diff --git a/uncoder-core/app/translator/cti_translator.py b/uncoder-core/app/translator/cti_translator.py index 673a4d72..79b25fc4 100644 --- a/uncoder-core/app/translator/cti_translator.py +++ b/uncoder-core/app/translator/cti_translator.py @@ -10,7 +10,7 @@ class CTITranslator: - renders: RenderCTIManager = render_cti_manager + render_manager: RenderCTIManager = render_cti_manager def __init__(self): self.logger = logging.getLogger("cti_translator") @@ -38,7 +38,7 @@ def __parse_iocs_from_string( @handle_translation_exceptions def __render_translation(self, parsed_data: dict, platform_data: CTIPlatform, iocs_per_query: int) -> list[str]: - render_cti = self.renders.get(platform_data.id) + render_cti = self.render_manager.get(platform_data.id) chunked_iocs = self.__get_iocs_chunk( chunks_size=iocs_per_query, data=parsed_data, mapping=render_cti.default_mapping @@ -85,4 +85,4 @@ def __get_iocs_chunk( @classmethod def get_renders(cls) -> list: - return cls.renders.get_platforms_details + return cls.render_manager.get_platforms_details diff --git a/uncoder-core/app/translator/managers.py b/uncoder-core/app/translator/managers.py index 97667087..cf552a5f 100644 --- a/uncoder-core/app/translator/managers.py +++ b/uncoder-core/app/translator/managers.py @@ -1,18 +1,16 @@ from abc import ABC +from functools import cached_property from app.models.translation import TranslatorPlatform from app.translator.core.exceptions.core import UnsupportedRootAParser -from app.translator.platforms import __ALL_PARSERS as PARSERS -from app.translator.platforms import __ALL_RENDERS as RENDERS -from app.translator.platforms import __ALL_RENDERS_CTI as RENDERS_CTI class Manager(ABC): - platforms_class = () + platforms = {} - @property - def platforms(self) -> dict: - return {platform.details.platform_id: platform for platform in self.platforms_class} + def register(self, cls): + self.platforms[cls.details.platform_id] = cls() + return cls def get(self, platform_id: str): # noqa: ANN201 if platform := self.platforms.get(platform_id): @@ -20,9 +18,9 @@ def get(self, platform_id: str): # noqa: ANN201 raise UnsupportedRootAParser(parser=platform_id) def all_platforms(self) -> list: - return list(self.platforms) + return list(self.platforms.keys()) - @property + @cached_property def get_platforms_details(self) -> list[TranslatorPlatform]: platforms = [ TranslatorPlatform( @@ -37,21 +35,59 @@ def get_platforms_details(self) -> list[TranslatorPlatform]: alt_platform=platform.details.alt_platform, first_choice=platform.details.first_choice, ) - for platform in self.platforms_class + for platform in self.platforms.values() ] return sorted(platforms, key=lambda platform: platform.group_name) -class RenderManager(Manager): - platforms_class = RENDERS +class ParserManager(Manager): + platforms = {} + supported_by_roota_platforms = {} + main_platforms = {} + def get_supported_by_roota(self, platform_id: str): # noqa: ANN201 + if platform := self.supported_by_roota_platforms.get(platform_id): + return platform + raise UnsupportedRootAParser(parser=platform_id) -class ParserManager(Manager): - platforms_class = PARSERS + def register_supported_by_roota(self, cls): + parser = cls() + self.supported_by_roota_platforms[cls.details.platform_id] = parser + self.platforms[cls.details.platform_id] = parser + return cls + + def register_main(self, cls): + parser = cls() + self.main_platforms[cls.details.platform_id] = parser + self.platforms[cls.details.platform_id] = parser + return cls + + @cached_property + def get_platforms_details(self) -> list[TranslatorPlatform]: + platforms = [ + TranslatorPlatform( + id=platform.details.platform_id, + name=platform.details.name, + code=platform.details.platform_id, + group_name=platform.details.group_name, + group_id=platform.details.group_id, + platform_name=platform.details.platform_name, + platform_id=platform.details.platform_id, + alt_platform_name=platform.details.alt_platform_name, + alt_platform=platform.details.alt_platform, + first_choice=platform.details.first_choice, + ) + for platform in self.platforms.values() + ] + return sorted(platforms, key=lambda platform: platform.group_name) + + +class RenderManager(Manager): + platforms = {} class RenderCTIManager(Manager): - platforms_class = RENDERS_CTI + platforms = {} parser_manager = ParserManager() diff --git a/uncoder-core/app/translator/platforms/__init__.py b/uncoder-core/app/translator/platforms/__init__.py index 9929ce55..33e4b1d2 100644 --- a/uncoder-core/app/translator/platforms/__init__.py +++ b/uncoder-core/app/translator/platforms/__init__.py @@ -1,134 +1,17 @@ -from app.translator.platforms.athena.parsers.athena import AthenaQueryParser -from app.translator.platforms.athena.renders.athena import AthenaQueryRender -from app.translator.platforms.athena.renders.athena_cti import AthenaCTI -from app.translator.platforms.carbonblack.renders.carbonblack_cti import CarbonBlackCTI -from app.translator.platforms.chronicle.parsers.chronicle import ChronicleQueryParser -from app.translator.platforms.chronicle.parsers.chronicle_rule import ChronicleRuleParser -from app.translator.platforms.chronicle.renders.chronicle import ChronicleQueryRender -from app.translator.platforms.chronicle.renders.chronicle_cti import ChronicleQueryCTI -from app.translator.platforms.chronicle.renders.chronicle_rule import ChronicleSecurityRuleRender -from app.translator.platforms.crowdstrike.parsers.crowdstrike import CrowdStrikeQueryParser -from app.translator.platforms.crowdstrike.renders.crowdstrike import CrowdStrikeQueryRender -from app.translator.platforms.crowdstrike.renders.crowdstrike_cti import CrowdStrikeCTI -from app.translator.platforms.elasticsearch.parsers.detection_rule import ElasticSearchRuleParser -from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchQueryParser -from app.translator.platforms.elasticsearch.renders.detection_rule import ElasticSearchRuleRender -from app.translator.platforms.elasticsearch.renders.elast_alert import ElastAlertRuleRender -from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender -from app.translator.platforms.elasticsearch.renders.elasticsearch_cti import ElasticsearchCTI -from app.translator.platforms.elasticsearch.renders.kibana import KibanaRuleRender -from app.translator.platforms.elasticsearch.renders.xpack_watcher import XPackWatcherRuleRender -from app.translator.platforms.fireeye_helix.renders.fireeye_helix_cti import FireeyeHelixCTI -from app.translator.platforms.forti_siem.renders.forti_siem_rule import FortiSiemRuleRender -from app.translator.platforms.graylog.parsers.graylog import GraylogQueryParser -from app.translator.platforms.graylog.renders.graylog import GraylogQueryRender -from app.translator.platforms.graylog.renders.graylog_cti import GraylogCTI -from app.translator.platforms.logpoint.renders.logpoint_cti import LogpointCTI -from app.translator.platforms.logrhythm_axon.renders.logrhythm_axon_query import LogRhythmAxonQueryRender -from app.translator.platforms.logrhythm_axon.renders.logrhythm_axon_rule import LogRhythmAxonRuleRender -from app.translator.platforms.logscale.parsers.logscale import LogScaleQueryParser -from app.translator.platforms.logscale.parsers.logscale_alert import LogScaleAlertParser -from app.translator.platforms.logscale.renders.logscale import LogScaleQueryRender -from app.translator.platforms.logscale.renders.logscale_alert import LogScaleAlertRender -from app.translator.platforms.logscale.renders.logscale_cti import LogScaleCTI -from app.translator.platforms.microsoft.parsers.microsoft_defender import MicrosoftDefenderQueryParser -from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftSentinelQueryParser -from app.translator.platforms.microsoft.parsers.microsoft_sentinel_rule import MicrosoftSentinelRuleParser -from app.translator.platforms.microsoft.renders.microsoft_defender import MicrosoftDefenderQueryRender -from app.translator.platforms.microsoft.renders.microsoft_defender_cti import MicrosoftDefenderCTI -from app.translator.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender -from app.translator.platforms.microsoft.renders.microsoft_sentinel_cti import MicrosoftSentinelCTI -from app.translator.platforms.microsoft.renders.microsoft_sentinel_rule import MicrosoftSentinelRuleRender -from app.translator.platforms.opensearch.parsers.opensearch import OpenSearchQueryParser -from app.translator.platforms.opensearch.renders.opensearch import OpenSearchQueryRender -from app.translator.platforms.opensearch.renders.opensearch_cti import OpenSearchCTI -from app.translator.platforms.opensearch.renders.opensearch_rule import OpenSearchRuleRender -from app.translator.platforms.palo_alto.renders.cortex_xsiam import CortexXQLQueryRender -from app.translator.platforms.qradar.parsers.qradar import QradarQueryParser -from app.translator.platforms.qradar.renders.qradar import QradarQueryRender -from app.translator.platforms.qradar.renders.qradar_cti import QRadarCTI -from app.translator.platforms.qualys.renders.qualys_cti import QualysCTI -from app.translator.platforms.rsa_netwitness.renders.rsa_netwitness_cti import RSANetwitnessCTI -from app.translator.platforms.securonix.renders.securonix_cti import SecuronixCTI -from app.translator.platforms.sentinel_one.renders.s1_cti import S1EventsCTI -from app.translator.platforms.sigma.parsers.sigma import SigmaParser -from app.translator.platforms.sigma.renders.sigma import SigmaRender -from app.translator.platforms.snowflake.renders.snowflake_cti import SnowflakeCTI -from app.translator.platforms.splunk.parsers.splunk import SplunkQueryParser -from app.translator.platforms.splunk.parsers.splunk_alert import SplunkAlertParser -from app.translator.platforms.splunk.renders.splunk import SplunkQueryRender -from app.translator.platforms.splunk.renders.splunk_alert import SplunkAlertRender -from app.translator.platforms.splunk.renders.splunk_cti import SplunkCTI -from app.translator.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI +import importlib.util +import os -__ALL_RENDERS = ( - SigmaRender(), - MicrosoftSentinelQueryRender(), - MicrosoftSentinelRuleRender(), - MicrosoftDefenderQueryRender(), - QradarQueryRender(), - CrowdStrikeQueryRender(), - SplunkQueryRender(), - SplunkAlertRender(), - ChronicleQueryRender(), - ChronicleSecurityRuleRender(), - AthenaQueryRender(), - ElasticSearchQueryRender(), - LogRhythmAxonQueryRender(), - LogRhythmAxonRuleRender(), - LogScaleQueryRender(), - LogScaleAlertRender(), - ElasticSearchRuleRender(), - ElastAlertRuleRender(), - KibanaRuleRender(), - XPackWatcherRuleRender(), - OpenSearchQueryRender(), - OpenSearchRuleRender(), - GraylogQueryRender(), - FortiSiemRuleRender(), - CortexXQLQueryRender(), -) +from const import PLATFORMS_PATH -__ALL_PARSERS = ( - AthenaQueryParser(), - ChronicleQueryParser(), - ChronicleRuleParser(), - SplunkQueryParser(), - SplunkAlertParser(), - SigmaParser(), - QradarQueryParser(), - MicrosoftSentinelQueryParser(), - MicrosoftSentinelRuleParser(), - MicrosoftDefenderQueryParser(), - CrowdStrikeQueryParser(), - LogScaleQueryParser(), - LogScaleAlertParser(), - ElasticSearchQueryParser(), - ElasticSearchRuleParser(), - OpenSearchQueryParser(), - GraylogQueryParser(), -) +def init_platforms(): + for platform in [f for f in os.listdir(PLATFORMS_PATH) if os.path.isdir(os.path.join(PLATFORMS_PATH, f))]: + if not platform.startswith("__") and not platform.endswith("__"): + # Platforms __init__.py execution + init_path = f"{PLATFORMS_PATH}/{platform}/__init__.py" + spec = importlib.util.spec_from_file_location("__init__", init_path) + init_module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(init_module) -__ALL_RENDERS_CTI = ( - MicrosoftSentinelCTI(), - MicrosoftDefenderCTI(), - QRadarCTI(), - SplunkCTI(), - ChronicleQueryCTI(), - CrowdStrikeCTI(), - SumologicCTI(), - ElasticsearchCTI(), - LogScaleCTI(), - OpenSearchCTI(), - FireeyeHelixCTI(), - CarbonBlackCTI(), - GraylogCTI(), - LogpointCTI(), - QualysCTI(), - RSANetwitnessCTI(), - S1EventsCTI(), - SecuronixCTI(), - SnowflakeCTI(), - AthenaCTI(), -) + +init_platforms() diff --git a/uncoder-core/app/translator/platforms/arcsight/__init__.py b/uncoder-core/app/translator/platforms/arcsight/__init__.py new file mode 100644 index 00000000..661257f4 --- /dev/null +++ b/uncoder-core/app/translator/platforms/arcsight/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.arcsight.renders.arcsight_cti import ArcsightKeyword diff --git a/uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py b/uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py new file mode 100644 index 00000000..778ef04e --- /dev/null +++ b/uncoder-core/app/translator/platforms/arcsight/renders/arcsight_cti.py @@ -0,0 +1,19 @@ +from app.translator.core.models.platform_details import PlatformDetails +from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager +from app.translator.platforms.arcsight.const import ARCSIGHT_QUERY_DETAILS +from app.translator.platforms.arcsight.mappings.arcsight_cti import DEFAULT_ARCSIGHT_MAPPING + + +@render_cti_manager.register +class ArcsightKeyword(RenderCTI): + details: PlatformDetails = PlatformDetails(**ARCSIGHT_QUERY_DETAILS) + + default_mapping = DEFAULT_ARCSIGHT_MAPPING + field_value_template: str = "{key} = {value}" + or_operator: str = " OR " + group_or_operator: str = " OR " + or_group: str = "{or_group}" + result_join: str = "" + final_result_for_many: str = '({result}) AND type != 2 | rex field = flexString1 mode=sed "s//Sigma: None/g"\n' + final_result_for_one: str = '{result} AND type != 2 | rex field = flexString1 mode=sed "s//Sigma: None/g"\n' diff --git a/uncoder-core/app/translator/platforms/athena/__init__.py b/uncoder-core/app/translator/platforms/athena/__init__.py index e69de29b..e82614ac 100644 --- a/uncoder-core/app/translator/platforms/athena/__init__.py +++ b/uncoder-core/app/translator/platforms/athena/__init__.py @@ -0,0 +1,3 @@ +from app.translator.platforms.athena.parsers.athena import AthenaQueryParser +from app.translator.platforms.athena.renders.athena import AthenaQueryRender +from app.translator.platforms.athena.renders.athena_cti import AthenaCTI diff --git a/uncoder-core/app/translator/platforms/athena/parsers/athena.py b/uncoder-core/app/translator/platforms/athena/parsers/athena.py index 4d9bc298..f128af79 100644 --- a/uncoder-core/app/translator/platforms/athena/parsers/athena.py +++ b/uncoder-core/app/translator/platforms/athena/parsers/athena.py @@ -22,11 +22,13 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser +from app.translator.managers import parser_manager from app.translator.platforms.athena.const import athena_details from app.translator.platforms.athena.mapping import AthenaMappings, athena_mappings from app.translator.platforms.athena.tokenizer import AthenaTokenizer +@parser_manager.register_supported_by_roota class AthenaQueryParser(PlatformQueryParser): details: PlatformDetails = athena_details mappings: AthenaMappings = athena_mappings diff --git a/uncoder-core/app/translator/platforms/athena/renders/athena.py b/uncoder-core/app/translator/platforms/athena/renders/athena.py index 98fbfe1d..b8f236b8 100644 --- a/uncoder-core/app/translator/platforms/athena/renders/athena.py +++ b/uncoder-core/app/translator/platforms/athena/renders/athena.py @@ -23,6 +23,7 @@ from app.translator.core.mapping import LogSourceSignature from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.athena.const import athena_details from app.translator.platforms.athena.mapping import AthenaMappings, athena_mappings @@ -76,6 +77,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: ARG00 raise UnsupportedRenderMethod(platform_name=self.details.name, method="Keywords") +@render_manager.register class AthenaQueryRender(PlatformQueryRender): details: PlatformDetails = athena_details mappings: AthenaMappings = athena_mappings diff --git a/uncoder-core/app/translator/platforms/athena/renders/athena_cti.py b/uncoder-core/app/translator/platforms/athena/renders/athena_cti.py index 04e1e384..aa4f986b 100644 --- a/uncoder-core/app/translator/platforms/athena/renders/athena_cti.py +++ b/uncoder-core/app/translator/platforms/athena/renders/athena_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.athena.const import athena_details from app.translator.platforms.athena.mappings.athena_cti import DEFAULT_ATHENA_MAPPING +@render_cti_manager.register class AthenaCTI(RenderCTI): details: PlatformDetails = athena_details diff --git a/uncoder-core/app/translator/platforms/carbonblack/__init__.py b/uncoder-core/app/translator/platforms/carbonblack/__init__.py index e69de29b..72cd0014 100644 --- a/uncoder-core/app/translator/platforms/carbonblack/__init__.py +++ b/uncoder-core/app/translator/platforms/carbonblack/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.carbonblack.renders.carbonblack_cti import CarbonBlackCTI diff --git a/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py b/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py index 24cae461..489a1288 100644 --- a/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py +++ b/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.carbonblack.const import CARBON_BLACK_QUERY_DETAILS from app.translator.platforms.carbonblack.mappings.carbonblack_cti import DEFAULT_CARBONBLACK_MAPPING +@render_cti_manager.register class CarbonBlackCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**CARBON_BLACK_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/chronicle/__init__.py b/uncoder-core/app/translator/platforms/chronicle/__init__.py index e69de29b..0fbcb0e2 100644 --- a/uncoder-core/app/translator/platforms/chronicle/__init__.py +++ b/uncoder-core/app/translator/platforms/chronicle/__init__.py @@ -0,0 +1,5 @@ +from app.translator.platforms.chronicle.parsers.chronicle import ChronicleQueryParser +from app.translator.platforms.chronicle.parsers.chronicle_rule import ChronicleRuleParser +from app.translator.platforms.chronicle.renders.chronicle import ChronicleQueryRender +from app.translator.platforms.chronicle.renders.chronicle_cti import ChronicleQueryCTI +from app.translator.platforms.chronicle.renders.chronicle_rule import ChronicleSecurityRuleRender diff --git a/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py b/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py index e46d5258..7e511344 100644 --- a/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py +++ b/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle.py @@ -20,11 +20,13 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser +from app.translator.managers import parser_manager from app.translator.platforms.chronicle.const import chronicle_query_details from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings from app.translator.platforms.chronicle.tokenizer import ChronicleQueryTokenizer +@parser_manager.register_supported_by_roota class ChronicleQueryParser(PlatformQueryParser): mappings: ChronicleMappings = chronicle_mappings tokenizer: ChronicleQueryTokenizer = ChronicleQueryTokenizer() diff --git a/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py b/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py index 2e538557..c7929714 100644 --- a/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py +++ b/uncoder-core/app/translator/platforms/chronicle/parsers/chronicle_rule.py @@ -21,12 +21,14 @@ from app.translator.core.exceptions.parser import TokenizerGeneralException from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer +from app.translator.managers import parser_manager from app.translator.platforms.chronicle.const import chronicle_rule_details from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings from app.translator.platforms.chronicle.parsers.chronicle import ChronicleQueryParser from app.translator.platforms.chronicle.tokenizer import ChronicleRuleTokenizer +@parser_manager.register class ChronicleRuleParser(ChronicleQueryParser): details: PlatformDetails = chronicle_rule_details rule_name_pattern = "rule\s(?P[a-z0-9_]+)\s{" diff --git a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle.py b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle.py index c771507c..63f75608 100644 --- a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle.py +++ b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle.py @@ -23,6 +23,7 @@ from app.translator.core.exceptions.render import UnsupportedRenderMethod from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.chronicle.const import chronicle_query_details from app.translator.platforms.chronicle.escape_manager import chronicle_escape_manager from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings @@ -96,6 +97,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: ARG00 raise UnsupportedRenderMethod(platform_name=self.details.name, method="Keywords") +@render_manager.register class ChronicleQueryRender(PlatformQueryRender): details: PlatformDetails = chronicle_query_details mappings: ChronicleMappings = chronicle_mappings diff --git a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_cti.py b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_cti.py index 539d5fb1..ca68950d 100644 --- a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_cti.py +++ b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.chronicle.const import chronicle_query_details from app.translator.platforms.chronicle.mappings.chronicle_cti import DEFAULT_CHRONICLE_MAPPING +@render_cti_manager.register class ChronicleQueryCTI(RenderCTI): details: PlatformDetails = chronicle_query_details diff --git a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_rule.py b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_rule.py index d4e8776f..aaa64384 100644 --- a/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_rule.py +++ b/uncoder-core/app/translator/platforms/chronicle/renders/chronicle_rule.py @@ -24,6 +24,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.chronicle.const import DEFAULT_CHRONICLE_SECURITY_RULE, chronicle_rule_details from app.translator.platforms.chronicle.renders.chronicle import ChronicleFieldValue, ChronicleQueryRender @@ -80,6 +81,7 @@ def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: return f"re.regex({self.apply_field(field)}, `{self.apply_asterisk_value(value)}`)" +@render_manager.register class ChronicleSecurityRuleRender(ChronicleQueryRender): details: PlatformDetails = chronicle_rule_details or_token = "or" diff --git a/uncoder-core/app/translator/platforms/crowdstrike/__init__.py b/uncoder-core/app/translator/platforms/crowdstrike/__init__.py index e69de29b..e641e4b0 100644 --- a/uncoder-core/app/translator/platforms/crowdstrike/__init__.py +++ b/uncoder-core/app/translator/platforms/crowdstrike/__init__.py @@ -0,0 +1,3 @@ +from app.translator.platforms.crowdstrike.parsers.crowdstrike import CrowdStrikeQueryParser +from app.translator.platforms.crowdstrike.renders.crowdstrike import CrowdStrikeQueryRender +from app.translator.platforms.crowdstrike.renders.crowdstrike_cti import CrowdStrikeCTI diff --git a/uncoder-core/app/translator/platforms/crowdstrike/parsers/crowdstrike.py b/uncoder-core/app/translator/platforms/crowdstrike/parsers/crowdstrike.py index 0f366280..85b9635e 100644 --- a/uncoder-core/app/translator/platforms/crowdstrike/parsers/crowdstrike.py +++ b/uncoder-core/app/translator/platforms/crowdstrike/parsers/crowdstrike.py @@ -16,12 +16,14 @@ ----------------------------------------------------------------- """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.base.spl.parsers.spl import SplQueryParser from app.translator.platforms.crowdstrike.const import crowdstrike_query_details from app.translator.platforms.crowdstrike.functions import CrowdStrikeFunctions, crowd_strike_functions from app.translator.platforms.crowdstrike.mapping import CrowdstrikeMappings, crowdstrike_mappings +@parser_manager.register_supported_by_roota class CrowdStrikeQueryParser(SplQueryParser): details: PlatformDetails = crowdstrike_query_details diff --git a/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike.py b/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike.py index b93f6a6b..17ae1a15 100644 --- a/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike.py +++ b/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike.py @@ -17,6 +17,7 @@ ----------------------------------------------------------------- """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import render_manager from app.translator.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender from app.translator.platforms.crowdstrike.const import crowdstrike_query_details from app.translator.platforms.crowdstrike.functions import CrowdStrikeFunctions, crowd_strike_functions @@ -27,6 +28,7 @@ class CrowdStrikeFieldValue(SplFieldValue): details = crowdstrike_query_details +@render_manager.register class CrowdStrikeQueryRender(SplQueryRender): details: PlatformDetails = crowdstrike_query_details query_pattern = "{prefix} {query} {functions}" diff --git a/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py b/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py index a559d73e..cb04502f 100644 --- a/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py +++ b/uncoder-core/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.crowdstrike.const import crowdstrike_query_details from app.translator.platforms.crowdstrike.mappings.crowdstrike_cti import DEFAULT_CROWDSTRIKE_MAPPING +@render_cti_manager.register class CrowdStrikeCTI(RenderCTI): details: PlatformDetails = crowdstrike_query_details diff --git a/uncoder-core/app/translator/platforms/elasticsearch/__init__.py b/uncoder-core/app/translator/platforms/elasticsearch/__init__.py index e69de29b..4dc1ac91 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/__init__.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/__init__.py @@ -0,0 +1,8 @@ +from app.translator.platforms.elasticsearch.parsers.detection_rule import ElasticSearchRuleParser +from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchQueryParser +from app.translator.platforms.elasticsearch.renders.detection_rule import ElasticSearchRuleRender +from app.translator.platforms.elasticsearch.renders.elast_alert import ElastAlertRuleRender +from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender +from app.translator.platforms.elasticsearch.renders.elasticsearch_cti import ElasticsearchCTI +from app.translator.platforms.elasticsearch.renders.kibana import KibanaRuleRender +from app.translator.platforms.elasticsearch.renders.xpack_watcher import XPackWatcherRuleRender diff --git a/uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py b/uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py index 0bd18046..3e6a7823 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py @@ -16,13 +16,16 @@ ----------------------------------------------------------------- """ + from app.translator.core.mixins.rule import JsonRuleMixin from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer +from app.translator.managers import parser_manager from app.translator.platforms.elasticsearch.const import elasticsearch_rule_details from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchQueryParser +@parser_manager.register class ElasticSearchRuleParser(ElasticSearchQueryParser, JsonRuleMixin): details: PlatformDetails = elasticsearch_rule_details diff --git a/uncoder-core/app/translator/platforms/elasticsearch/parsers/elasticsearch.py b/uncoder-core/app/translator/platforms/elasticsearch/parsers/elasticsearch.py index 080b2a5e..a3bad851 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/parsers/elasticsearch.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/parsers/elasticsearch.py @@ -17,11 +17,13 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.base.lucene.parsers.lucene import LuceneQueryParser from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings +@parser_manager.register_supported_by_roota class ElasticSearchQueryParser(LuceneQueryParser): details: PlatformDetails = elasticsearch_lucene_query_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/detection_rule.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/detection_rule.py index 1b335e7f..4e7face5 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/detection_rule.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/detection_rule.py @@ -25,6 +25,7 @@ from app.translator.core.mitre import MitreConfig from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.elasticsearch.const import ELASTICSEARCH_DETECTION_RULE, elasticsearch_rule_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings from app.translator.platforms.elasticsearch.renders.elasticsearch import ( @@ -39,6 +40,7 @@ class ElasticSearchRuleFieldValue(ElasticSearchFieldValue): details: PlatformDetails = elasticsearch_rule_details +@render_manager.register class ElasticSearchRuleRender(ElasticSearchQueryRender): details: PlatformDetails = elasticsearch_rule_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/elast_alert.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/elast_alert.py index 57328365..ba1bb93b 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/elast_alert.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/elast_alert.py @@ -22,6 +22,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.elasticsearch.const import ELASTICSEARCH_ALERT, elastalert_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings from app.translator.platforms.elasticsearch.renders.elasticsearch import ( @@ -38,6 +39,7 @@ class ElasticAlertRuleFieldValue(ElasticSearchFieldValue): details: PlatformDetails = elastalert_details +@render_manager.register class ElastAlertRuleRender(ElasticSearchQueryRender): details: PlatformDetails = elastalert_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch.py index bbe4fb7f..8d2db1d0 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch.py @@ -18,6 +18,7 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import render_manager from app.translator.platforms.base.lucene.renders.lucene import LuceneFieldValue, LuceneQueryRender from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings @@ -27,6 +28,7 @@ class ElasticSearchFieldValue(LuceneFieldValue): details: PlatformDetails = elasticsearch_lucene_query_details +@render_manager.register class ElasticSearchQueryRender(LuceneQueryRender): details: PlatformDetails = elasticsearch_lucene_query_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py index 9d1cc0d0..34f2514e 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details from app.translator.platforms.elasticsearch.mappings.elasticsearch_cti_cti import DEFAULT_ELASTICSEARCH_MAPPING +@render_cti_manager.register class ElasticsearchCTI(RenderCTI): details: PlatformDetails = elasticsearch_lucene_query_details diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/kibana.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/kibana.py index efd4546e..31216239 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/kibana.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/kibana.py @@ -23,6 +23,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.elasticsearch.const import KIBANA_RULE, KIBANA_SEARCH_SOURCE_JSON, kibana_rule_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings from app.translator.platforms.elasticsearch.renders.elasticsearch import ( @@ -38,6 +39,7 @@ class KibanaFieldValue(ElasticSearchFieldValue): details: PlatformDetails = kibana_rule_details +@render_manager.register class KibanaRuleRender(ElasticSearchQueryRender): details: PlatformDetails = kibana_rule_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/xpack_watcher.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/xpack_watcher.py index 7fb1b5c7..551ac2c6 100644 --- a/uncoder-core/app/translator/platforms/elasticsearch/renders/xpack_watcher.py +++ b/uncoder-core/app/translator/platforms/elasticsearch/renders/xpack_watcher.py @@ -23,6 +23,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.elasticsearch.const import XPACK_WATCHER_RULE, xpack_watcher_details from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings from app.translator.platforms.elasticsearch.renders.elasticsearch import ( @@ -38,6 +39,7 @@ class XpackWatcherRuleFieldValue(ElasticSearchFieldValue): details: PlatformDetails = xpack_watcher_details +@render_manager.register class XPackWatcherRuleRender(ElasticSearchQueryRender): details: PlatformDetails = xpack_watcher_details mappings: ElasticSearchMappings = elasticsearch_mappings diff --git a/uncoder-core/app/translator/platforms/fireeye_helix/__init__.py b/uncoder-core/app/translator/platforms/fireeye_helix/__init__.py index e69de29b..d90f3965 100644 --- a/uncoder-core/app/translator/platforms/fireeye_helix/__init__.py +++ b/uncoder-core/app/translator/platforms/fireeye_helix/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.fireeye_helix.renders.fireeye_helix_cti import FireeyeHelixCTI diff --git a/uncoder-core/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py b/uncoder-core/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py index c71ec5b1..8aaf0f0c 100644 --- a/uncoder-core/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py +++ b/uncoder-core/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.fireeye_helix.const import FIREEYE_HELIX_QUERY_DETAILS from app.translator.platforms.fireeye_helix.mappings.fireeye_helix import DEFAULT_FIREEYE_HELIX_MAPPING +@render_cti_manager.register class FireeyeHelixCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**FIREEYE_HELIX_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/forti_siem/__init__.py b/uncoder-core/app/translator/platforms/forti_siem/__init__.py index e69de29b..479c80ef 100644 --- a/uncoder-core/app/translator/platforms/forti_siem/__init__.py +++ b/uncoder-core/app/translator/platforms/forti_siem/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.forti_siem.renders.forti_siem_rule import FortiSiemRuleRender diff --git a/uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py b/uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py index 68a2b7e4..bef9392b 100644 --- a/uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py +++ b/uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py @@ -30,6 +30,7 @@ from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender from app.translator.core.str_value_manager import StrValue from app.translator.core.tokenizer import TOKEN_TYPE +from app.translator.managers import render_manager from app.translator.platforms.forti_siem.const import ( FORTI_SIEM_RULE, SOURCES_EVENT_TYPES_CONTAINERS_MAP, @@ -181,6 +182,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: ARG00 raise UnsupportedRenderMethod(platform_name=self.details.name, method="Keywords") +@render_manager.register class FortiSiemRuleRender(PlatformQueryRender): details: PlatformDetails = forti_siem_rule_details mappings: FortiSiemMappings = forti_siem_mappings diff --git a/uncoder-core/app/translator/platforms/graylog/__init__.py b/uncoder-core/app/translator/platforms/graylog/__init__.py index e69de29b..d0b256ae 100644 --- a/uncoder-core/app/translator/platforms/graylog/__init__.py +++ b/uncoder-core/app/translator/platforms/graylog/__init__.py @@ -0,0 +1,3 @@ +from app.translator.platforms.graylog.parsers.graylog import GraylogQueryParser +from app.translator.platforms.graylog.renders.graylog import GraylogQueryRender +from app.translator.platforms.graylog.renders.graylog_cti import GraylogCTI diff --git a/uncoder-core/app/translator/platforms/graylog/parsers/graylog.py b/uncoder-core/app/translator/platforms/graylog/parsers/graylog.py index 9b502044..a4707a09 100644 --- a/uncoder-core/app/translator/platforms/graylog/parsers/graylog.py +++ b/uncoder-core/app/translator/platforms/graylog/parsers/graylog.py @@ -17,11 +17,13 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.base.lucene.parsers.lucene import LuceneQueryParser from app.translator.platforms.graylog.const import graylog_details from app.translator.platforms.graylog.mapping import GraylogMappings, graylog_mappings +@parser_manager.register_supported_by_roota class GraylogQueryParser(LuceneQueryParser): details: PlatformDetails = graylog_details mappings: GraylogMappings = graylog_mappings diff --git a/uncoder-core/app/translator/platforms/graylog/renders/graylog.py b/uncoder-core/app/translator/platforms/graylog/renders/graylog.py index 90540ab0..2bdf001e 100644 --- a/uncoder-core/app/translator/platforms/graylog/renders/graylog.py +++ b/uncoder-core/app/translator/platforms/graylog/renders/graylog.py @@ -18,6 +18,7 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import render_manager from app.translator.platforms.base.lucene.renders.lucene import LuceneFieldValue, LuceneQueryRender from app.translator.platforms.graylog.const import graylog_details from app.translator.platforms.graylog.mapping import GraylogMappings, graylog_mappings @@ -27,6 +28,7 @@ class GraylogFieldValue(LuceneFieldValue): details: PlatformDetails = graylog_details +@render_manager.register class GraylogQueryRender(LuceneQueryRender): details: PlatformDetails = graylog_details mappings: GraylogMappings = graylog_mappings diff --git a/uncoder-core/app/translator/platforms/graylog/renders/graylog_cti.py b/uncoder-core/app/translator/platforms/graylog/renders/graylog_cti.py index 327b6fc8..b607b8d4 100644 --- a/uncoder-core/app/translator/platforms/graylog/renders/graylog_cti.py +++ b/uncoder-core/app/translator/platforms/graylog/renders/graylog_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.graylog.const import GRAYLOG_QUERY_DETAILS from app.translator.platforms.graylog.mappings.graylog_cti import DEFAULT_GRAYLOG_MAPPING +@render_cti_manager.register class GraylogCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**GRAYLOG_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/logpoint/__init__.py b/uncoder-core/app/translator/platforms/logpoint/__init__.py index e69de29b..e8437684 100644 --- a/uncoder-core/app/translator/platforms/logpoint/__init__.py +++ b/uncoder-core/app/translator/platforms/logpoint/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.logpoint.renders.logpoint_cti import LogpointCTI diff --git a/uncoder-core/app/translator/platforms/logpoint/renders/logpoint_cti.py b/uncoder-core/app/translator/platforms/logpoint/renders/logpoint_cti.py index 20f245df..f4799a81 100644 --- a/uncoder-core/app/translator/platforms/logpoint/renders/logpoint_cti.py +++ b/uncoder-core/app/translator/platforms/logpoint/renders/logpoint_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.logpoint.const import LOGPOINT_QUERY_DETAILS from app.translator.platforms.logpoint.mappings.logpoint_cti import DEFAULT_LOGPOINT_MAPPING +@render_cti_manager.register class LogpointCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**LOGPOINT_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/logrhythm_axon/__init__.py b/uncoder-core/app/translator/platforms/logrhythm_axon/__init__.py index e69de29b..2ec2c0fb 100644 --- a/uncoder-core/app/translator/platforms/logrhythm_axon/__init__.py +++ b/uncoder-core/app/translator/platforms/logrhythm_axon/__init__.py @@ -0,0 +1,2 @@ +from app.translator.platforms.logrhythm_axon.renders.logrhythm_axon_query import LogRhythmAxonQueryRender +from app.translator.platforms.logrhythm_axon.renders.logrhythm_axon_rule import LogRhythmAxonRuleRender diff --git a/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py b/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py index 33d926e6..4bfc4749 100644 --- a/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py +++ b/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_query.py @@ -29,6 +29,7 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import TokenizedQueryContainer from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.logrhythm_axon.const import UNMAPPED_FIELD_DEFAULT_NAME, logrhythm_axon_query_details from app.translator.platforms.logrhythm_axon.escape_manager import logrhythm_query_escape_manager from app.translator.platforms.logrhythm_axon.mapping import LogRhythmAxonMappings, logrhythm_axon_mappings @@ -193,6 +194,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: ARG00 return f'{UNMAPPED_FIELD_DEFAULT_NAME} CONTAINS "{value}"' +@render_manager.register class LogRhythmAxonQueryRender(PlatformQueryRender): details: PlatformDetails = logrhythm_axon_query_details diff --git a/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py b/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py index 0e80fa42..7a250041 100644 --- a/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py +++ b/uncoder-core/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py @@ -24,6 +24,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.logrhythm_axon.const import DEFAULT_LOGRHYTHM_AXON_RULE, logrhythm_axon_rule_details from app.translator.platforms.logrhythm_axon.escape_manager import logrhythm_rule_escape_manager from app.translator.platforms.logrhythm_axon.renders.logrhythm_axon_query import ( @@ -47,6 +48,7 @@ class LogRhythmAxonRuleFieldValue(LogRhythmAxonFieldValue): escape_manager = logrhythm_rule_escape_manager +@render_manager.register class LogRhythmAxonRuleRender(LogRhythmAxonQueryRender): details: PlatformDetails = logrhythm_axon_rule_details or_token = "or" diff --git a/uncoder-core/app/translator/platforms/logscale/__init__.py b/uncoder-core/app/translator/platforms/logscale/__init__.py index e69de29b..7e988758 100644 --- a/uncoder-core/app/translator/platforms/logscale/__init__.py +++ b/uncoder-core/app/translator/platforms/logscale/__init__.py @@ -0,0 +1,5 @@ +from app.translator.platforms.logscale.parsers.logscale import LogScaleQueryParser +from app.translator.platforms.logscale.parsers.logscale_alert import LogScaleAlertParser +from app.translator.platforms.logscale.renders.logscale import LogScaleQueryRender +from app.translator.platforms.logscale.renders.logscale_alert import LogScaleAlertRender +from app.translator.platforms.logscale.renders.logscale_cti import LogScaleCTI diff --git a/uncoder-core/app/translator/platforms/logscale/parsers/logscale.py b/uncoder-core/app/translator/platforms/logscale/parsers/logscale.py index a8c4c852..fd9ede79 100644 --- a/uncoder-core/app/translator/platforms/logscale/parsers/logscale.py +++ b/uncoder-core/app/translator/platforms/logscale/parsers/logscale.py @@ -21,12 +21,14 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser +from app.translator.managers import parser_manager from app.translator.platforms.logscale.const import logscale_query_details from app.translator.platforms.logscale.functions import LogScaleFunctions, log_scale_functions from app.translator.platforms.logscale.mapping import LogScaleMappings, logscale_mappings from app.translator.platforms.logscale.tokenizer import LogScaleTokenizer +@parser_manager.register_supported_by_roota class LogScaleQueryParser(PlatformQueryParser): details: PlatformDetails = logscale_query_details platform_functions: LogScaleFunctions = log_scale_functions diff --git a/uncoder-core/app/translator/platforms/logscale/parsers/logscale_alert.py b/uncoder-core/app/translator/platforms/logscale/parsers/logscale_alert.py index 9520f315..f9a18c01 100644 --- a/uncoder-core/app/translator/platforms/logscale/parsers/logscale_alert.py +++ b/uncoder-core/app/translator/platforms/logscale/parsers/logscale_alert.py @@ -16,13 +16,16 @@ ----------------------------------------------------------------- """ + from app.translator.core.mixins.rule import JsonRuleMixin from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer +from app.translator.managers import parser_manager from app.translator.platforms.logscale.const import logscale_alert_details from app.translator.platforms.logscale.parsers.logscale import LogScaleQueryParser +@parser_manager.register class LogScaleAlertParser(LogScaleQueryParser, JsonRuleMixin): details: PlatformDetails = logscale_alert_details diff --git a/uncoder-core/app/translator/platforms/logscale/renders/logscale.py b/uncoder-core/app/translator/platforms/logscale/renders/logscale.py index 1a915937..a4e529ed 100644 --- a/uncoder-core/app/translator/platforms/logscale/renders/logscale.py +++ b/uncoder-core/app/translator/platforms/logscale/renders/logscale.py @@ -23,6 +23,7 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.logscale.const import logscale_query_details from app.translator.platforms.logscale.escape_manager import logscale_escape_manager from app.translator.platforms.logscale.functions import LogScaleFunctions, log_scale_functions @@ -90,6 +91,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: return f"/{self.apply_value(value)}/i" +@render_manager.register class LogScaleQueryRender(PlatformQueryRender): details: PlatformDetails = logscale_query_details mappings: LogScaleMappings = logscale_mappings diff --git a/uncoder-core/app/translator/platforms/logscale/renders/logscale_alert.py b/uncoder-core/app/translator/platforms/logscale/renders/logscale_alert.py index e69481d4..24e9142f 100644 --- a/uncoder-core/app/translator/platforms/logscale/renders/logscale_alert.py +++ b/uncoder-core/app/translator/platforms/logscale/renders/logscale_alert.py @@ -23,6 +23,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.logscale.const import DEFAULT_LOGSCALE_ALERT, logscale_alert_details from app.translator.platforms.logscale.renders.logscale import LogScaleFieldValue, LogScaleQueryRender from app.translator.tools.utils import get_rule_description_str @@ -34,6 +35,7 @@ class LogScaleAlertFieldValue(LogScaleFieldValue): details: PlatformDetails = logscale_alert_details +@render_manager.register class LogScaleAlertRender(LogScaleQueryRender): details: PlatformDetails = logscale_alert_details or_token = "or" diff --git a/uncoder-core/app/translator/platforms/logscale/renders/logscale_cti.py b/uncoder-core/app/translator/platforms/logscale/renders/logscale_cti.py index 7806160c..3dc73d1a 100644 --- a/uncoder-core/app/translator/platforms/logscale/renders/logscale_cti.py +++ b/uncoder-core/app/translator/platforms/logscale/renders/logscale_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.logscale.const import logscale_query_details from app.translator.platforms.logscale.mappings.logscale_cti import DEFAULT_LOGSCALE_MAPPING +@render_cti_manager.register class LogScaleCTI(RenderCTI): details: PlatformDetails = logscale_query_details diff --git a/uncoder-core/app/translator/platforms/microsoft/__init__.py b/uncoder-core/app/translator/platforms/microsoft/__init__.py index e69de29b..1f85387e 100644 --- a/uncoder-core/app/translator/platforms/microsoft/__init__.py +++ b/uncoder-core/app/translator/platforms/microsoft/__init__.py @@ -0,0 +1,8 @@ +from app.translator.platforms.microsoft.parsers.microsoft_defender import MicrosoftDefenderQueryParser +from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftSentinelQueryParser +from app.translator.platforms.microsoft.parsers.microsoft_sentinel_rule import MicrosoftSentinelRuleParser +from app.translator.platforms.microsoft.renders.microsoft_defender import MicrosoftDefenderQueryRender +from app.translator.platforms.microsoft.renders.microsoft_defender_cti import MicrosoftDefenderCTI +from app.translator.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender +from app.translator.platforms.microsoft.renders.microsoft_sentinel_cti import MicrosoftSentinelCTI +from app.translator.platforms.microsoft.renders.microsoft_sentinel_rule import MicrosoftSentinelRuleRender diff --git a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_defender.py b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_defender.py index e9caab24..a903f0b3 100644 --- a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_defender.py +++ b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_defender.py @@ -17,12 +17,14 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.microsoft.const import microsoft_defender_details from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_defender_functions from app.translator.platforms.microsoft.mapping import MicrosoftDefenderMappings, microsoft_defender_mappings from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftSentinelQueryParser +@parser_manager.register_supported_by_roota class MicrosoftDefenderQueryParser(MicrosoftSentinelQueryParser): mappings: MicrosoftDefenderMappings = microsoft_defender_mappings details: PlatformDetails = microsoft_defender_details diff --git a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py index 0315574e..746c5cb0 100644 --- a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py +++ b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py @@ -21,12 +21,14 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser +from app.translator.managers import parser_manager from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_sentinel_functions from app.translator.platforms.microsoft.mapping import MicrosoftSentinelMappings, microsoft_sentinel_mappings from app.translator.platforms.microsoft.tokenizer import MicrosoftSentinelTokenizer +@parser_manager.register_supported_by_roota class MicrosoftSentinelQueryParser(PlatformQueryParser): platform_functions: MicrosoftFunctions = microsoft_sentinel_functions mappings: MicrosoftSentinelMappings = microsoft_sentinel_mappings diff --git a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py index 465fdb2b..c0615b57 100644 --- a/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py +++ b/uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py @@ -16,13 +16,16 @@ ----------------------------------------------------------------- """ + from app.translator.core.mixins.rule import JsonRuleMixin from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer +from app.translator.managers import parser_manager from app.translator.platforms.microsoft.const import microsoft_sentinel_rule_details from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftSentinelQueryParser +@parser_manager.register class MicrosoftSentinelRuleParser(MicrosoftSentinelQueryParser, JsonRuleMixin): details: PlatformDetails = microsoft_sentinel_rule_details diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender.py index 8891fab4..59a8fe43 100644 --- a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender.py +++ b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender.py @@ -18,6 +18,7 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import render_manager from app.translator.platforms.microsoft.const import microsoft_defender_details from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_defender_functions from app.translator.platforms.microsoft.mapping import MicrosoftDefenderMappings, microsoft_defender_mappings @@ -31,6 +32,7 @@ class MicrosoftDefenderFieldValue(MicrosoftSentinelFieldValue): details: PlatformDetails = microsoft_defender_details +@render_manager.register class MicrosoftDefenderQueryRender(MicrosoftSentinelQueryRender): mappings: MicrosoftDefenderMappings = microsoft_defender_mappings details: PlatformDetails = microsoft_defender_details diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py index e1ae56a9..372cb58d 100644 --- a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py +++ b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py @@ -16,15 +16,16 @@ limitations under the License. ----------------------------------------------------------------- """ - from typing import ClassVar from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.microsoft.const import microsoft_defender_details from app.translator.platforms.microsoft.mappings.mdatp_cti import DEFAULT_MICROSOFT_DEFENDER_MAPPING +@render_cti_manager.register class MicrosoftDefenderCTI(RenderCTI): details: PlatformDetails = microsoft_defender_details diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py index 460158b5..f86bdc0c 100644 --- a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py +++ b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel.py @@ -22,6 +22,7 @@ from app.translator.core.mapping import LogSourceSignature from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details from app.translator.platforms.microsoft.escape_manager import microsoft_escape_manager from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_sentinel_functions @@ -117,6 +118,7 @@ def is_not_none(self, field: str, value: Union[str, int]) -> str: # noqa: ARG00 return f"isnotempty({self.apply_value(value)})" +@render_manager.register class MicrosoftSentinelQueryRender(PlatformQueryRender): details: PlatformDetails = microsoft_sentinel_query_details platform_functions: MicrosoftFunctions = microsoft_sentinel_functions diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py index 1fe633e5..018c0934 100644 --- a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py +++ b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details from app.translator.platforms.microsoft.mappings.microsoft_sentinel_cti import DEFAULT_MICROSOFT_SENTINEL_MAPPING +@render_cti_manager.register class MicrosoftSentinelCTI(RenderCTI): details: PlatformDetails = microsoft_sentinel_query_details diff --git a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py index 218defad..8a7089c5 100644 --- a/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py +++ b/uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py @@ -24,6 +24,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.microsoft.const import DEFAULT_MICROSOFT_SENTINEL_RULE, microsoft_sentinel_rule_details from app.translator.platforms.microsoft.renders.microsoft_sentinel import ( MicrosoftSentinelFieldValue, @@ -44,6 +45,7 @@ class MicrosoftSentinelRuleFieldValue(MicrosoftSentinelFieldValue): details: PlatformDetails = microsoft_sentinel_rule_details +@render_manager.register class MicrosoftSentinelRuleRender(MicrosoftSentinelQueryRender): details: PlatformDetails = microsoft_sentinel_rule_details or_token = "or" diff --git a/uncoder-core/app/translator/platforms/opensearch/__init__.py b/uncoder-core/app/translator/platforms/opensearch/__init__.py index e69de29b..a46e7a32 100644 --- a/uncoder-core/app/translator/platforms/opensearch/__init__.py +++ b/uncoder-core/app/translator/platforms/opensearch/__init__.py @@ -0,0 +1,4 @@ +from app.translator.platforms.opensearch.parsers.opensearch import OpenSearchQueryParser +from app.translator.platforms.opensearch.renders.opensearch import OpenSearchQueryRender +from app.translator.platforms.opensearch.renders.opensearch_cti import OpenSearchCTI +from app.translator.platforms.opensearch.renders.opensearch_rule import OpenSearchRuleRender diff --git a/uncoder-core/app/translator/platforms/opensearch/parsers/opensearch.py b/uncoder-core/app/translator/platforms/opensearch/parsers/opensearch.py index 245f9494..b07e01f1 100644 --- a/uncoder-core/app/translator/platforms/opensearch/parsers/opensearch.py +++ b/uncoder-core/app/translator/platforms/opensearch/parsers/opensearch.py @@ -17,11 +17,13 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.base.lucene.parsers.lucene import LuceneQueryParser from app.translator.platforms.opensearch.const import opensearch_query_details from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings +@parser_manager.register_supported_by_roota class OpenSearchQueryParser(LuceneQueryParser): details: PlatformDetails = opensearch_query_details mappings: OpenSearchMappings = opensearch_mappings diff --git a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch.py b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch.py index 03a26755..23808279 100644 --- a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch.py +++ b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch.py @@ -16,13 +16,13 @@ limitations under the License. ----------------------------------------------------------------- """ - from typing import Union from app.translator.const import DEFAULT_VALUE_TYPE from app.translator.core.custom_types.values import ValueType from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.str_value_manager import StrValue +from app.translator.managers import render_manager from app.translator.platforms.base.lucene.renders.lucene import LuceneFieldValue, LuceneQueryRender from app.translator.platforms.opensearch.const import opensearch_query_details from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings @@ -95,6 +95,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: return f'"*{self._pre_process_value(field, value)}*"' +@render_manager.register class OpenSearchQueryRender(LuceneQueryRender): details: PlatformDetails = opensearch_query_details mappings: OpenSearchMappings = opensearch_mappings diff --git a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_cti.py b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_cti.py index 8d2e9458..40931c08 100644 --- a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_cti.py +++ b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.opensearch.const import opensearch_query_details from app.translator.platforms.opensearch.mappings.opensearch_cti import DEFAULT_OPENSEARCH_MAPPING +@render_cti_manager.register class OpenSearchCTI(RenderCTI): details: PlatformDetails = opensearch_query_details diff --git a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py index b1249890..557f911e 100644 --- a/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py +++ b/uncoder-core/app/translator/platforms/opensearch/renders/opensearch_rule.py @@ -26,6 +26,7 @@ from app.translator.core.models.identifier import Identifier from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer, TokenizedQueryContainer +from app.translator.managers import render_manager from app.translator.platforms.opensearch.const import OPENSEARCH_RULE, opensearch_rule_details from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings from app.translator.platforms.opensearch.renders.opensearch import OpenSearchFieldValue, OpenSearchQueryRender @@ -38,6 +39,7 @@ class OpenSearchRuleFieldValue(OpenSearchFieldValue): details: PlatformDetails = opensearch_rule_details +@render_manager.register class OpenSearchRuleRender(OpenSearchQueryRender): details: PlatformDetails = opensearch_rule_details mappings: OpenSearchMappings = opensearch_mappings diff --git a/uncoder-core/app/translator/platforms/palo_alto/__init__.py b/uncoder-core/app/translator/platforms/palo_alto/__init__.py index e69de29b..732d1f28 100644 --- a/uncoder-core/app/translator/platforms/palo_alto/__init__.py +++ b/uncoder-core/app/translator/platforms/palo_alto/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.palo_alto.renders.cortex_xsiam import CortexXQLQueryRender diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py index b5eb1c90..5ced749f 100644 --- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py +++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py @@ -22,6 +22,7 @@ from app.translator.core.exceptions.render import UnsupportedRenderMethod from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.palo_alto.const import cortex_xql_query_details from app.translator.platforms.palo_alto.escape_manager import cortex_xql_escape_manager from app.translator.platforms.palo_alto.mapping import ( @@ -97,6 +98,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: # noqa: ARG00 raise UnsupportedRenderMethod(platform_name=self.details.name, method="Keywords") +@render_manager.register class CortexXQLQueryRender(PlatformQueryRender): details: PlatformDetails = cortex_xql_query_details mappings: CortexXSIAMMappings = cortex_xsiam_mappings diff --git a/uncoder-core/app/translator/platforms/qradar/__init__.py b/uncoder-core/app/translator/platforms/qradar/__init__.py index e69de29b..2852a4b1 100644 --- a/uncoder-core/app/translator/platforms/qradar/__init__.py +++ b/uncoder-core/app/translator/platforms/qradar/__init__.py @@ -0,0 +1,3 @@ +from app.translator.platforms.qradar.parsers.qradar import QradarQueryParser +from app.translator.platforms.qradar.renders.qradar import QradarQueryRender +from app.translator.platforms.qradar.renders.qradar_cti import QRadarCTI diff --git a/uncoder-core/app/translator/platforms/qradar/parsers/qradar.py b/uncoder-core/app/translator/platforms/qradar/parsers/qradar.py index 4aa54c7d..bc153760 100644 --- a/uncoder-core/app/translator/platforms/qradar/parsers/qradar.py +++ b/uncoder-core/app/translator/platforms/qradar/parsers/qradar.py @@ -22,12 +22,14 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser +from app.translator.managers import parser_manager from app.translator.platforms.qradar.const import NUM_VALUE_PATTERN, SINGLE_QUOTES_VALUE_PATTERN, qradar_query_details from app.translator.platforms.qradar.mapping import QradarMappings, qradar_mappings from app.translator.platforms.qradar.tokenizer import QradarTokenizer from app.translator.tools.utils import get_match_group +@parser_manager.register_supported_by_roota class QradarQueryParser(PlatformQueryParser): details: PlatformDetails = qradar_query_details tokenizer = QradarTokenizer() diff --git a/uncoder-core/app/translator/platforms/qradar/renders/qradar.py b/uncoder-core/app/translator/platforms/qradar/renders/qradar.py index e89bb041..8990b24f 100644 --- a/uncoder-core/app/translator/platforms/qradar/renders/qradar.py +++ b/uncoder-core/app/translator/platforms/qradar/renders/qradar.py @@ -22,6 +22,7 @@ from app.translator.core.custom_types.values import ValueType from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender +from app.translator.managers import render_manager from app.translator.platforms.qradar.const import qradar_query_details from app.translator.platforms.qradar.escape_manager import qradar_escape_manager from app.translator.platforms.qradar.mapping import QradarLogSourceSignature, QradarMappings, qradar_mappings @@ -106,6 +107,7 @@ def keywords(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: return f"UTF8(payload) ILIKE '%{self.apply_value(value)}%'" +@render_manager.register class QradarQueryRender(PlatformQueryRender): details: PlatformDetails = qradar_query_details mappings: QradarMappings = qradar_mappings diff --git a/uncoder-core/app/translator/platforms/qradar/renders/qradar_cti.py b/uncoder-core/app/translator/platforms/qradar/renders/qradar_cti.py index 7b64246b..529b9620 100644 --- a/uncoder-core/app/translator/platforms/qradar/renders/qradar_cti.py +++ b/uncoder-core/app/translator/platforms/qradar/renders/qradar_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.qradar.const import qradar_query_details from app.translator.platforms.qradar.mappings.qradar_cti import DEFAULT_QRADAR_MAPPING +@render_cti_manager.register class QRadarCTI(RenderCTI): details: PlatformDetails = qradar_query_details diff --git a/uncoder-core/app/translator/platforms/qualys/__init__.py b/uncoder-core/app/translator/platforms/qualys/__init__.py index e69de29b..4e911f79 100644 --- a/uncoder-core/app/translator/platforms/qualys/__init__.py +++ b/uncoder-core/app/translator/platforms/qualys/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.qualys.renders.qualys_cti import QualysCTI diff --git a/uncoder-core/app/translator/platforms/qualys/renders/qualys_cti.py b/uncoder-core/app/translator/platforms/qualys/renders/qualys_cti.py index 5a990b98..149d8975 100644 --- a/uncoder-core/app/translator/platforms/qualys/renders/qualys_cti.py +++ b/uncoder-core/app/translator/platforms/qualys/renders/qualys_cti.py @@ -16,10 +16,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.qualys.const import QUALYS_QUERY_DETAILS from app.translator.platforms.qualys.mappings.qualys_cti import DEFAULT_QUALYS_MAPPING +@render_cti_manager.register class QualysCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**QUALYS_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/roota/__init__.py b/uncoder-core/app/translator/platforms/roota/__init__.py index e69de29b..e45d6e93 100644 --- a/uncoder-core/app/translator/platforms/roota/__init__.py +++ b/uncoder-core/app/translator/platforms/roota/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.roota.parsers.roota import RootAParser diff --git a/uncoder-core/app/translator/platforms/roota/const.py b/uncoder-core/app/translator/platforms/roota/const.py new file mode 100644 index 00000000..4c83e6ef --- /dev/null +++ b/uncoder-core/app/translator/platforms/roota/const.py @@ -0,0 +1,7 @@ +ROOTA_RULE_DETAILS = { + "name": "Roota", + "platform_id": "roota", + "platform_name": "Roota", + "group_name": "Roota", + "group_id": "roota", +} diff --git a/uncoder-core/app/translator/platforms/roota/parsers/roota.py b/uncoder-core/app/translator/platforms/roota/parsers/roota.py index f1c7bfc3..177bb839 100644 --- a/uncoder-core/app/translator/platforms/roota/parsers/roota.py +++ b/uncoder-core/app/translator/platforms/roota/parsers/roota.py @@ -20,13 +20,17 @@ from app.translator.core.exceptions.core import RootARuleValidationException, UnsupportedRootAParser from app.translator.core.mixins.rule import YamlRuleMixin +from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer, TokenizedQueryContainer from app.translator.core.parser import PlatformQueryParser, QueryParser from app.translator.managers import parser_manager +from app.translator.platforms.roota.const import ROOTA_RULE_DETAILS +@parser_manager.register_main class RootAParser(QueryParser, YamlRuleMixin): - parsers = parser_manager + parser_manager = parser_manager + details: PlatformDetails = PlatformDetails(**ROOTA_RULE_DETAILS) mandatory_fields: ClassVar[set[str]] = { "name", "details", @@ -63,7 +67,7 @@ def __parse_meta_info(self, rule: dict) -> MetaInfoContainer: ) def __get_parser_class(self, parser: str) -> PlatformQueryParser: - parser_class = self.parsers.get(parser) + parser_class = self.parser_manager.get_supported_by_roota(parser) if parser_class: return parser_class raise UnsupportedRootAParser(parser=parser) diff --git a/uncoder-core/app/translator/platforms/rsa_netwitness/__init__.py b/uncoder-core/app/translator/platforms/rsa_netwitness/__init__.py index e69de29b..6538d106 100644 --- a/uncoder-core/app/translator/platforms/rsa_netwitness/__init__.py +++ b/uncoder-core/app/translator/platforms/rsa_netwitness/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.rsa_netwitness.renders.rsa_netwitness_cti import RSANetwitnessCTI diff --git a/uncoder-core/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py b/uncoder-core/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py index ae3c0b24..808c0879 100644 --- a/uncoder-core/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py +++ b/uncoder-core/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.rsa_netwitness.const import RSA_NETWITNESS_QUERY_DETAILS from app.translator.platforms.rsa_netwitness.mappings.rsa_netwitness_cti import DEFAULT_RSA_NETWITNESS_MAPPING +@render_cti_manager.register class RSANetwitnessCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**RSA_NETWITNESS_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/securonix/__init__.py b/uncoder-core/app/translator/platforms/securonix/__init__.py index e69de29b..22132ff6 100644 --- a/uncoder-core/app/translator/platforms/securonix/__init__.py +++ b/uncoder-core/app/translator/platforms/securonix/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.securonix.renders.securonix_cti import SecuronixCTI diff --git a/uncoder-core/app/translator/platforms/securonix/renders/securonix_cti.py b/uncoder-core/app/translator/platforms/securonix/renders/securonix_cti.py index feef7d46..aff9736a 100644 --- a/uncoder-core/app/translator/platforms/securonix/renders/securonix_cti.py +++ b/uncoder-core/app/translator/platforms/securonix/renders/securonix_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.securonix.const import SECURONIX_QUERY_DETAILS from app.translator.platforms.securonix.mappings.securonix_cti import DEFAULT_SECURONIX_MAPPING +@render_cti_manager.register class SecuronixCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**SECURONIX_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/sentinel_one/__init__.py b/uncoder-core/app/translator/platforms/sentinel_one/__init__.py index e69de29b..a92c51af 100644 --- a/uncoder-core/app/translator/platforms/sentinel_one/__init__.py +++ b/uncoder-core/app/translator/platforms/sentinel_one/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.sentinel_one.renders.s1_cti import S1EventsCTI diff --git a/uncoder-core/app/translator/platforms/sentinel_one/renders/s1_cti.py b/uncoder-core/app/translator/platforms/sentinel_one/renders/s1_cti.py index 3cc0ae37..917ec84c 100644 --- a/uncoder-core/app/translator/platforms/sentinel_one/renders/s1_cti.py +++ b/uncoder-core/app/translator/platforms/sentinel_one/renders/s1_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.sentinel_one.const import SENTINEL_ONE_EVENTS_QUERY_DETAILS from app.translator.platforms.sentinel_one.mappings.s1_cti import DEFAULT_S1EVENTS_MAPPING +@render_cti_manager.register class S1EventsCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**SENTINEL_ONE_EVENTS_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/sigma/__init__.py b/uncoder-core/app/translator/platforms/sigma/__init__.py index e69de29b..5109eaa4 100644 --- a/uncoder-core/app/translator/platforms/sigma/__init__.py +++ b/uncoder-core/app/translator/platforms/sigma/__init__.py @@ -0,0 +1,2 @@ +from app.translator.platforms.sigma.parsers.sigma import SigmaParser +from app.translator.platforms.sigma.renders.sigma import SigmaRender diff --git a/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py b/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py index f1160781..c5f1293b 100644 --- a/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py +++ b/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py @@ -27,11 +27,13 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.parser import QueryParser from app.translator.core.tokenizer import QueryTokenizer +from app.translator.managers import parser_manager from app.translator.platforms.sigma.const import SIGMA_RULE_DETAILS from app.translator.platforms.sigma.mapping import SigmaMappings, sigma_mappings from app.translator.platforms.sigma.tokenizer import SigmaConditionTokenizer, SigmaTokenizer +@parser_manager.register_main class SigmaParser(QueryParser, YamlRuleMixin): details: PlatformDetails = PlatformDetails(**SIGMA_RULE_DETAILS) condition_tokenizer = SigmaConditionTokenizer() diff --git a/uncoder-core/app/translator/platforms/sigma/renders/sigma.py b/uncoder-core/app/translator/platforms/sigma/renders/sigma.py index 694a900f..b0e49ee1 100644 --- a/uncoder-core/app/translator/platforms/sigma/renders/sigma.py +++ b/uncoder-core/app/translator/platforms/sigma/renders/sigma.py @@ -29,6 +29,7 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render import QueryRender from app.translator.core.str_value_manager import StrValue +from app.translator.managers import render_manager from app.translator.platforms.sigma.const import SIGMA_RULE_DETAILS from app.translator.platforms.sigma.mapping import SigmaLogSourceSignature, SigmaMappings, sigma_mappings from app.translator.platforms.sigma.models.compiler import DataStructureCompiler @@ -39,6 +40,7 @@ _AUTOGENERATED_TEMPLATE = "Autogenerated Sigma Rule" +@render_manager.register class SigmaRender(QueryRender): selection_name = "selection" selection_num = 0 diff --git a/uncoder-core/app/translator/platforms/snowflake/__init__.py b/uncoder-core/app/translator/platforms/snowflake/__init__.py index e69de29b..d2d9d6b9 100644 --- a/uncoder-core/app/translator/platforms/snowflake/__init__.py +++ b/uncoder-core/app/translator/platforms/snowflake/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.snowflake.renders.snowflake_cti import SnowflakeCTI diff --git a/uncoder-core/app/translator/platforms/snowflake/renders/snowflake_cti.py b/uncoder-core/app/translator/platforms/snowflake/renders/snowflake_cti.py index 85cf5506..3507a50a 100644 --- a/uncoder-core/app/translator/platforms/snowflake/renders/snowflake_cti.py +++ b/uncoder-core/app/translator/platforms/snowflake/renders/snowflake_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.snowflake.const import SNOWFLAKE_QUERY_DETAILS from app.translator.platforms.snowflake.mappings.snowflake_cti import DEFAULT_SNOWFLAKE_MAPPING +@render_cti_manager.register class SnowflakeCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**SNOWFLAKE_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/platforms/splunk/__init__.py b/uncoder-core/app/translator/platforms/splunk/__init__.py index e69de29b..1b78d9e3 100644 --- a/uncoder-core/app/translator/platforms/splunk/__init__.py +++ b/uncoder-core/app/translator/platforms/splunk/__init__.py @@ -0,0 +1,5 @@ +from app.translator.platforms.splunk.parsers.splunk import SplunkQueryParser +from app.translator.platforms.splunk.parsers.splunk_alert import SplunkAlertParser +from app.translator.platforms.splunk.renders.splunk import SplunkQueryRender +from app.translator.platforms.splunk.renders.splunk_alert import SplunkAlertRender +from app.translator.platforms.splunk.renders.splunk_cti import SplunkCTI diff --git a/uncoder-core/app/translator/platforms/splunk/parsers/splunk.py b/uncoder-core/app/translator/platforms/splunk/parsers/splunk.py index 1573ada3..e1030b55 100644 --- a/uncoder-core/app/translator/platforms/splunk/parsers/splunk.py +++ b/uncoder-core/app/translator/platforms/splunk/parsers/splunk.py @@ -17,12 +17,14 @@ """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import parser_manager from app.translator.platforms.base.spl.parsers.spl import SplQueryParser from app.translator.platforms.splunk.const import splunk_query_details from app.translator.platforms.splunk.functions import SplunkFunctions, splunk_functions from app.translator.platforms.splunk.mapping import SplunkMappings, splunk_mappings +@parser_manager.register_supported_by_roota class SplunkQueryParser(SplQueryParser): details: PlatformDetails = splunk_query_details diff --git a/uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py b/uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py index cc2dac4c..1049ffbf 100644 --- a/uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py +++ b/uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py @@ -20,10 +20,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer +from app.translator.managers import parser_manager from app.translator.platforms.splunk.const import splunk_alert_details from app.translator.platforms.splunk.parsers.splunk import SplunkQueryParser +@parser_manager.register class SplunkAlertParser(SplunkQueryParser): details: PlatformDetails = splunk_alert_details diff --git a/uncoder-core/app/translator/platforms/splunk/renders/splunk.py b/uncoder-core/app/translator/platforms/splunk/renders/splunk.py index 29502df5..15a131b0 100644 --- a/uncoder-core/app/translator/platforms/splunk/renders/splunk.py +++ b/uncoder-core/app/translator/platforms/splunk/renders/splunk.py @@ -17,6 +17,7 @@ ----------------------------------------------------------------- """ from app.translator.core.models.platform_details import PlatformDetails +from app.translator.managers import render_manager from app.translator.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender from app.translator.platforms.splunk.const import splunk_query_details from app.translator.platforms.splunk.functions import SplunkFunctions, splunk_functions @@ -27,6 +28,7 @@ class SplunkFieldValue(SplFieldValue): details: PlatformDetails = splunk_query_details +@render_manager.register class SplunkQueryRender(SplQueryRender): details: PlatformDetails = splunk_query_details diff --git a/uncoder-core/app/translator/platforms/splunk/renders/splunk_alert.py b/uncoder-core/app/translator/platforms/splunk/renders/splunk_alert.py index 28376916..19acb808 100644 --- a/uncoder-core/app/translator/platforms/splunk/renders/splunk_alert.py +++ b/uncoder-core/app/translator/platforms/splunk/renders/splunk_alert.py @@ -22,6 +22,7 @@ from app.translator.core.mapping import SourceMapping from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.models.query_container import MetaInfoContainer +from app.translator.managers import render_manager from app.translator.platforms.splunk.const import DEFAULT_SPLUNK_ALERT, splunk_alert_details from app.translator.platforms.splunk.renders.splunk import SplunkFieldValue, SplunkQueryRender from app.translator.tools.utils import get_rule_description_str @@ -34,6 +35,7 @@ class SplunkAlertFieldValue(SplunkFieldValue): details: PlatformDetails = splunk_alert_details +@render_manager.register class SplunkAlertRender(SplunkQueryRender): details: PlatformDetails = splunk_alert_details or_token = "OR" diff --git a/uncoder-core/app/translator/platforms/splunk/renders/splunk_cti.py b/uncoder-core/app/translator/platforms/splunk/renders/splunk_cti.py index 4348b7bd..92bcb056 100644 --- a/uncoder-core/app/translator/platforms/splunk/renders/splunk_cti.py +++ b/uncoder-core/app/translator/platforms/splunk/renders/splunk_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.splunk.const import splunk_query_details from app.translator.platforms.splunk.mappings.splunk_cti import DEFAULT_SPLUNK_MAPPING +@render_cti_manager.register class SplunkCTI(RenderCTI): details: PlatformDetails = splunk_query_details diff --git a/uncoder-core/app/translator/platforms/sumo_logic/__init__.py b/uncoder-core/app/translator/platforms/sumo_logic/__init__.py index e69de29b..43d79804 100644 --- a/uncoder-core/app/translator/platforms/sumo_logic/__init__.py +++ b/uncoder-core/app/translator/platforms/sumo_logic/__init__.py @@ -0,0 +1 @@ +from app.translator.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI diff --git a/uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cti.py b/uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cti.py index 7a286a98..804d664e 100644 --- a/uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cti.py +++ b/uncoder-core/app/translator/platforms/sumo_logic/renders/sumologic_cti.py @@ -19,10 +19,12 @@ from app.translator.core.models.platform_details import PlatformDetails from app.translator.core.render_cti import RenderCTI +from app.translator.managers import render_cti_manager from app.translator.platforms.sumo_logic.const import SUMO_LOGIC_QUERY_DETAILS from app.translator.platforms.sumo_logic.mappings.sumologic_cti import DEFAULT_SUMOLOGIC_MAPPING +@render_cti_manager.register class SumologicCTI(RenderCTI): details: PlatformDetails = PlatformDetails(**SUMO_LOGIC_QUERY_DETAILS) diff --git a/uncoder-core/app/translator/translator.py b/uncoder-core/app/translator/translator.py index 264de23b..5e6cffd7 100644 --- a/uncoder-core/app/translator/translator.py +++ b/uncoder-core/app/translator/translator.py @@ -13,21 +13,21 @@ class Translator: - renders: RenderManager = render_manager - parsers: ParserManager = parser_manager + render_manager: RenderManager = render_manager + parser_manager: ParserManager = parser_manager def __init__(self): self.logger = logging.getLogger("translator") def __get_parser(self, source: str) -> Union[PlatformQueryParser, RootAParser, SigmaParser]: - parser = RootAParser() if source == "roota" else self.parsers.get(source) + parser = self.parser_manager.get(source) if not parser: raise UnsupportedPlatform(platform=source, is_parser=True) return parser def __get_render(self, target: str) -> QueryRender: - if not (render := self.renders.get(target)): + if not (render := self.render_manager.get(target)): raise UnsupportedPlatform(platform=target) return render @@ -77,7 +77,7 @@ def __translate_all(self, text: str, source: str) -> list[dict]: raw_query_container, tokenized_query_container = parsed_data result = [] - for target in self.renders.all_platforms(): + for target in self.render_manager.all_platforms(): if target == source: continue @@ -99,7 +99,7 @@ def get_all_platforms(self) -> tuple: return self.get_renders(), self.get_parsers() def get_parsers(self) -> list: - return self.parsers.get_platforms_details + return self.parser_manager.get_platforms_details def get_renders(self) -> list: - return self.renders.get_platforms_details + return self.render_manager.get_platforms_details diff --git a/uncoder-core/const.py b/uncoder-core/const.py index 024c8f39..22a7c66a 100644 --- a/uncoder-core/const.py +++ b/uncoder-core/const.py @@ -1,3 +1,5 @@ import os ROOT_PROJECT_PATH = os.path.abspath(os.path.dirname(__file__)) + +PLATFORMS_PATH = ROOT_PROJECT_PATH + "/app/translator/platforms" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy