
`15`	`15`	`returnFalse,str(err)`
`16`	`16`	`exceptExceptionaserr:`
`17`	`17`	`print(f"Unexpected error.{err!s}")`
`18`		`-returnFalse,"Unexpected error. To resolve it, please, contact us via GitHub."`
	`18`	`+returnFalse,"Unexpected error. To resolve it, please, contact us."`
`19`	`19`	`else:`
`20`	`20`	`ifresult:`
`21`	`21`	`print("Translated successfully.")`
`22`	`22`	`returnTrue,result`
`23`	`23`
`24`	`24`	`print("Unexpected error.")`
`25`		`-returnFalse,"Unexpected error. To resolve it, please, contact us via GitHub."`
	`25`	`+returnFalse,"Unexpected error. To resolve it, please, contact us."`
`26`	`26`
`27`	`27`	`returnexception_handler`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit77fe657

File tree

8 files changed

8 files changed

`‎translator/app/translator/core/exceptions/parser.py‎`

`‎translator/app/translator/core/models/parser_output.py‎`

`‎translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py‎`

`‎translator/app/translator/platforms/logscale/parsers/logscale_alert.py‎`

`‎translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎`

`‎translator/app/translator/platforms/splunk/parsers/splunk_alert.py‎`

`‎translator/app/translator/platforms/splunk/renders/splunk_alert.py‎`

`‎translator/app/translator/tools/decorators.py‎`

0 commit comments