UncoderIO
diff --git a/‎uncoder-core/app/translator/cti_translator.py
Lines changed: 3 additions & 3 deletions b/‎uncoder-core/app/translator/cti_translator.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎uncoder-core/app/translator/managers.py
Lines changed: 47 additions & 15 deletions b/‎uncoder-core/app/translator/managers.py
Lines changed: 47 additions & 15 deletions
diff --git a/‎uncoder-core/app/translator/platforms/__init__.py
Lines changed: 1 addition & 71 deletions b/‎uncoder-core/app/translator/platforms/__init__.py
Lines changed: 1 addition & 71 deletions
diff --git a/‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py
Lines changed: 19 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py
Lines changed: 19 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/athena/parsers/athena.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/athena/parsers/athena.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/athena/renders/athena.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/athena/renders/athena.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/athena/renders/athena_cti.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/athena/renders/athena_cti.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py
Lines changed: 2 additions & 0 deletions b/‎uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py
Lines changed: 2 additions & 0 deletions
@@ -10,7 +10,7 @@
 
 
 class CTITranslator:
-    renders: RenderCTIManager = render_cti_manager
+    render_manager: RenderCTIManager = render_cti_manager
 
     def __init__(self):
         self.logger = logging.getLogger("cti_translator")
@@ -38,7 +38,7 @@ def __parse_iocs_from_string(
 
     @handle_translation_exceptions
     def __render_translation(self, parsed_data: dict, platform_data: CTIPlatform, iocs_per_query: int) -> list[str]:
-        render_cti = self.renders.get(platform_data.id)
+        render_cti = self.render_manager.get(platform_data.id)
 
         chunked_iocs = self.__get_iocs_chunk(
             chunks_size=iocs_per_query, data=parsed_data, mapping=render_cti.default_mapping
@@ -85,4 +85,4 @@ def __get_iocs_chunk(
 
     @classmethod
     def get_renders(cls) -> list:
-        return cls.renders.get_platforms_details
+        return cls.render_manager.get_platforms_details
@@ -1,28 +1,26 @@
 from abc import ABC
+from functools import cached_property
 
 from app.models.translation import TranslatorPlatform
 from app.translator.core.exceptions.core import UnsupportedRootAParser
-from app.translator.platforms import __ALL_PARSERS as PARSERS
-from app.translator.platforms import __ALL_RENDERS as RENDERS
-from app.translator.platforms import __ALL_RENDERS_CTI as RENDERS_CTI
 
 
 class Manager(ABC):
-    platforms_class = ()
+    platforms = {}
 
-    @property
-    def platforms(self) -> dict:
-        return {platform.details.platform_id: platform for platform in self.platforms_class}
+    def register(self, cls):
+        self.platforms[cls.details.platform_id] = cls()
+        return cls
 
     def get(self, platform_id: str):  # noqa: ANN201
         if platform := self.platforms.get(platform_id):
             return platform
         raise UnsupportedRootAParser(parser=platform_id)
 
     def all_platforms(self) -> list:
-        return list(self.platforms)
+        return list(self.platforms.keys())
 
-    @property
+    @cached_property
     def get_platforms_details(self) -> list[TranslatorPlatform]:
         platforms = [
             TranslatorPlatform(
@@ -37,21 +35,55 @@ def get_platforms_details(self) -> list[TranslatorPlatform]:
                 alt_platform=platform.details.alt_platform,
                 first_choice=platform.details.first_choice,
             )
-            for platform in self.platforms_class
+            for platform in self.platforms.values()
         ]
         return sorted(platforms, key=lambda platform: platform.group_name)
 
 
-class RenderManager(Manager):
-    platforms_class = RENDERS
+class ParserManager(Manager):
+    platforms = {}
+    roota_parsers = {}
+    parsers = {}
 
+    def get_roota_parser(self, platform_id: str):  # noqa: ANN201
+        if platform := self.roota_parsers.get(platform_id):
+            return platform
+        raise UnsupportedRootAParser(parser=platform_id)
 
-class ParserManager(Manager):
-    platforms_class = PARSERS
+    def register_roota_parser(self, cls):
+        self.roota_parsers[cls.details.platform_id] = cls()
+        return super().register(cls)
+
+    def register_parser(self, cls):
+        self.parsers[cls.details.platform_id] = cls()
+        return super().register(cls)
+
+    @cached_property
+    def get_platforms_details(self) -> list[TranslatorPlatform]:
+        platforms = [
+            TranslatorPlatform(
+                id=platform.details.platform_id,
+                name=platform.details.name,
+                code=platform.details.platform_id,
+                group_name=platform.details.group_name,
+                group_id=platform.details.group_id,
+                platform_name=platform.details.platform_name,
+                platform_id=platform.details.platform_id,
+                alt_platform_name=platform.details.alt_platform_name,
+                alt_platform=platform.details.alt_platform,
+                first_choice=platform.details.first_choice,
+            )
+            for platform in self.parsers.values()
+        ]
+        return sorted(platforms, key=lambda platform: platform.group_name)
+
+
+class RenderManager(Manager):
+    platforms = {}
 
 
 class RenderCTIManager(Manager):
-    platforms_class = RENDERS_CTI
+    platforms = {}
 
 
 parser_manager = ParserManager()
 
@@ -1,3 +1,4 @@
+from app.translator.platforms.arcsight.renders.arcsight_cti import ArcsightKeyword
 from app.translator.platforms.athena.parsers.athena import AthenaQueryParser
 from app.translator.platforms.athena.renders.athena import AthenaQueryRender
 from app.translator.platforms.athena.renders.athena_cti import AthenaCTI
@@ -59,74 +60,3 @@
 from app.translator.platforms.splunk.renders.splunk_alert import SplunkAlertRender
 from app.translator.platforms.splunk.renders.splunk_cti import SplunkCTI
 from app.translator.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI
-
-__ALL_RENDERS = (
-    SigmaRender(),
-    MicrosoftSentinelQueryRender(),
-    MicrosoftSentinelRuleRender(),
-    MicrosoftDefenderQueryRender(),
-    QradarQueryRender(),
-    CrowdStrikeQueryRender(),
-    SplunkQueryRender(),
-    SplunkAlertRender(),
-    ChronicleQueryRender(),
-    ChronicleSecurityRuleRender(),
-    AthenaQueryRender(),
-    ElasticSearchQueryRender(),
-    LogRhythmAxonQueryRender(),
-    LogRhythmAxonRuleRender(),
-    LogScaleQueryRender(),
-    LogScaleAlertRender(),
-    ElasticSearchRuleRender(),
-    ElastAlertRuleRender(),
-    KibanaRuleRender(),
-    XPackWatcherRuleRender(),
-    OpenSearchQueryRender(),
-    OpenSearchRuleRender(),
-    GraylogQueryRender(),
-    FortiSiemRuleRender(),
-)
-
-__ALL_PARSERS = (
-    AthenaQueryParser(),
-    ChronicleQueryParser(),
-    ChronicleRuleParser(),
-    SplunkQueryParser(),
-    SplunkAlertParser(),
-    SigmaParser(),
-    QradarQueryParser(),
-    MicrosoftSentinelQueryParser(),
-    MicrosoftSentinelRuleParser(),
-    MicrosoftDefenderQueryParser(),
-    CrowdStrikeQueryParser(),
-    LogScaleQueryParser(),
-    LogScaleAlertParser(),
-    ElasticSearchQueryParser(),
-    ElasticSearchRuleParser(),
-    OpenSearchQueryParser(),
-    GraylogQueryParser(),
-)
-
-
-__ALL_RENDERS_CTI = (
-    MicrosoftSentinelCTI(),
-    MicrosoftDefenderCTI(),
-    QRadarCTI(),
-    SplunkCTI(),
-    ChronicleQueryCTI(),
-    CrowdStrikeCTI(),
-    SumologicCTI(),
-    ElasticsearchCTI(),
-    LogScaleCTI(),
-    OpenSearchCTI(),
-    FireeyeHelixCTI(),
-    CarbonBlackCTI(),
-    GraylogCTI(),
-    LogpointCTI(),
-    QualysCTI(),
-    RSANetwitnessCTI(),
-    S1EventsCTI(),
-    SecuronixCTI(),
-    SnowflakeCTI(),
-    AthenaCTI(),
-)
@@ -0,0 +1,19 @@
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
+from app.translator.managers import render_cti_manager
+from app.translator.platforms.arcsight.const import ARCSIGHT_QUERY_DETAILS
+from app.translator.platforms.arcsight.mappings.arcsight_cti import DEFAULT_ARCSIGHT_MAPPING
+
+
+@render_cti_manager.register
+class ArcsightKeyword(RenderCTI):
+    details: PlatformDetails = PlatformDetails(**ARCSIGHT_QUERY_DETAILS)
+
+    default_mapping = DEFAULT_ARCSIGHT_MAPPING
+    field_value_template: str = "{key} = {value}"
+    or_operator: str = " OR "
+    group_or_operator: str = " OR "
+    or_group: str = "{or_group}"
+    result_join: str = ""
+    final_result_for_many: str = '({result}) AND type != 2 | rex field = flexString1 mode=sed "s//Sigma: None/g"\n'
+    final_result_for_one: str = '{result} AND type != 2 | rex field = flexString1 mode=sed "s//Sigma: None/g"\n'
@@ -22,11 +22,13 @@
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer
 from app.translator.core.parser import PlatformQueryParser
+from app.translator.managers import parser_manager
 from app.translator.platforms.athena.const import athena_details
 from app.translator.platforms.athena.mapping import AthenaMappings, athena_mappings
 from app.translator.platforms.athena.tokenizer import AthenaTokenizer
 
