Skip to content

Commit 4abc013

Browse files
tarnopolskyitarnopolskyi
committed
update in render
1 parent 36bf9f3 commit 4abc013

File tree

3 files changed

+68
-7
lines changed

3 files changed

+68
-7
lines changed

uncoder-core/app/translator/platforms/sumo_logic/__init__.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
from app.translator.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI # noqa: F401
2-
from app.translator.platforms.sumo_logic.renders.sumologic import SumologicSearchQueryRender
2+
from app.translator.platforms.sumo_logic.renders.sumologic import SumologicSearchQueryRender
3+
from app.translator.platforms.sumo_logic.renders.sumologic_cse import SumologicCSERender, SumologicCSERuleRender

uncoder-core/app/translator/platforms/sumo_logic/const.py

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,17 +26,43 @@
2626
SUMOLOGIC_CSE_QUERY_DETAILS = {
2727
"platform_id": "sumologic-cse-query",
2828
"name": "Sumo Logic CSE",
29-
"platform_name": "Query",
29+
"platform_name": "CSE Query",
3030
**PLATFORM_DETAILS
3131
}
3232

3333
SUMOLOGIC_CSE_RULE_DETAILS = {
3434
"platform_id": "sumologic-cse-rule",
3535
"name": "Sumo Logic CSE Rule",
36-
"platform_name": "Query",
36+
"platform_name": "CSE Rule",
3737
**PLATFORM_DETAILS
3838
}
3939

40+
SEVERITY_MAP = {
41+
'informational': 1,
42+
'low': 2,
43+
'medium': 3,
44+
'high': 4,
45+
'critical': 5
46+
}
47+
48+
ALLOWED_CATEGORIES = [
49+
"Threat Intelligence",
50+
"Initial Access",
51+
"Execution",
52+
"Persistence",
53+
"Privilege Escalation",
54+
"Defense Evasion",
55+
"Credential Access",
56+
"Discovery",
57+
"Lateral Movement",
58+
"Collection",
59+
"Command and Control",
60+
"Exfiltration",
61+
"Impact"
62+
]
63+
64+
65+
4066
sumologic_search_query_details = PlatformDetails(**SUMOLOGIC_SEARCH_QUERY_DETAILS)
4167
sumologic_cse_query_details = PlatformDetails(**SUMOLOGIC_CSE_QUERY_DETAILS)
4268
sumologic_cse_rule_details = PlatformDetails(**SUMOLOGIC_CSE_RULE_DETAILS)

uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cse.py

Lines changed: 38 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,19 +16,29 @@
1616
limitations under the License.
1717
-----------------------------------------------------------------
1818
"""
19+
import copy
20+
import json
21+
from typing import Optional
22+
from app.translator.core.mapping import SourceMapping
1923
from app.translator.core.models.platform_details import PlatformDetails
24+
from app.translator.core.models.query_container import MetaInfoContainer
2025
from app.translator.managers import render_manager
2126
from app.translator.core.render import PlatformQueryRender
2227

23-
from app.translator.platforms.sumo_logic.const import sumologic_search_query_details
28+
from app.translator.platforms.sumo_logic.const import (
29+
SEVERITY_MAP,
30+
sumologic_cse_query_details,
31+
sumologic_cse_rule_details,
32+
DEFAULT_SUMOLOGIC_CSE_RULE
33+
)
2434
from app.translator.platforms.sumo_logic.mapping import SumoLogicMappings, sumologic_mappings
2535
from app.translator.platforms.sumo_logic.renders.sumologic import SumologicFieldValue
2636

2737

2838

2939
@render_manager.register
3040
class SumologicCSERender(PlatformQueryRender):
31-
details: PlatformDetails = sumologic_search_query_details
41+
details: PlatformDetails = sumologic_cse_query_details
3242
mappings: SumoLogicMappings = sumologic_mappings
3343

3444
or_token = "OR"
@@ -41,12 +51,36 @@ class SumologicCSERender(PlatformQueryRender):
4151

4252
@render_manager.register
4353
class SumologicCSERuleRender(PlatformQueryRender):
44-
details: PlatformDetails = sumologic_search_query_details
54+
details: PlatformDetails = sumologic_cse_rule_details
4555
mappings: SumoLogicMappings = sumologic_mappings
4656

4757
or_token = "OR"
4858
and_token = "AND"
4959
not_token = "NOT"
5060

5161
field_value_map = SumologicFieldValue(or_token=or_token)
52-
query_pattern = "{prefix} {query} {functions}"
62+
query_pattern = "{prefix} {query} {functions}"
63+
64+
65+
def finalize_query(
66+
self,
67+
prefix: str,
68+
query: str,
69+
functions: str,
70+
meta_info: Optional[MetaInfoContainer] = None,
71+
source_mapping: Optional[SourceMapping] = None, # noqa: ARG002
72+
not_supported_functions: Optional[list] = None,
73+
*args, # noqa: ARG002
74+
**kwargs, # noqa: ARG002
75+
) -> str:
76+
query = super().finalize_query(prefix=prefix, query=query, functions=functions)
77+
rule = copy.deepcopy(DEFAULT_SUMOLOGIC_CSE_RULE)
78+
rule["name"] = meta_info.title or rule["name"] if meta_info else rule['name']
79+
rule["description"] = meta_info.description or rule["description"] if meta_info else rule['description']
80+
rule["score"] = SEVERITY_MAP.get(meta_info.severity) if meta_info else SEVERITY_MAP['medium']
81+
rule["expression"] = query
82+
rule_str = json.dumps(rule, indent=4, sort_keys=False, ensure_ascii=False)
83+
if not_supported_functions:
84+
rendered_not_supported = self.render_not_supported_functions(not_supported_functions)
85+
return rule_str + rendered_not_supported
86+
return rule_str

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy