diff --git a/uncoder-core/app/translator/core/exceptions/core.py b/uncoder-core/app/translator/core/exceptions/core.py
index 68c66962..75af5d6e 100644
--- a/uncoder-core/app/translator/core/exceptions/core.py
+++ b/uncoder-core/app/translator/core/exceptions/core.py
@@ -1,3 +1,6 @@
+from typing import Optional
+
+
class NotImplementedException(BaseException):
...
@@ -7,8 +10,17 @@ class BasePlatformException(BaseException):
class StrictPlatformException(BasePlatformException):
- def __init__(self, platform_name: str, field_name: str):
- message = f"Platform {platform_name} has strict mapping. Source field {field_name} has no mapping."
+ field_name: str = None
+
+ def __init__(
+ self, platform_name: str, field_name: str, mapping: str = None, detected_fields: Optional[list] = None
+ ):
+ message = (
+ f"Platform {platform_name} has strict mapping. "
+ f"Source fields: {', '.join(detected_fields) if detected_fields else field_name} has no mapping."
+ f" Mapping file: {mapping}." if mapping else ""
+ )
+ self.field_name = field_name
super().__init__(message)
diff --git a/uncoder-core/app/translator/core/render.py b/uncoder-core/app/translator/core/render.py
index bf28b4f6..8680ebff 100644
--- a/uncoder-core/app/translator/core/render.py
+++ b/uncoder-core/app/translator/core/render.py
@@ -263,8 +263,16 @@ def apply_token(self, token: Union[FieldValue, Keyword, Identifier], source_mapp
def generate_query(self, tokens: list[TOKEN_TYPE], source_mapping: SourceMapping) -> str:
result_values = []
+ not_found_mapping_fields = set()
for token in tokens:
- result_values.append(self.apply_token(token=token, source_mapping=source_mapping))
+ try:
+ result_values.append(self.apply_token(token=token, source_mapping=source_mapping))
+ except StrictPlatformException as err:
+ not_found_mapping_fields.add(err.field_name)
+ if not_found_mapping_fields:
+ raise StrictPlatformException(
+ self.details.name, "", source_mapping.source_id, sorted(list(not_found_mapping_fields))
+ )
return "".join(result_values)
def wrap_query_with_meta_info(self, meta_info: MetaInfoContainer, query: str) -> str:
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
index f6b25023..fa904aaf 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -125,3 +125,4 @@ field_mapping:
SourceOS: xdm.source.host.os
DestinationOS: xdm.target.host.os
url_category: xdm.network.http.url_category
+ EventSeverity: xdm.alert.severity
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
index 6e798034..23e8b1bd 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -13,9 +13,12 @@ field_mapping:
dst-port:
- DstPort
- DestinationPort
+ - remoteport
dst-hostname: DstHost
src-hostname: SrcHost
- src-port: SourcePort
+ src-port:
+ - SourcePort
+ - localport
src-ip:
- sourceip
- source_ip
@@ -27,6 +30,7 @@ field_mapping:
- destination_ip
- destinationIP
- destinationaddress
+ - destination
User:
- userName
- EventUserName
@@ -64,4 +68,5 @@ field_mapping:
DestinationOS: DestinationOS
TargetUserName: DestinationUserName
SourceUserName: SourceUserName
- url_category: XForceCategoryByURL
\ No newline at end of file
+ url_category: XForceCategoryByURL
+ EventSeverity: EventSeverity
\ No newline at end of file
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy