Skip to content

Commit f56ab22

Browse files
tarnopolskyitarnopolskyi
authored
Merge pull request #75 from UncoderIO/gis-fix-gen-all-bug
Gis fix gen all bug
2 parents d29efb3 + 28ee688 commit f56ab22

File tree

2 files changed

+3
-19
lines changed

2 files changed

+3
-19
lines changed

translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py

Lines changed: 2 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@
1616
limitations under the License.
1717
-----------------------------------------------------------------
1818
"""
19-
2019
import copy
2120
import json
2221
from typing import Optional
@@ -50,21 +49,6 @@ class LogRhythmAxonRuleRender(LogRhythmAxonQueryRender):
5049
or_token = "or"
5150
field_value_map = LogRhythmAxonRuleFieldValue(or_token=or_token)
5251

53-
def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> tuple[list, list]:
54-
tactics = set()
55-
techniques = []
56-
57-
for tactic in meta_info.mitre_attack.get("tactics"):
58-
tactics.add(tactic["tactic"])
59-
60-
for technique in meta_info.mitre_attack.get("techniques"):
61-
if technique.get("tactic"):
62-
for tactic in technique["tactic"]:
63-
tactics.add(tactic)
64-
techniques.append(technique["technique_id"])
65-
66-
return sorted(tactics), sorted(techniques)
67-
6852
def finalize_query(
6953
self,
7054
prefix: str,
@@ -91,11 +75,11 @@ def finalize_query(
9175
)
9276
if tactics := meta_info.mitre_attack.get("tactics"):
9377
rule["observationPipeline"]["metadataFields"]["threat.mitre_tactic"] = ", ".join(
94-
f"{i['external_id']}:{i['tactic']}" for i in tactics
78+
f"{i['external_id']}:{i['tactic']}" for i in sorted(tactics, key=lambda x: x["external_id"])
9579
)
9680
if techniques := meta_info.mitre_attack.get("techniques"):
9781
rule["observationPipeline"]["metadataFields"]["threat.mitre_technique"] = ", ".join(
98-
f"{i['technique_id']}:{i['technique']}" for i in techniques
82+
f"{i['technique_id']}:{i['technique']}" for i in sorted(techniques, key=lambda x: x["technique_id"])
9983
)
10084
if meta_info.fields:
10185
rule["observationPipeline"]["pattern"]["operations"][0]["logObserved"]["groupByFields"] = [

translator/app/translator/translator.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ def __generate_all(self, text: str, source: str) -> list[dict]:
8787
status, data = self.__render_translation(query_container=raw_query_container, target=target)
8888
else:
8989
status, data = self.__render_translation(query_container=tokenized_query_container, target=target)
90-
result.append({"status": status, "result": parsed_data, "siem_type": target})
90+
result.append({"status": status, "result": data, "siem_type": target})
9191

9292
return result
9393

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy