Jan 30, 2024 · Jan 26, 2024 · Jan 29, 2024
diff --git a/translator/app/translator/core/exceptions/parser.py b/translator/app/translator/core/exceptions/parser.py
    def __init__(self):
        message = (
            "The query logic is broken. In the input, the numbers of opening and closing parentheses "
            "do not match. If you think there's no error, please contact us via GitHub."
            "do not match. If you think there's no error, please contact us."
        )
        super().__init__(message)

diff --git a/translator/app/translator/core/models/parser_output.py b/translator/app/translator/core/models/parser_output.py
 self.severity=severityorSeverityType.low
 self.references=referencesor []
 self.tags=tagsor []
 self.mitre_attack=mitre_attackor[]
 self.mitre_attack=mitre_attackor{}
 self.status=statusor"stable"
 self.false_positives=false_positivesor []
 self.source_mapping_ids=source_mapping_idsor [DEFAULT_MAPPING_NAME]
diff --git a/translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py b/translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py
        query = rule["query"]
        description = rule["description"]
        name = rule["name"]
        return {"query": query, "title": name, "description": description}
        query, logsources = self._parse_log_sources(query)
        return {"query": query, "title": name, "description": description, "logsources": logsources}

    @staticmethod
    def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoContainer:
        )

    def parse(self, text: str) -> SiemContainer:
        rule, log_sources = self._parse_rule(text)
        tokens, source_mappings = self.get_tokens_and_source_mappings(rule.get("query"), log_sources)
        rule = self._parse_rule(text)
        tokens, source_mappings = self.get_tokens_and_source_mappings(rule.get("query"),rule.get("log_sources", {}))
        return SiemContainer(
            query=tokens,
            meta_info=self._get_meta_info(
diff --git a/translator/app/translator/platforms/logscale/parsers/logscale_alert.py b/translator/app/translator/platforms/logscale/parsers/logscale_alert.py
 defparse(self,text:str)->SiemContainer:
 parsed_rule=self._parse_rule(text)
 query,functions=self._parse_query(query=parsed_rule.pop("query"))
 tokens,source_mappings=self.get_tokens_and_source_mappings(text, {})
 tokens,source_mappings=self.get_tokens_and_source_mappings(query, {})
 returnSiemContainer(
 query=tokens,
 meta_info=self._get_meta_info(
diff --git a/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py
 tactics= []
 techniques= []

 fortacticinmeta_info.mitre_attack.get("tactics"):
 fortacticinmeta_info.mitre_attack.get("tactics", []):
 tactics.append(tactic["tactic"])

 fortechniqueinmeta_info.mitre_attack.get("techniques"):
 fortechniqueinmeta_info.mitre_attack.get("techniques", []):
 techniques.append(technique["technique_id"])

 returntactics,techniques
diff --git a/translator/app/translator/platforms/splunk/parsers/splunk_alert.py b/translator/app/translator/platforms/splunk/parsers/splunk_alert.py

    @staticmethod
    def _get_meta_info(source_mapping_ids: list[str], meta_info: Optional[str]) -> MetaInfoContainer:
        description = re.search(r"description\s*=\s*(?P<query>.+)", meta_info).group("description")
        description = re.search(r"description\s*=\s*(?P<query>.+)", meta_info).group()
        description = description.replace("description = ", "")
        return MetaInfoContainer(source_mapping_ids=source_mapping_ids, description=description)

    def parse(self, text: str) -> SiemContainer:

        return SiemContainer(
            query=tokens,
            meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings]),
            meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings], text),
            functions=functions,
        )
diff --git a/translator/app/translator/platforms/splunk/renders/splunk_alert.py b/translator/app/translator/platforms/splunk/renders/splunk_alert.py
    def __create_mitre_threat(meta_info: MetaInfoContainer) -> dict:
        techniques = {"mitre_attack": []}

        for technique in meta_info.mitre_attack.get("techniques"):
        for technique in meta_info.mitre_attack.get("techniques", []):
            techniques["mitre_attack"].append(technique["technique_id"])

        return techniques
diff --git a/translator/app/translator/tools/decorators.py b/translator/app/translator/tools/decorators.py
            return False, str(err)
        except Exception as err:
            print(f"Unexpected error. {err!s}")
            return False, "Unexpected error. To resolve it, please, contact us via GitHub."
            return False, "Unexpected error. To resolve it, please, contact us."
        else:
            if result:
                print("Translated successfully.")
                return True, result

            print("Unexpected error.")
            return False, "Unexpected error. To resolve it, please, contact us via GitHub."
            return False, "Unexpected error. To resolve it, please, contact us."

    return exception_handler
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,7 +23,7 @@ class QueryParenthesesException(BaseParserException):
		def __init__(self):
		message = (
		"The query logic is broken. In the input, the numbers of opening and closing parentheses "
		"do not match. If you think there's no error, please contact us via GitHub."
		"do not match. If you think there's no error, please contact us."
		)
		super().__init__(message)

Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -35,7 +35,7 @@ def __init__(
		self.severity=severityorSeverityType.low
		self.references=referencesor []
		self.tags=tagsor []
		self.mitre_attack=mitre_attackor[]
		self.mitre_attack=mitre_attackor{}
		self.status=statusor"stable"
		self.false_positives=false_positivesor []
		self.source_mapping_ids=source_mapping_idsor [DEFAULT_MAPPING_NAME]
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -32,7 +32,8 @@ def _parse_rule(self, text: str) -> dict:
		query = rule["query"]
		description = rule["description"]
		name = rule["name"]
		return {"query": query, "title": name, "description": description}
		query, logsources = self._parse_log_sources(query)
		return {"query": query, "title": name, "description": description, "logsources": logsources}

		@staticmethod
		def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoContainer:
Expand All		@@ -41,8 +42,8 @@ def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoCo
		)

		def parse(self, text: str) -> SiemContainer:
		rule, log_sources = self._parse_rule(text)
		tokens, source_mappings = self.get_tokens_and_source_mappings(rule.get("query"), log_sources)
		rule = self._parse_rule(text)
		tokens, source_mappings = self.get_tokens_and_source_mappings(rule.get("query"),rule.get("log_sources", {}))
		return SiemContainer(
		query=tokens,
		meta_info=self._get_meta_info(
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,7 +43,7 @@ def _get_meta_info(source_mapping_ids: list[str], meta_info: dict) -> MetaInfoCo
		defparse(self,text:str)->SiemContainer:
		parsed_rule=self._parse_rule(text)
		query,functions=self._parse_query(query=parsed_rule.pop("query"))
		tokens,source_mappings=self.get_tokens_and_source_mappings(text, {})
		tokens,source_mappings=self.get_tokens_and_source_mappings(query, {})
		returnSiemContainer(
		query=tokens,
		meta_info=self._get_meta_info(
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -52,10 +52,10 @@ def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> tuple[list, lis
		tactics= []
		techniques= []

		fortacticinmeta_info.mitre_attack.get("tactics"):
		fortacticinmeta_info.mitre_attack.get("tactics", []):
		tactics.append(tactic["tactic"])

		fortechniqueinmeta_info.mitre_attack.get("techniques"):
		fortechniqueinmeta_info.mitre_attack.get("techniques", []):
		techniques.append(technique["technique_id"])

		returntactics,techniques
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -30,7 +30,8 @@ class SplunkAlertParser(SplunkParser):

		@staticmethod
		def _get_meta_info(source_mapping_ids: list[str], meta_info: Optional[str]) -> MetaInfoContainer:
		description = re.search(r"description\s=\s(?P<query>.+)", meta_info).group("description")
		description = re.search(r"description\s=\s(?P<query>.+)", meta_info).group()
		description = description.replace("description = ", "")
		return MetaInfoContainer(source_mapping_ids=source_mapping_ids, description=description)

		def parse(self, text: str) -> SiemContainer:
Expand All		@@ -40,6 +41,6 @@ def parse(self, text: str) -> SiemContainer:

		return SiemContainer(
		query=tokens,
		meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings]),
		meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings], text),
		functions=functions,
		)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,7 +43,7 @@ class SplunkAlertRender(SplunkQueryRender):
		def __create_mitre_threat(meta_info: MetaInfoContainer) -> dict:
		techniques = {"mitre_attack": []}

		for technique in meta_info.mitre_attack.get("techniques"):
		for technique in meta_info.mitre_attack.get("techniques", []):
		techniques["mitre_attack"].append(technique["technique_id"])

		return techniques
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,13 +15,13 @@ def exception_handler(args, *kwargs) -> tuple[bool, str]:
		return False, str(err)
		except Exception as err:
		print(f"Unexpected error. {err!s}")
		return False, "Unexpected error. To resolve it, please, contact us via GitHub."
		return False, "Unexpected error. To resolve it, please, contact us."
		else:
		if result:
		print("Translated successfully.")
		return True, result

		print("Unexpected error.")
		return False, "Unexpected error. To resolve it, please, contact us via GitHub."
		return False, "Unexpected error. To resolve it, please, contact us."

		return exception_handler