Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Gis 7956#162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
tarnopolskyi merged 7 commits intomainfromgis-7956
Jun 27, 2024
Merged
Show file tree
Hide file tree
Changes from1 commit
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
PrevPrevious commit
NextNext commit
EventType value edit
  • Loading branch information
@tarnopolskyi
tarnopolskyi committedJun 19, 2024
commitd60d02e31b0ac22daff751a2a9ce5839f6678d74
Original file line numberDiff line numberDiff line change
Expand Up@@ -29,7 +29,4 @@ field_mapping:
ParentLogonId: causality_actor_process_logon_id
ParentProduct: causality_actor_process_signature_product
ParentCompany: causality_actor_process_signature_vendor
EventType: event_sub_type
SetValue: REGISTRY_SET_VALUE
DeleteValue: REGISTRY_DELETE_VALUE
CreateKey: REGISTRY_CREATE_KEY
EventType: event_sub_type
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -16,7 +16,8 @@
limitations under the License.
-----------------------------------------------------------------
"""
from typing import Optional, Union

from typing import ClassVar, Optional, Union

from app.translator.const import DEFAULT_VALUE_TYPE
from app.translator.core.custom_types.values import ValueType
Expand DownExpand Up@@ -50,6 +51,12 @@ def _get_value_type(field_name: str, value: Union[int, str, StrValue], value_typ

@staticmethod
def _wrap_str_value(value: str) -> str:
if value == 'SetValue':
return f'"REGISTRY_SET_VALUE"'
if value == 'DeleteValue':
return f'"REGISTRY_DELETE_VALUE"'
if value == 'CreateKey':
return f'"REGISTRY_CREATE_KEY"'
return f'"{value}"'

def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
Expand DownExpand Up@@ -136,12 +143,12 @@ class CortexXQLQueryRender(PlatformQueryRender):
details: PlatformDetails = cortex_xql_query_details
mappings: CortexXQLMappings = cortex_xql_mappings
is_strict_mapping = True
raw_log_field_pattern_map = {
'regex': '| alter {field} = regextract(to_json_string(action_evtlog_data_fields)->{field}{{}}, "\\"(.*)\\"")',
'object': '| alter {field_name} = json_extract_scalar({field_object} , "$.{field_path}")',
'list': '| alter {field_name} = arraystring(json_extract_array({field_object} , "$.{field_path}")," ")'
raw_log_field_pattern_map: ClassVar[dict[str, str]] = {
"regex": '| alter {field} = regextract(to_json_string(action_evtlog_data_fields)->{field}{{}}, "\\"(.*)\\"")',
"object": '| alter {field_name} = json_extract_scalar({field_object} , "$.{field_path}")',
"list": '| alter {field_name} = arraystring(json_extract_array({field_object} , "$.{field_path}")," ")',
}
platform_functions: CortexXQLFunctions =cortex_xql_functions
platform_functions: CortexXQLFunctions =None

or_token = "or"
and_token = "and"
Expand All@@ -152,9 +159,9 @@ class CortexXQLQueryRender(PlatformQueryRender):
comment_symbol = "//"
is_single_line_comment = False

def__init__(self):
super().__init__()
self.platform_functions.manager.post_init_configure(self)
definit_platform_functions(self) -> None:
self.platform_functions = cortex_xql_functions
self.platform_functions.platform_query_render =self

def process_raw_log_field(self, field: str, field_type: str) -> Optional[str]:
raw_log_field_pattern = self.raw_log_field_pattern_map.get(field_type)
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp