NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commite4602e0

committed

gis-9415 Add alternative translations functionality

1 parent10a7c31 commite4602e0Copy full SHA for e4602e0

File tree

12 files changed

+131

-26

lines changed

uncoder-core/app
- routers
  - translate.py
- translator
  - core
    - mapping.py
    - mixins
      - tokens.py
    - models
      - query_container.py
    - render.py
  - mappings
    - platforms/microsoft_sentinel/alternative
      - cloudtrail
        cloudtrail.yml
        default.yml
      - ossem
        default.yml
    - utils
      - load_from_files.py
  - platforms
    - arcsight/renders
      - arcsight_cti.py
    - logrhythm_axon
      - mapping.py
  - translator.py

12 files changed

+131

-26

lines changed

`‎uncoder-core/app/routers/translate.py‎`

Lines changed: 13 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,23 +3,29 @@`
`3`	`3`	`fromapp.models.translationimportInfoMessage,OneTranslationData,Platform,TranslatorPlatforms`
`4`	`4`	`fromapp.translator.core.context_varsimportreturn_only_first_query_ctx_var`
`5`	`5`	`fromapp.translator.cti_translatorimportCTITranslator`
`6`		`-fromapp.translator.translatorimportTranslator`
	`6`	`+fromapp.translator.translatorimportapp_translator`
`7`	`7`
`8`	`8`	`st_router=APIRouter()`
`9`	`9`
`10`		`-translator=Translator()`
`11`		`-`
`12`	`10`
`13`	`11`	`@st_router.post("/translate",tags=["translator"],description="Generate target translation")`
`14`	`12`	`@st_router.post("/translate/",include_in_schema=False)`
`15`	`13`	`deftranslate_one(`
`16`	`14`	`source_platform_id:str=Body(...,embed=True),`
	`15`	`+source_alt_mapping:dict=Body(None,embed=True),`
`17`	`16`	`target_platform_id:str=Body(...,embed=True),`
	`17`	`+target_alt_mapping:dict=Body(None,embed=True),`
`18`	`18`	`text:str=Body(...,embed=True),`
`19`	`19`	`return_only_first_query:bool=False,`
`20`	`20`	`)->OneTranslationData:`
`21`	`21`	`return_only_first_query_ctx_var.set(return_only_first_query)`
`22`		`-status,data=translator.translate_one(text=text,source=source_platform_id,target=target_platform_id)`
	`22`	`+status,data=app_translator.translate_one(`
	`23`	`+text=text,`
	`24`	`+source=source_platform_id,`
	`25`	`+target=target_platform_id,`
	`26`	`+source_alt_mapping=source_alt_mapping,`
	`27`	`+target_alt_mapping=target_alt_mapping,`
	`28`	`+ )`
`23`	`29`	`ifstatus:`
`24`	`30`	`returnOneTranslationData(status=status,translation=data,target_platform_id=target_platform_id)`
`25`	`31`
`@@ -35,7 +41,7 @@ def translate_all(`
`35`	`41`	`return_only_first_query:bool=False,`
`36`	`42`	`)->list[OneTranslationData]:`
`37`	`43`	`return_only_first_query_ctx_var.set(return_only_first_query)`
`38`		`-result=translator.translate_all(text=text,source=source_platform_id)`
	`44`	`+result=app_translator.translate_all(text=text,source=source_platform_id)`
`39`	`45`	`translations= []`
`40`	`46`	`forplatform_resultinresult:`
`41`	`47`	`ifplatform_result.get("status"):`
`@@ -60,14 +66,14 @@ def translate_all(`
`60`	`66`	`@st_router.get("/platforms",tags=["translator"],description="Get translator platforms")`
`61`	`67`	`@st_router.get("/platforms/",include_in_schema=False)`
`62`	`68`	`defget_translator_platforms()->TranslatorPlatforms:`
`63`		`-renders,parsers=translator.get_all_platforms()`
	`69`	`+renders,parsers=app_translator.get_all_platforms()`
`64`	`70`	`returnTranslatorPlatforms(renders=renders,parsers=parsers)`
`65`	`71`
`66`	`72`
`67`	`73`	`@st_router.get("/all_platforms",description="Get Sigma, RootA and iocs platforms")`
`68`	`74`	`@st_router.get("/all_platforms/",include_in_schema=False)`
`69`	`75`	`defget_all_platforms()->list:`
`70`		`-translator_renders,translator_parsers=translator.get_all_platforms()`
	`76`	`+translator_renders,translator_parsers=app_translator.get_all_platforms()`
`71`	`77`	`return [`
`72`	`78`	`Platform(`
`73`	`79`	`id="roota",`

