Skip to content

Commit 51cdf69

Browse files
nazargesyknazargesyk
committed
gis-8503 fix false_positive metainfo
1 parent 66d87d5 commit 51cdf69

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,13 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
9393
tags = rule.get("tags", {}).get("analytic_story", [])
9494
if rule.get("type"):
9595
tags.append(rule.get("type"))
96+
false_positives = None
97+
if rule.get("known_false_positives"):
98+
false_positives = (
99+
rule["known_false_positives"]
100+
if isinstance(rule["known_false_positives"], list)
101+
else [rule["known_false_positives"]]
102+
)
96103
return RawQueryContainer(
97104
query=rule.get("search"),
98105
language=language,
@@ -103,7 +110,7 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
103110
author=rule.get("author").split(", "),
104111
status=rule.get("status"),
105112
description=description,
106-
false_positives=rule.get("known_false_positives"),
113+
false_positives=false_positives,
107114
references=rule.get("references"),
108115
mitre_attack=mitre_attack_container,
109116
tags=tags,

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy