Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc0caa27

Browse files
committed
Initial commit UncoderIO code to community.
1 parentb12eac5 commitc0caa27

File tree

867 files changed

+32184
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

867 files changed

+32184
-0
lines changed

‎.gitignore‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
2+
3+
# misc
4+
.DS_Store
5+
*.pem
6+
7+
/.idea

‎docker-compose.yml‎

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
version:'3'
2+
services:
3+
uncoder-os:
4+
build:
5+
context:'./uncoder-os/'
6+
container_name:uncoder-os
7+
restart:always
8+
environment:
9+
-HOST=0.0.0.0
10+
ports:
11+
-'4010:4010'
12+
siem-converter:
13+
build:
14+
context:'./siem-converter/'
15+
container_name:siem-converter
16+
restart:always
17+
environment:
18+
-HOST=0.0.0.0
19+
-PORT=8000
20+
ports:
21+
-'8000:8000'

‎siem-converter/.gitignore‎

Lines changed: 203 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,203 @@
1+
# OS generated files
2+
.DS_Store?
3+
ehthumbs.db
4+
Icon?
5+
Thumbs.db
6+
*.DS_Store
7+
.DS_Store
8+
.gitmodules
9+
10+
# Files that might appear in the root of a volume
11+
.DocumentRevisions-V100
12+
.fseventsd
13+
.Spotlight-V100
14+
.TemporaryItems
15+
.Trashes
16+
.VolumeIcon.icns
17+
.com.apple.timemachine.donotpresent
18+
19+
# Directories potentially created on remote AFP share
20+
.AppleDB
21+
.AppleDesktop
22+
NetworkTrashFolder
23+
TemporaryItems
24+
.apdisk
25+
26+
# Python venv
27+
venv/
28+
29+
# Pycharm IDE
30+
.idea/
31+
32+
# Python compile files
33+
__pycache__/
34+
*.pyc
35+
36+
# Config files
37+
*.ini
38+
39+
*.env
40+
41+
# Logs
42+
*.log
43+
44+
# Temp dirs or files
45+
sigma_git/
46+
!tmp/.gitkeep
47+
48+
49+
# Byte-compiled / optimized / DLL files
50+
__pycache__/
51+
*.py[cod]
52+
*$py.class
53+
54+
# C extensions
55+
*.so
56+
57+
# Distribution / packaging
58+
.Python
59+
build/
60+
develop-eggs/
61+
dist/
62+
downloads/
63+
eggs/
64+
.eggs/
65+
lib/
66+
lib64/
67+
parts/
68+
sdist/
69+
var/
70+
wheels/
71+
share/python-wheels/
72+
*.egg-info/
73+
.installed.cfg
74+
*.egg
75+
MANIFEST
76+
77+
# PyInstaller
78+
# Usually these files are written by a python script from a template
79+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
80+
*.manifest
81+
*.spec
82+
83+
# Installer logs
84+
pip-log.txt
85+
pip-delete-this-directory.txt
86+
87+
# Unit test / coverage reports
88+
htmlcov/
89+
.tox/
90+
.nox/
91+
.coverage
92+
.coverage.*
93+
.cache
94+
nosetests.xml
95+
coverage.xml
96+
*.cover
97+
*.py,cover
98+
.hypothesis/
99+
.pytest_cache/
100+
cover/
101+
102+
# Translations
103+
*.mo
104+
*.pot
105+
106+
# Django stuff:
107+
*.log
108+
local_settings.py
109+
db.sqlite3
110+
db.sqlite3-journal
111+
112+
# Flask stuff:
113+
instance/
114+
.webassets-cache
115+
116+
# Scrapy stuff:
117+
.scrapy
118+
119+
# Sphinx documentation
120+
docs/_build/
121+
122+
# PyBuilder
123+
.pybuilder/
124+
target/
125+
126+
# Jupyter Notebook
127+
.ipynb_checkpoints
128+
129+
# IPython
130+
profile_default/
131+
ipython_config.py
132+
133+
# pyenv
134+
# For a library or package, you might want to ignore these files since the code is
135+
# intended to run in multiple environments; otherwise, check them in:
136+
# .python-version
137+
138+
# pipenv
139+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
140+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
141+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
142+
# install all needed dependencies.
143+
#Pipfile.lock
144+
145+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
146+
__pypackages__/
147+
148+
# Celery stuff
149+
celerybeat-schedule
150+
celerybeat.pid
151+
152+
# SageMath parsed files
153+
*.sage.py
154+
155+
# Environments
156+
.env
157+
.venv
158+
env/
159+
venv/
160+
ENV/
161+
env.bak/
162+
venv.bak/
163+
164+
# Visual Studio Code Environment
165+
.vscode/
166+
167+
# Spyder project settings
168+
.spyderproject
169+
.spyproject
170+
171+
# Rope project settings
172+
.ropeproject
173+
174+
# mkdocs documentation
175+
/site
176+
177+
# mypy
178+
.mypy_cache/
179+
.dmypy.json
180+
dmypy.json
181+
182+
# Pyre type checker
183+
.pyre/
184+
185+
# pytype static type analyzer
186+
.pytype/
187+
188+
# Cython debug symbols
189+
cython_debug/
190+
191+
# Temp file (deploy_key gitlab)
192+
deploy_key
193+
keys/
194+
195+
# temp test files
196+
test_data
197+
198+
# backup_logs
199+
.backup_logs
200+
201+
# sigmac tests stuff
202+
tactics.json
203+
techniques.json

‎siem-converter/Dockerfile‎

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
FROM python:3.9-alpine
2+
RUN apk add --update --no-cache linux-headers build-base python3-dev libffi-dev
3+
WORKDIR /siem_converter
4+
COPY . .
5+
RUN pip install --upgrade pip && \
6+
python -m pip install --upgrade setuptools && \
7+
pip install --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org --no-cache-dir -Ur requirements.txt
8+
EXPOSE 8000
9+
CMD ["python","server.py"]

‎siem-converter/app/__init__.py‎

Whitespace-only changes.

‎siem-converter/app/converter/__init__.py‎

Whitespace-only changes.
Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
fromapp.converter.backends.athena.parsers.athenaimportAthenaParser
2+
fromapp.converter.backends.athena.renders.athenaimportAthenaQueryRender
3+
fromapp.converter.backends.athena.renders.athena_ctiimportAthenaCTI
4+
fromapp.converter.backends.carbonblack.renders.carbonblack_ctiimportCarbonBlackCTI
5+
fromapp.converter.backends.chronicle.parsers.chronicleimportChronicleParser
6+
fromapp.converter.backends.chronicle.parsers.chronicle_ruleimportChronicleRuleParser
7+
fromapp.converter.backends.chronicle.renders.chronicleimportChronicleQueryRender
8+
fromapp.converter.backends.chronicle.renders.chronicle_ctiimportChronicleQueryCTI
9+
fromapp.converter.backends.chronicle.renders.chronicle_ruleimportChronicleSecurityRuleRender
10+
fromapp.converter.backends.crowdstrike.parsers.crowdstrikeimportCrowdStrikeParser
11+
fromapp.converter.backends.crowdstrike.renders.crowdstrikeimportCrowdStrikeQueryRender
12+
fromapp.converter.backends.crowdstrike.renders.crowdstrike_ctiimportCrowdStrikeCTI
13+
fromapp.converter.backends.elasticsearch.parsers.detection_ruleimportElasticSearchRuleParser
14+
fromapp.converter.backends.elasticsearch.parsers.elasticsearchimportElasticSearchParser
15+
fromapp.converter.backends.elasticsearch.renders.detection_ruleimportElasticSearchRuleRender
16+
fromapp.converter.backends.elasticsearch.renders.elast_alertimportElastAlertRuleRender
17+
fromapp.converter.backends.elasticsearch.renders.elasticsearchimportElasticSearchQueryRender
18+
fromapp.converter.backends.elasticsearch.renders.elasticsearch_ctiimportElasticsearchCTI
19+
fromapp.converter.backends.elasticsearch.renders.kibanaimportKibanaRuleRender
20+
fromapp.converter.backends.elasticsearch.renders.xpack_watcherimportXPackWatcherRuleRender
21+
fromapp.converter.backends.fireeye_helix.renders.fireeye_helix_ctiimportFireeyeHelixCTI
22+
fromapp.converter.backends.graylog.renders.graylog_ctiimportGraylogCTI
23+
fromapp.converter.backends.logpoint.renders.logpoint_ctiimportLogpointCTI
24+
fromapp.converter.backends.logscale.parsers.logscaleimportLogScaleParser
25+
fromapp.converter.backends.logscale.parsers.logscale_alertimportLogScaleAlertParser
26+
fromapp.converter.backends.logscale.renders.logscale_ctiimportLogScaleCTI
27+
fromapp.converter.backends.logscale.renders.logscaleimportLogScaleQueryRender
28+
fromapp.converter.backends.logscale.renders.logscale_alertimportLogScaleAlertRender
29+
fromapp.converter.backends.microsoft.parsers.microsoft_defenderimportMicrosoftDefenderQueryParser
30+
fromapp.converter.backends.microsoft.parsers.microsoft_sentinelimportMicrosoftParser
31+
fromapp.converter.backends.microsoft.parsers.microsoft_sentinel_ruleimportMicrosoftRuleParser
32+
fromapp.converter.backends.microsoft.renders.microsoft_defenderimportMicrosoftDefenderQueryRender
33+
fromapp.converter.backends.microsoft.renders.microsoft_defender_ctiimportMicrosoftDefenderCTI
34+
fromapp.converter.backends.microsoft.renders.microsoft_sentinelimportMicrosoftSentinelQueryRender
35+
fromapp.converter.backends.microsoft.renders.microsoft_sentinel_ctiimportMicrosoftSentinelCTI
36+
fromapp.converter.backends.microsoft.renders.microsoft_sentinel_ruleimportMicrosoftSentinelRuleRender
37+
fromapp.converter.backends.opensearch.parsers.opensearchimportOpenSearchParser
38+
fromapp.converter.backends.opensearch.renders.opensearchimportOpenSearchQueryRender
39+
fromapp.converter.backends.opensearch.renders.opensearch_ctiimportOpenSearchCTI
40+
fromapp.converter.backends.opensearch.renders.opensearch_ruleimportOpenSearchRuleRender
41+
fromapp.converter.backends.qradar.parsers.qradarimportQradarParser
42+
fromapp.converter.backends.qradar.renders.qradarimportQradarQueryRender
43+
fromapp.converter.backends.qradar.renders.qradar_ctiimportQRadarCTI
44+
fromapp.converter.backends.qualys.renders.qualys_ctiimportQualysCTI
45+
fromapp.converter.backends.rsa_netwitness.renders.rsa_netwitness_ctiimportRSANetwitnessCTI
46+
fromapp.converter.backends.securonix.renders.securonix_ctiimportSecuronixCTI
47+
fromapp.converter.backends.sentinel_one.renders.s1_ctiimportS1EventsCTI
48+
fromapp.converter.backends.sigma.parsers.sigmaimportSigmaParser
49+
fromapp.converter.backends.sigma.renders.sigmaimportSigmaRender
50+
fromapp.converter.backends.snowflake.renders.snowflake_ctiimportSnowflakeCTI
51+
fromapp.converter.backends.splunk.parsers.splunkimportSplunkParser
52+
fromapp.converter.backends.splunk.parsers.splunk_alertimportSplunkAlertParser
53+
fromapp.converter.backends.splunk.renders.splunkimportSplunkQueryRender
54+
fromapp.converter.backends.splunk.renders.splunk_alertimportSplunkAlertRender
55+
fromapp.converter.backends.splunk.renders.splunk_ctiimportSplunkCTI
56+
fromapp.converter.backends.sumo_logic.renders.sumologic_ctiimportSumologicCTI
57+
58+
__ALL_RENDERS= (
59+
SigmaRender(),
60+
MicrosoftSentinelQueryRender(),
61+
MicrosoftSentinelRuleRender(),
62+
MicrosoftDefenderQueryRender(),
63+
QradarQueryRender(),
64+
CrowdStrikeQueryRender(),
65+
SplunkQueryRender(),
66+
SplunkAlertRender(),
67+
ChronicleQueryRender(),
68+
ChronicleSecurityRuleRender(),
69+
AthenaQueryRender(),
70+
ElasticSearchQueryRender(),
71+
LogScaleQueryRender(),
72+
LogScaleAlertRender(),
73+
ElasticSearchRuleRender(),
74+
ElastAlertRuleRender(),
75+
KibanaRuleRender(),
76+
XPackWatcherRuleRender(),
77+
OpenSearchQueryRender(),
78+
OpenSearchRuleRender()
79+
)
80+
81+
__ALL_PARSERS= (
82+
AthenaParser(),
83+
ChronicleParser(),
84+
ChronicleRuleParser(),
85+
SplunkParser(),
86+
SplunkAlertParser(),
87+
SigmaParser(),
88+
QradarParser(),
89+
MicrosoftParser(),
90+
MicrosoftRuleParser(),
91+
MicrosoftDefenderQueryParser(),
92+
CrowdStrikeParser(),
93+
LogScaleParser(),
94+
LogScaleAlertParser(),
95+
ElasticSearchParser(),
96+
ElasticSearchRuleParser(),
97+
OpenSearchParser()
98+
)
99+
100+
101+
__ALL_RENDERS_CTI= (
102+
MicrosoftSentinelCTI(),
103+
MicrosoftDefenderCTI(),
104+
QRadarCTI(),
105+
SplunkCTI(),
106+
ChronicleQueryCTI(),
107+
CrowdStrikeCTI(),
108+
SumologicCTI(),
109+
ElasticsearchCTI(),
110+
LogScaleCTI(),
111+
OpenSearchCTI(),
112+
FireeyeHelixCTI(),
113+
CarbonBlackCTI(),
114+
GraylogCTI(),
115+
LogpointCTI(),
116+
QualysCTI(),
117+
RSANetwitnessCTI(),
118+
S1EventsCTI(),
119+
SecuronixCTI(),
120+
SnowflakeCTI(),
121+
AthenaCTI()
122+
)

‎siem-converter/app/converter/backends/athena/__init__.py‎

Whitespace-only changes.
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
fromapp.converter.core.models.platform_detailsimportPlatformDetails
2+
3+
ATHENA_QUERY_DETAILS= {
4+
"siem_type":"athena-sql-query",
5+
"name":"AWS Athena Query",
6+
"group_name":"AWS Athena",
7+
"platform_name":"Query",
8+
"group_id":"athena",
9+
"alt_platform_name":"OCSF"
10+
}
11+
12+
athena_details=PlatformDetails(**ATHENA_QUERY_DETAILS)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp