Merge pull request #105 from UncoderIO/gis-7719

tarnopolskyi · web-flow · commit 76d4c7751422 · 2024-05-07T11:36:32.000+02:00
added-keywords-to-logrhythm-axon
diff --git a/uncoder-core/app/translator/core/render.py b/uncoder-core/app/translator/core/render.py
@@ -300,8 +300,9 @@ def _generate_from_tokenized_query_container(self, query_container: TokenizedQue
         for source_mapping in source_mappings:
             prefix = self.generate_prefix(source_mapping.log_source_signature)
             if source_mapping.raw_log_fields:
-                defined_raw_log_fields = self.generate_raw_log_fields(fields=query_container.meta_info.query_fields,
-                                                                      source_mapping=source_mapping)
+                defined_raw_log_fields = self.generate_raw_log_fields(
+                    fields=query_container.meta_info.query_fields, source_mapping=source_mapping
+                )
                 prefix += f"\n{defined_raw_log_fields}\n"
             result = self.generate_query(tokens=query_container.tokens, source_mapping=source_mapping)
             rendered_functions = self.generate_functions(query_container.functions.functions, source_mapping)
diff --git a/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py b/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py
@@ -186,6 +186,12 @@ def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
             return self.contains_modifier(field, value)
         return f'{field} matches "{value}"'
 
+    def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:  # noqa: ARG002
+        if isinstance(value, list):
+            rendered_keywords = [f'{UNMAPPED_FIELD_DEFAULT_NAME} CONTAINS "{v}"' for v in value]
+            return f"({self.or_token.join(rendered_keywords)})"
+        return f'{UNMAPPED_FIELD_DEFAULT_NAME} CONTAINS "{value}"'
+
 
 class LogRhythmAxonQueryRender(PlatformQueryRender):
     details: PlatformDetails = logrhythm_axon_query_details
diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py
@@ -110,10 +110,10 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
             return f"({self.or_token.join(self.keywords(field=field, value=v) for v in value)})"
         return f"* contains @'{self.__escape_value(value)}'"
 
-    def is_none(self, field: str, value: Union[str, int]) -> str:
+    def is_none(self, field: str, value: Union[str, int]) -> str:  # noqa: ARG002
         return f"isempty({self.apply_value(value)})"
 
-    def is_not_none(self, field: str, value: Union[str, int]) -> str:
+    def is_not_none(self, field: str, value: Union[str, int]) -> str:  # noqa: ARG002
         return f"isnotempty({self.apply_value(value)})"
 
 
diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
@@ -35,7 +35,7 @@ class CortexXSIAMFieldValue(BaseQueryFieldValue):
     def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
             values = ", ".join(f'"{v}"' for v in value)
-            return f'{field} in ({values})'
+            return f"{field} in ({values})"
         if isinstance(value, int):
             return f"{field} = {value}"
         return f'{field} = "{value}"'
@@ -111,6 +111,14 @@ class CortexXQLQueryRender(PlatformQueryRender):
     is_multi_line_comment = False
 
     def generate_prefix(self, log_source_signature: LogSourceSignature) -> str:
-        preset = f"preset = {log_source_signature._default_source.get('preset')}" if log_source_signature._default_source.get('preset') else None
-        dataset = f"dataset = {log_source_signature._default_source.get('dataset')}" if log_source_signature._default_source.get('dataset') else None
+        preset = (
+            f"preset = {log_source_signature._default_source.get('preset')}"
+            if log_source_signature._default_source.get("preset")
+            else None
+        )
+        dataset = (
+            f"dataset = {log_source_signature._default_source.get('dataset')}"
+            if log_source_signature._default_source.get("dataset")
+            else None
+        )
         return preset or dataset or "datamodel"