`‎uncoder-core/app/translator/core/mapping.py‎`

Lines changed: 31 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -112,17 +112,23 @@ class BasePlatformMappings:`
`112`	`112`
`113`	`113`	`def__init__(self,platform_dir:str,platform_details:PlatformDetails):`
`114`	`114`	`self._loader=LoaderFileMappings()`
`115`		`-self._platform_dir=platform_dir`
`116`	`115`	`self.details=platform_details`
`117`		`-self._source_mappings=self.prepare_mapping()`
	`116`	`+self._source_mappings=self.prepare_mapping(platform_dir)`
	`117`	`+self._alternative_mappings=self.prepare_alternative_mapping(platform_dir)`
`118`	`118`
`119`	`119`	`defupdate_default_source_mapping(self,default_mapping:SourceMapping,fields_mapping:FieldsMapping)->None:`
`120`	`120`	`default_mapping.fields_mapping.update(fields_mapping)`
`121`	`121`
`122`		`-defprepare_mapping(self)->dict[str,SourceMapping]:`
	`122`	`+defprepare_alternative_mapping(self,platform_dir:str)->dict[str,dict[str,SourceMapping]]:`
	`123`	`+alternative_mappings= {}`
	`124`	`+forname,platform_dirinself._loader.get_platform_alternative_mappings(platform_dir).items():`
	`125`	`+alternative_mappings[name]=self.prepare_mapping(platform_dir)`
	`126`	`+returnalternative_mappings`
	`127`	`+`
	`128`	`+defprepare_mapping(self,platform_dir:str)->dict[str,SourceMapping]:`
`123`	`129`	`source_mappings= {}`
`124`	`130`	`default_mapping=SourceMapping(source_id=DEFAULT_MAPPING_NAME)`
`125`		`-formapping_dictinself._loader.load_platform_mappings(self._platform_dir):`
	`131`	`+formapping_dictinself._loader.load_platform_mappings(platform_dir):`
`126`	`132`	`log_source_signature=self.prepare_log_source_signature(mapping=mapping_dict)`
`127`	`133`	`if (source_id:=mapping_dict["source"])==DEFAULT_MAPPING_NAME:`
`128`	`134`	`default_mapping.log_source_signature=log_source_signature`
`@@ -183,6 +189,9 @@ def get_source_mappings_by_fields_and_log_sources(`
`183`	`189`	`defget_source_mapping(self,source_id:str)->Optional[SourceMapping]:`
`184`	`190`	`returnself._source_mappings.get(source_id)`
`185`	`191`
	`192`	`+defget_alternative_source_mapping(self,alt_config_name:str,source_id:str)->Optional[SourceMapping]:`
	`193`	`+returnself._alternative_mappings.get(alt_config_name, {}).get(source_id)`
	`194`	`+`
`186`	`195`	`defget_source_mappings_by_ids(`
`187`	`196`	`self,source_mapping_ids:list[str],return_default:bool=True`
`188`	`197`	`)->list[SourceMapping]:`
`@@ -198,6 +207,21 @@ def get_source_mappings_by_ids(`
`198`	`207`
`199`	`208`	`returnsource_mappings`
`200`	`209`
	`210`	`+defget_alternative_source_mappings_by_ids(`
	`211`	`+self,source_mapping_ids:list[str],alt_config_name:str,return_default:bool=True`
	`212`	`+ )->list[SourceMapping]:`
	`213`	`+source_mappings= []`
	`214`	`+forsource_mapping_idinsource_mapping_ids:`
	`215`	`+ifsource_mapping_id==DEFAULT_MAPPING_NAME:`
	`216`	`+continue`
	`217`	`+ifsource_mapping:=self.get_alternative_source_mapping(alt_config_name,source_mapping_id):`
	`218`	`+source_mappings.append(source_mapping)`
	`219`	`+`
	`220`	`+ifnotsource_mappingsandreturn_default:`
	`221`	`+source_mappings= [self.get_alternative_source_mapping(alt_config_name,DEFAULT_MAPPING_NAME)]`
	`222`	`+`
	`223`	`+returnsource_mappings`
	`224`	`+`
`201`	`225`	`defget_source_mappings_by_log_sources(self,log_sources:dict)->Optional[list[str]]:`
`202`	`226`	`raiseNotImplementedError("Abstract method")`
`203`	`227`
`@@ -249,11 +273,11 @@ def map_field(field: Field, source_mapping: SourceMapping) -> list[str]:`
`249`	`273`
`250`	`274`
`251`	`275`	`classBaseCommonPlatformMappings(ABC,BasePlatformMappings):`
`252`		`-defprepare_mapping(self)->dict[str,SourceMapping]:`
	`276`	`+defprepare_mapping(self,platform_dir:str)->dict[str,SourceMapping]:`
`253`	`277`	`source_mappings= {}`
`254`		`-common_field_mapping=self._loader.load_common_mapping(self._platform_dir).get("field_mapping", {})`
	`278`	`+common_field_mapping=self._loader.load_common_mapping(platform_dir).get("field_mapping", {})`
`255`	`279`
`256`		`-formapping_dictinself._loader.load_platform_mappings(self._platform_dir):`
	`280`	`+formapping_dictinself._loader.load_platform_mappings(platform_dir):`
`257`	`281`	`source_id=mapping_dict["source"]`
`258`	`282`	`log_source_signature=self.prepare_log_source_signature(mapping=mapping_dict)`
`259`	`283`	`fields_mapping=self.prepare_fields_mapping(field_mapping=common_field_mapping)`

`‎uncoder-core/app/translator/core/mixins/tokens.py‎`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-fromtypingimportUnion`
`2`		`-`
`3`	`1`	`fromapp.translator.core.constimportQUERY_TOKEN_TYPE`
`4`	`2`	`fromapp.translator.core.custom_types.tokensimportLogicalOperatorType,OperatorType`
`5`	`3`	`fromapp.translator.core.mappingimportSourceMapping`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,8 @@ def __init__(`
`75`	`75`	`status:Optional[str]=None,`
`76`	`76`	`false_positives:Optional[list[str]]=None,`
`77`	`77`	`source_mapping_ids:Optional[list[str]]=None,`
	`78`	`+source_alt_mapping:Optional[str]=None,`
	`79`	`+target_alt_mapping:Optional[str]=None,`
`78`	`80`	`parsed_logsources:Optional[dict]=None,`
`79`	`81`	`timeframe:Optional[timedelta]=None,`
`80`	`82`	`query_period:Optional[timedelta]=None,`
`@@ -107,6 +109,8 @@ def __init__(`
`107`	`109`	`self.timeframe=timeframe`
`108`	`110`	`self.query_period=query_period`
`109`	`111`	`self.raw_metainfo_container=raw_metainfo_containerorRawMetaInfoContainer()`
	`112`	`+self.source_alt_mapping=source_alt_mapping`
	`113`	`+self.target_alt_mapping=target_alt_mapping`
`110`	`114`
`111`	`115`	`@property`
`112`	`116`	`defauthor_str(self)->str:`

`‎uncoder-core/app/translator/core/render.py‎`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -463,7 +463,15 @@ def _generate_from_tokenized_query_container_by_source_mapping(`
`463`	`463`	`defgenerate_from_tokenized_query_container(self,query_container:TokenizedQueryContainer)->str:`
`464`	`464`	`queries_map= {}`
`465`	`465`	`errors= []`
`466`		`-source_mappings=self.mappings.get_source_mappings_by_ids(query_container.meta_info.source_mapping_ids)`
	`466`	`+ifquery_container.meta_info.target_alt_mapping:`
	`467`	`+source_mappings=self.mappings.get_alternative_source_mappings_by_ids(`
	`468`	`+source_mapping_ids=query_container.meta_info.source_mapping_ids,`
	`469`	`+alt_config_name=query_container.meta_info.target_alt_mapping,`
	`470`	`+ )`
	`471`	`+else:`
	`472`	`+source_mappings=self.mappings.get_source_mappings_by_ids(`
	`473`	`+source_mapping_ids=query_container.meta_info.source_mapping_ids`
	`474`	`+ )`
`467`	`475`
`468`	`476`	`forsource_mappinginsource_mappings:`
`469`	`477`	`try:`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/cloudtrail/cloudtrail.yml‎`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,13 @@`
	`1`	`+platform:Microsoft Sentinel`
	`2`	`+source:cloudtrail`
	`3`	`+`
	`4`	`+`
	`5`	`+log_source:`
	`6`	`+table:[AWSCloudTrail]`
	`7`	`+`
	`8`	`+default_log_source:`
	`9`	`+table:AWSCloudTrail`
	`10`	`+`
	`11`	`+field_mapping:`
	`12`	`+eventSource:EventSource`
	`13`	`+eventName:EventName`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/cloudtrail/default.yml‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,7 @@`
	`1`	`+platform:Microsoft Sentinel`
	`2`	`+source:default`
	`3`	`+`
	`4`	`+`
	`5`	`+`
	`6`	`+default_log_source:`
	`7`	`+table:union *`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/ossem/default.yml‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,7 @@`
	`1`	`+platform:Microsoft Sentinel`
	`2`	`+source:default`
	`3`	`+`
	`4`	`+`
	`5`	`+`
	`6`	`+default_log_source:`
	`7`	`+table:union *`

`‎uncoder-core/app/translator/mappings/utils/load_from_files.py‎`

Lines changed: 14 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`
`8`	`8`	`COMMON_FIELD_MAPPING_FILE_NAME="common.yml"`
`9`	`9`	`DEFAULT_FIELD_MAPPING_FILE_NAME="default.yml"`
	`10`	`+DEFAULT_ALTERNATIVE_MAPPINGS_FOLDER_NAME="alternative"`
`10`	`11`
`11`	`12`
`12`	`13`	`classLoaderFileMappings:`
`@@ -21,10 +22,22 @@ def load_mapping(mapping_file_path: str) -> dict:`
`21`	`22`	`print(err)`
`22`	`23`	`return {}`
`23`	`24`
	`25`	`+defget_platform_alternative_mappings(self,platform_dir:str)->dict[str:str]:`
	`26`	`+platform_path=os.path.join(self.base_mapping_filepath,platform_dir,DEFAULT_ALTERNATIVE_MAPPINGS_FOLDER_NAME)`
	`27`	`+forfoldersinos.walk(platform_path):`
	`28`	`+result= {}`
	`29`	`+forfolderinfolders[1]:`
	`30`	`+result[folder]=os.path.join(platform_dir,DEFAULT_ALTERNATIVE_MAPPINGS_FOLDER_NAME,folder)`
	`31`	`+returnresult`
	`32`	`+return {}`
	`33`	`+`
`24`	`34`	`defload_platform_mappings(self,platform_dir:str)->Generator[dict,None,None]:`
`25`	`35`	`platform_path=os.path.join(self.base_mapping_filepath,platform_dir)`
`26`	`36`	`formapping_fileinos.listdir(platform_path):`
`27`		`-ifmapping_filenotin (COMMON_FIELD_MAPPING_FILE_NAME,DEFAULT_FIELD_MAPPING_FILE_NAME):`
	`37`	`+ifmapping_file.endswith(".yml")andmapping_filenotin (`
	`38`	`+COMMON_FIELD_MAPPING_FILE_NAME,`
	`39`	`+DEFAULT_FIELD_MAPPING_FILE_NAME,`
	`40`	`+ ):`
`28`	`41`	`yieldself.load_mapping(mapping_file_path=os.path.join(platform_path,mapping_file))`
`29`	`42`	`yieldself.load_mapping(mapping_file_path=os.path.join(platform_path,DEFAULT_FIELD_MAPPING_FILE_NAME))`
`30`	`43`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`fromapp.translator.core.models.platform_detailsimportPlatformDetails`
`2`	`2`	`fromapp.translator.core.render_ctiimportRenderCTI`
`3`	`3`	`fromapp.translator.managersimportrender_cti_manager`
`4`		`-fromapp.translator.platforms.arcsight.constimportarcsight_query_details,DEFAULT_ARCSIGHT_CTI_MAPPING`
	`4`	`+fromapp.translator.platforms.arcsight.constimportDEFAULT_ARCSIGHT_CTI_MAPPING,arcsight_query_details`
`5`	`5`
`6`	`6`
`7`	`7`	`@render_cti_manager.register`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite4602e0

File tree

12 files changed

12 files changed

`‎uncoder-core/app/routers/translate.py‎`

`‎uncoder-core/app/translator/core/mapping.py‎`

`‎uncoder-core/app/translator/core/mixins/tokens.py‎`

`‎uncoder-core/app/translator/core/models/query_container.py‎`

`‎uncoder-core/app/translator/core/render.py‎`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/cloudtrail/cloudtrail.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/cloudtrail/default.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/alternative/ossem/default.yml‎`

`‎uncoder-core/app/translator/mappings/utils/load_from_files.py‎`

`‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py‎`

0 commit comments