You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Instructions_on_Adding_New_Renders.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,9 +16,9 @@ You can find the list of supported target platforms in the [platforms](https://g
16
16
17
17
## How to Add a New Render
18
18
19
-
All code related to translation has to be in the directory with the corresponding platform name in `translator/app/translator/platforms`.
19
+
All code related to translation has to be in the directory with the corresponding platform name in `uncoder-core/app/translator/platforms`.
20
20
21
-
-`translator/app/translator/platforms/<platform_name>/renders` – a directory that contains platform renders for different content types (such as rules and queries translated from a source language or queries generated based on parsed IOCs).
21
+
-`uncoder-core/app/translator/platforms/<platform_name>/renders` – a directory that contains platform renders for different content types (such as rules and queries translated from a source language or queries generated based on parsed IOCs).
22
22
-`const.py` – a Python file that contains metainformation about the platform.
23
23
-`escape_manager.py` – a Python file that contains classes describing the rules of escaping special characters.
24
24
-`mapping.py` – a Python file that contains classes that describe working with mappings.
@@ -29,15 +29,15 @@ To add a new render:
29
29
2. Describe the metainformation about the platform in the `const.py` file.
30
30
3. Create a class that processes mappings in the `mapping.py` file.
31
31
4. Create a class that processes special characters in the `escaping_manager.py` file.
32
-
5. Create the `renders` directory in `translator/app/translator/platforms/<platform_name>/`.
32
+
5. Create the `renders` directory in `uncoder-core/app/translator/platforms/<platform_name>/`.
33
33
6. Create a file with the name that matches the name of the platform.
34
34
7. The render is composed of two classes:
35
35
a. `BaseQueryRender` – the class that describes the general mechanism of rendering a query from the tokens parsed from the input query.
36
36
b. `BaseQueryFieldValue` – the class that describes the mechanism of creating the `Field-Value` component of the query.
37
37
38
38
39
39
## Render Classes
40
-
These classes should be described in the `translator/app/translator/platforms/<platform_name>/renders/<platform_name>.py` file.
40
+
These classes should be described in the `uncoder-core/app/translator/platforms/<platform_name>/renders/<platform_name>.py` file.
41
41
42
42
### BaseQueryRender Class
43
43
@@ -69,7 +69,7 @@ The class has the following methods:
69
69
-`__init__` creates a dictionary (map) named `field_value` where a processing method is connected that depends on the operator that was between the field and its value
70
70
71
71
## Mapping Classes
72
-
These classes should be described in the `translator/app/translator/platforms/<platform_name>/mapping.py` file.
72
+
These classes should be described in the `uncoder-core/app/translator/platforms/<platform_name>/mapping.py` file.
73
73
74
74
To describe mappings, you need two classes:
75
75
- A class that inherits the `BasePlatformMappings` class – responsible for choosing mapping
@@ -84,20 +84,20 @@ The `__init__` method describes tabels/indexes that can be applied for a log sou
84
84
The `is_suitable` method is required. It's used to determine the mapping.
85
85
86
86
### BasePlatformMappings
87
-
This class has one required attribute – the name of the directory from which mappings should be taken (all mappings are in `translator/app/translator/mappings/<platform_name>`). Only the directory name should be indicated.
87
+
This class has one required attribute – the name of the directory from which mappings should be taken (all mappings are in `uncoder-core/app/translator/mappings/<platform_name>`). Only the directory name should be indicated.
88
88
89
89
This class contains two required methods:
90
90
-`prepare_log_source_signature` – a method that transforms mappings obtained from the YAML file into objects
91
91
-`get_suitable_source_mappings` – a method that contains the conditions for checking for a suitable mapping depending on fields and tables/indexes.
92
92
93
93
## Escape Manager Class
94
-
This class inherits the basic class `EscapeManager`. It contains a required attribute `escape_map`. Depending on the `Value` type (the values searched for in the field) you need to define special characters to be escaped. `Value` types are defined in `translator/app/translator/core/custom_types/values.py`.
94
+
This class inherits the basic class `EscapeManager`. It contains a required attribute `escape_map`. Depending on the `Value` type (the values searched for in the field) you need to define special characters to be escaped. `Value` types are defined in `uncoder-core/app/translator/core/custom_types/values.py`.
95
95
96
96
## const.py
97
97
The file where the metainformation about the platform and the rule templates (if any) are stored.
98
98
99
99
## Metainformation
100
-
`siem_type` – unique platform identifier
100
+
`platform_id` – unique platform identifier
101
101
`group_name` – platform name to be displayed in the platform selection dropdown in the UI
102
102
`platform_name` – the name of the content type to be displayed on the tab (as well as in the sub-menu of the platform)
103
103
`group_id` – the unique identifier of all content types for a platform
0 commit comments