 
+@parser_manager.register_roota_parser
 class AthenaQueryParser(PlatformQueryParser):
     details: PlatformDetails = athena_details
     mappings: AthenaMappings = athena_mappings
 
@@ -23,6 +23,7 @@
 from app.translator.core.mapping import LogSourceSignature
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender
+from app.translator.managers import render_manager
 from app.translator.platforms.athena.const import athena_details
 from app.translator.platforms.athena.mapping import AthenaMappings, athena_mappings
 
@@ -76,6 +77,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:  # noqa: ARG00
         raise UnsupportedRenderMethod(platform_name=self.details.name, method="Keywords")
 
 
+@render_manager.register
 class AthenaQueryRender(PlatformQueryRender):
     details: PlatformDetails = athena_details
     mappings: AthenaMappings = athena_mappings
 
@@ -19,10 +19,12 @@
 
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render_cti import RenderCTI
+from app.translator.managers import render_cti_manager
 from app.translator.platforms.athena.const import athena_details
 from app.translator.platforms.athena.mappings.athena_cti import DEFAULT_ATHENA_MAPPING
 
 
+@render_cti_manager.register
 class AthenaCTI(RenderCTI):
     details: PlatformDetails = athena_details
 
 
@@ -19,10 +19,12 @@
 
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render_cti import RenderCTI
+from app.translator.managers import render_cti_manager
 from app.translator.platforms.carbonblack.const import CARBON_BLACK_QUERY_DETAILS
 from app.translator.platforms.carbonblack.mappings.carbonblack_cti import DEFAULT_CARBONBLACK_MAPPING
 
 
+@render_cti_manager.register
 class CarbonBlackCTI(RenderCTI):
     details: PlatformDetails = PlatformDetails(**CARBON_BLACK_QUERY_DETAILS)
 
 
@@ -20,11 +20,13 @@
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer
 from app.translator.core.parser import PlatformQueryParser
+from app.translator.managers import parser_manager
 from app.translator.platforms.chronicle.const import chronicle_query_details
 from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
 from app.translator.platforms.chronicle.tokenizer import ChronicleQueryTokenizer
 
 
+@parser_manager.register_roota_parser
 class ChronicleQueryParser(PlatformQueryParser):
     mappings: ChronicleMappings = chronicle_mappings
     tokenizer: ChronicleQueryTokenizer = ChronicleQueryTokenizer()
 
@@ -21,12 +21,14 @@
 from app.translator.core.exceptions.parser import TokenizerGeneralException
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer
+from app.translator.managers import parser_manager
 from app.translator.platforms.chronicle.const import chronicle_rule_details
 from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
 from app.translator.platforms.chronicle.parsers.chronicle import ChronicleQueryParser
 from app.translator.platforms.chronicle.tokenizer import ChronicleRuleTokenizer
 
 
+@parser_manager.register
 class ChronicleRuleParser(ChronicleQueryParser):
     details: PlatformDetails = chronicle_rule_details
     rule_name_pattern = "rule\s(?P<rule_name>[a-z0-9_]+)\s{"