UncoderIO
diff --git a/‎uncoder-core/app/translator/core/custom_types/time.py
Lines changed: 14 additions & 0 deletions b/‎uncoder-core/app/translator/core/custom_types/time.py
Lines changed: 14 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/core/exceptions/core.py
Lines changed: 16 additions & 2 deletions b/‎uncoder-core/app/translator/core/exceptions/core.py
Lines changed: 16 additions & 2 deletions
diff --git a/‎uncoder-core/app/translator/core/models/field.py
Lines changed: 5 additions & 0 deletions b/‎uncoder-core/app/translator/core/models/field.py
Lines changed: 5 additions & 0 deletions
diff --git a/‎uncoder-core/app/translator/core/render.py
Lines changed: 7 additions & 1 deletion b/‎uncoder-core/app/translator/core/render.py
Lines changed: 7 additions & 1 deletion
diff --git a/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
Lines changed: 1 addition & 0 deletions b/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml
Lines changed: 2 additions & 1 deletion b/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml
Lines changed: 2 additions & 1 deletion b/‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml
Lines changed: 14 additions & 3 deletions b/‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml
Lines changed: 14 additions & 3 deletions
diff --git a/‎uncoder-core/app/translator/mappings/platforms/qradar/dns.yml
Lines changed: 2 additions & 1 deletion b/‎uncoder-core/app/translator/mappings/platforms/qradar/dns.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml
Lines changed: 1 addition & 0 deletions b/‎uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml
Lines changed: 1 addition & 0 deletions
@@ -7,3 +7,17 @@ class TimeFrameType(CustomEnum):
     days = "days"
     hours = "hours"
     minutes = "minutes"
+
+
+class TimePartType(CustomEnum):
+    day = "day"
+    day_of_week = "day_of_week"
+    day_of_year = "day_of_year"
+    hour = "hour"
+    microsecond = "microsecond"
+    millisecond = "millisecond"
+    minute = "minute"
+    month = "month"
+    quarter = "quarter"
+    second = "second"
+    year = "year"
@@ -1,3 +1,6 @@
+from typing import Optional
+
+
 class NotImplementedException(BaseException):
     ...
 
@@ -7,8 +10,19 @@ class BasePlatformException(BaseException):
 
 
 class StrictPlatformException(BasePlatformException):
-    def __init__(self, platform_name: str, field_name: str):
-        message = f"Platform {platform_name} has strict mapping. Source field {field_name} has no mapping."
+    field_name: str = None
+
+    def __init__(
+        self, platform_name: str, field_name: str, mapping: Optional[str] = None, detected_fields: Optional[list] = None
+    ):
+        message = (
+            f"Platform {platform_name} has strict mapping. "
+            f"Source fields: {', '.join(detected_fields) if detected_fields else field_name} has no mapping."
+            f" Mapping file: {mapping}."
+            if mapping
+            else ""
+        )
+        self.field_name = field_name
         super().__init__(message)
 
 
 
@@ -76,6 +76,11 @@ def value(self) -> Union[int, str, StrValue, list[Union[int, str, StrValue]]]:
             return self.values[0]
         return self.values
 
+    @value.setter
+    def value(self, new_value: Union[int, str, StrValue, list[Union[int, str, StrValue]]]) -> None:
+        self.values = []
+        self.__add_value(new_value)
+
     def __add_value(self, value: Optional[Union[int, str, StrValue, list, tuple]]) -> None:
         if value and isinstance(value, (list, tuple)):
             for v in value:
 
@@ -283,8 +283,14 @@ def apply_token(self, token: Union[FieldValue, Keyword, Identifier], source_mapp
 
     def generate_query(self, tokens: list[TOKEN_TYPE], source_mapping: SourceMapping) -> str:
         result_values = []
+        unmapped_fields = set()
         for token in tokens:
-            result_values.append(self.apply_token(token=token, source_mapping=source_mapping))
+            try:
+                result_values.append(self.apply_token(token=token, source_mapping=source_mapping))
+            except StrictPlatformException as err:
+                unmapped_fields.add(err.field_name)
+        if unmapped_fields:
+            raise StrictPlatformException(self.details.name, "", source_mapping.source_id, sorted(unmapped_fields))
         return "".join(result_values)
 
     def wrap_with_meta_info(self, query: str, meta_info: Optional[MetaInfoContainer]) -> str:
 
@@ -125,3 +125,4 @@ field_mapping:
   SourceOS: xdm.source.host.os
   DestinationOS: xdm.target.host.os
   url_category: xdm.network.http.url_category
+  EventSeverity: xdm.alert.severity
@@ -10,4 +10,5 @@ field_mapping:
   #dns-record: dns-record
   dns_query_name: xdm.network.dns.dns_question.name
   QueryName: xdm.network.dns.dns_question.name
-  query: xdm.network.dns.dns_question.name
+  query: xdm.network.dns.dns_question.name
+  dns-record-type: xdm.network.dns.dns_question.type
@@ -28,4 +28,5 @@ field_mapping:
   ParentIntegrityLevel: causality_actor_process_integrity_level
   ParentLogonId: causality_actor_process_logon_id
   ParentProduct: causality_actor_process_signature_product
-  ParentCompany: causality_actor_process_signature_vendor
+  ParentCompany: causality_actor_process_signature_vendor
+  EventType: event_sub_type
@@ -13,9 +13,12 @@ field_mapping:
   dst-port:
     - DstPort
     - DestinationPort
+    - remoteport
   dst-hostname: DstHost
   src-hostname: SrcHost
-  src-port: SourcePort
+  src-port:
+    - SourcePort
+    - localport
   src-ip:
     - sourceip
     - source_ip
@@ -27,11 +30,14 @@ field_mapping:
     - destination_ip
     - destinationIP
     - destinationaddress
+    - destination
   User:
     - userName
     - EventUserName
   CommandLine: Command
-  Protocol: IPProtocol
+  Protocol: 
+    - IPProtocol
+    - protocol
   Application:
     - Application
     - application
@@ -57,11 +63,16 @@ field_mapping:
   SourceMAC:
     - SourceMAC
     - MAC
+    - sourceMAC
   DestinationMAC: DestinationMAC
   SourceOS:
     - SourceOS
     - OS
   DestinationOS: DestinationOS
   TargetUserName: DestinationUserName
   SourceUserName: SourceUserName
-  url_category: XForceCategoryByURL
+  url_category: XForceCategoryByURL
+  EventSeverity: EventSeverity
+  Source: 
+    - Source
+    - source
@@ -12,4 +12,5 @@ field_mapping:
   dns-query: URL
   parent-domain: parent-domain
   dns-answer: dns-answer
-  dns-record: URL
+  dns-record: URL
+  dns-record-type: DNSRecordType
@@ -24,6 +24,7 @@ field_mapping:
   cs-host:
     - UrlHost
     - URL Host
+    - URL Domain
   cs-referrer:
     - URL Referrer
     - Referrer URL