gis-9099 add microsoft sentinel to one vendor flow

nazargesyk · nazargesyk · commit 5f9381523556 · 2024-11-14T14:25:45.000+02:00
diff --git a/uncoder-core/app/translator/platforms/microsoft/const.py b/uncoder-core/app/translator/platforms/microsoft/const.py
@@ -53,7 +53,7 @@
     "group_id": "microsoft-defender",
 }
 
-MICROSOFT_QUERY_TYPES = {_SENTINEL_KQL_QUERY, _SENTINEL_KQL_RULE}
+MICROSOFT_SENTINEL_QUERY_TYPES = {_SENTINEL_KQL_QUERY, _SENTINEL_KQL_RULE}
 
 microsoft_defender_query_details = PlatformDetails(**MICROSOFT_DEFENDER_DETAILS)
 microsoft_sentinel_query_details = PlatformDetails(**MICROSOFT_SENTINEL_QUERY_DETAILS)
diff --git a/uncoder-core/app/translator/translator.py b/uncoder-core/app/translator/translator.py
@@ -8,7 +8,7 @@
 from app.translator.core.render import QueryRender
 from app.translator.managers import ParserManager, RenderManager, parser_manager, render_manager
 from app.translator.platforms.elasticsearch.const import ELASTIC_QUERY_TYPES
-from app.translator.platforms.microsoft.const import MICROSOFT_QUERY_TYPES
+from app.translator.platforms.microsoft.const import MICROSOFT_SENTINEL_QUERY_TYPES
 from app.translator.platforms.roota.parsers.roota import RootAParser
 from app.translator.platforms.sigma.mapping import sigma_rule_mappings
 from app.translator.tools.decorators import handle_translation_exceptions
@@ -36,7 +36,7 @@ def __get_render(self, target: str) -> QueryRender:
 
     @staticmethod
     def __is_one_vendor_translation(source: str, target: str) -> bool:
-        vendors_query_types = [ELASTIC_QUERY_TYPES, MICROSOFT_QUERY_TYPES]
+        vendors_query_types = [ELASTIC_QUERY_TYPES, MICROSOFT_SENTINEL_QUERY_TYPES]
         for vendor_query_types in vendors_query_types:
             if source in vendor_query_types and target in vendor_query_types:
                 return True

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@`
`53`	`53`	`"group_id": "microsoft-defender",`
`54`	`54`	`}`
`55`	`55`
`56`		`-MICROSOFT_QUERY_TYPES = {_SENTINEL_KQL_QUERY, _SENTINEL_KQL_RULE}`
	`56`	`+MICROSOFT_SENTINEL_QUERY_TYPES = {_SENTINEL_KQL_QUERY, _SENTINEL_KQL_RULE}`
`57`	`57`
`58`	`58`	`microsoft_defender_query_details = PlatformDetails(**MICROSOFT_DEFENDER_DETAILS)`
`59`	`59`	`microsoft_sentinel_query_details = PlatformDetails(**MICROSOFT_SENTINEL_QUERY_DETAILS)`