Skip to content

Commit 24dcab7

Browse files
nazargesyknazargesyk
committed
gis-9123 SentineOne Power Query fixes
1 parent 1d64395 commit 24dcab7

File tree

7 files changed

+16
-22
lines changed

7 files changed

+16
-22
lines changed

uncoder-core/app/translator/platforms/sentinel_one/const.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,5 +16,19 @@
1616
**PLATFORM_DETAILS,
1717
}
1818

19+
DEFAULT_S1EVENTS_CTI_MAPPING = {
20+
"SourceIP": "SrcIP",
21+
"DestinationIP": "DstIP",
22+
"Domain": "DNS",
23+
"URL": "Url",
24+
"HashMd5": "Md5",
25+
"HashSha1": "Sha1",
26+
"HashSha256": "Sha256",
27+
"HashSha512": "Sha512",
28+
"Emails": "emails",
29+
"Files": "TgtFilePath",
30+
}
31+
32+
1933
sentinel_one_events_query_details = PlatformDetails(**SENTINEL_ONE_EVENTS_QUERY_DETAILS)
2034
sentinel_one_power_query_details = PlatformDetails(**SENTINEL_ONE_POWER_QUERY_DETAILS)

uncoder-core/app/translator/platforms/sentinel_one/custom_types/__init__.py

Whitespace-only changes.

uncoder-core/app/translator/platforms/sentinel_one/custom_types/values.py

Lines changed: 0 additions & 5 deletions
This file was deleted.

uncoder-core/app/translator/platforms/sentinel_one/escape_manager.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,12 @@
33
from app.translator.core.custom_types.values import ValueType
44
from app.translator.core.escape_manager import EscapeManager
55
from app.translator.core.models.escape_details import EscapeDetails
6-
from app.translator.platforms.sentinel_one.custom_types.values import SentinelOneValueType
76

87

98
class SentinelOnePowerQueryEscapeManager(EscapeManager):
109
escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {
1110
ValueType.value: [EscapeDetails(pattern=r"\\", escape_symbols=r"\\\\")],
1211
ValueType.regex_value: [EscapeDetails(pattern=r"([$^*+()\[\]{}|.?\-\\])", escape_symbols=r"\\\1")],
13-
SentinelOneValueType.double_escape_regex_value: [EscapeDetails(pattern=r"\\", escape_symbols=r"\\\\")],
1412
}
1513

1614

uncoder-core/app/translator/platforms/sentinel_one/mappings/__init__.py

Whitespace-only changes.

uncoder-core/app/translator/platforms/sentinel_one/mappings/s1_cti.py

Lines changed: 0 additions & 12 deletions
This file was deleted.

uncoder-core/app/translator/platforms/sentinel_one/renders/s1_cti.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,7 @@
2020
from app.translator.core.models.platform_details import PlatformDetails
2121
from app.translator.core.render_cti import RenderCTI
2222
from app.translator.managers import render_cti_manager
23-
from app.translator.platforms.sentinel_one.const import sentinel_one_events_query_details
24-
from app.translator.platforms.sentinel_one.mappings.s1_cti import DEFAULT_S1EVENTS_MAPPING
23+
from app.translator.platforms.sentinel_one.const import DEFAULT_S1EVENTS_CTI_MAPPING, sentinel_one_events_query_details
2524

2625

2726
@render_cti_manager.register
@@ -35,4 +34,4 @@ class S1EventsCTI(RenderCTI):
3534
result_join: str = ""
3635
final_result_for_many: str = "({result})\n"
3736
final_result_for_one: str = "{result}\n"
38-
default_mapping = DEFAULT_S1EVENTS_MAPPING
37+
default_mapping = DEFAULT_S1EVENTS_CTI_MAPPING

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy