Skip to content

Commit 9954709

Browse files
saltar-uasaltar-ua
committed
Palo Alto Cortex XSIAM: Add support array of default logsources
1 parent 9fb67bd commit 9954709

File tree

3 files changed

+6
-7
lines changed

3 files changed

+6
-7
lines changed

uncoder-core/app/translator/platforms/palo_alto/escape_manager.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,10 @@
77

88
class XQLEscapeManager(EscapeManager):
99
escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {
10-
ValueType.regex_value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")],
11-
ValueType.value: [EscapeDetails(pattern=r'([\\])', escape_symbols=r"\\\1")],
12-
10+
ValueType.regex_value: [
11+
EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")
12+
],
13+
ValueType.value: [EscapeDetails(pattern=r"([\\])", escape_symbols=r"\\\1")],
1314
}
1415

1516

uncoder-core/app/translator/platforms/palo_alto/mapping.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ def is_suitable(self, preset: str, dataset: str) -> bool:
2020

2121
def __prepare_log_source_for_render(self, logsource: Union[str, list[str]], model: str = "datamodel") -> str:
2222
if isinstance(logsource, list):
23-
return f"{model} in ({', '.join([source for source in logsource])})"
23+
return f"{model} in ({', '.join(source for source in logsource)})"
2424
return f"{model} = {logsource}"
2525

2626
def __str__(self) -> str:

uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -69,9 +69,7 @@ def contains_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
6969

7070
def endswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
7171
if isinstance(value, list):
72-
return (
73-
f"({self.or_token.join(self.endswith_modifier(field=field, value=v) for v in value)})"
74-
)
72+
return f"({self.or_token.join(self.endswith_modifier(field=field, value=v) for v in value)})"
7573
return f'{field} ~= ".*{self.apply_value(value, value_type=ValueType.regex_value)}"'
7674

7775
def startswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy