Skip to content

Gis elastic esql #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 41 commits into from
Sep 11, 2024
Merged

Gis elastic esql #190

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
e935a3d
esql rule render
tarnopolskyi Jun 11, 2024
e0188cc
remove redundant fields
tarnopolskyi Jun 11, 2024
b74fb3f
escape manager and strvalue manager
tarnopolskyi Jun 18, 2024
efec67f
str value manager
tarnopolskyi Jun 18, 2024
ffff588
added str value to esql
tarnopolskyi Jun 18, 2024
19a779f
linter
tarnopolskyi Jun 18, 2024
d7be69d
update modifiers process
tarnopolskyi Jun 19, 2024
a8580fa
added value wrap
tarnopolskyi Jun 19, 2024
cbfb812
merge prod
tarnopolskyi Jun 20, 2024
7961181
remove inheritance from sql
tarnopolskyi Jun 20, 2024
065f8d2
update esql escape manager
tarnopolskyi Jun 20, 2024
3ee5aa5
update esql escape manager
tarnopolskyi Jun 20, 2024
51ac34f
update typing + refactoring in esql rule
tarnopolskyi Jun 20, 2024
17d8d65
update esql escape manager
tarnopolskyi Jun 20, 2024
25e71de
update typing + refactoring in esql rule
tarnopolskyi Jun 20, 2024
ec659a7
update typing
tarnopolskyi Jun 20, 2024
6ed63fb
merge prod
tarnopolskyi Jul 2, 2024
69c5c2a
update in render
tarnopolskyi Jul 2, 2024
8e776cc
merge prod
tarnopolskyi Jul 2, 2024
cb9c1ec
update in render
tarnopolskyi Jul 2, 2024
0128b8c
renaming
tarnopolskyi Jul 2, 2024
c5198ac
merge prod
tarnopolskyi Jul 2, 2024
58e7c2e
update in render
tarnopolskyi Jul 2, 2024
07148af
renaming
tarnopolskyi Jul 2, 2024
b86cf61
upd
tarnopolskyi Jul 2, 2024
c1249e4
renaming
tarnopolskyi Jul 23, 2024
fe7a9f4
upd
tarnopolskyi Jul 23, 2024
3bad2f0
merge prod
tarnopolskyi Jul 23, 2024
7a6cb30
upd
tarnopolskyi Jul 23, 2024
bb5d48a
upd
tarnopolskyi Aug 14, 2024
5a2fccc
added unsuported keywords
tarnopolskyi Aug 14, 2024
917ff0d
update prefixes
tarnopolskyi Aug 20, 2024
cd4b741
added esql mapping
tarnopolskyi Aug 20, 2024
9fe06e7
update esql syntax
tarnopolskyi Aug 20, 2024
a622fc2
update prefixes
tarnopolskyi Aug 21, 2024
9e4c009
added esql mapping
tarnopolskyi Aug 21, 2024
0b5f7c4
update esql syntax
tarnopolskyi Aug 21, 2024
31bb83f
upd
tarnopolskyi Aug 21, 2024
ea56df1
fix conflicts
dtsprm Sep 11, 2024
c10b89d
fix conflicts
dtsprm Sep 11, 2024
7f69b3a
fix conflicts
dtsprm Sep 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion uncoder-core/app/translator/core/mapping.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ def prepare_mapping(self) -> dict[str, SourceMapping]:
default_mapping = SourceMapping(source_id=DEFAULT_MAPPING_NAME)
for mapping_dict in self._loader.load_platform_mappings(self._platform_dir):
log_source_signature = self.prepare_log_source_signature(mapping=mapping_dict)
if (source_id := mapping_dict["source"]) == DEFAULT_MAPPING_NAME:
if (source_id := mapping_dict.get("source")) == DEFAULT_MAPPING_NAME:
default_mapping.log_source_signature = log_source_signature
if self.skip_load_default_mappings:
continue
Expand Down
2 changes: 1 addition & 1 deletion uncoder-core/app/translator/core/mitre.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ def __load_mitre_configs_from_files(self) -> None:
technique_id=technique_data["technique_id"],
name=technique_data["technique"],
url=technique_data["url"],
tactic=technique_data["tactic"],
tactic=technique_data.get("tactic", []),
)
self.techniques.insert(technique_id, technique)
except JSONDecodeError:
Expand Down
1 change: 0 additions & 1 deletion uncoder-core/app/translator/core/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,4 +83,3 @@ def get_source_mappings(
source_mappings = self.mappings.get_suitable_source_mappings(field_names=field_names, log_sources=log_sources)
self.tokenizer.set_field_tokens_generic_names_map(field_tokens, source_mappings, self.mappings.default_mapping)
return source_mappings

2 changes: 1 addition & 1 deletion uncoder-core/app/translator/platforms/base/aql/mapping.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ class AQLMappings(BasePlatformMappings):

def prepare_log_source_signature(self, mapping: dict) -> AQLLogSourceSignature:
log_source = mapping.get("log_source", {})
default_log_source = mapping["default_log_source"]
default_log_source = mapping.get("default_log_source")
return AQLLogSourceSignature(
device_types=log_source.get("devicetype"),
categories=log_source.get("category"),
Expand Down
55 changes: 55 additions & 0 deletions uncoder-core/app/translator/platforms/base/spl/str_value_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
"""
Uncoder IO Community Edition License
-----------------------------------------------------------------
Copyright (c) 2023 SOC Prime, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-----------------------------------------------------------------
"""
from typing import ClassVar

from app.translator.core.str_value_manager import BaseSpecSymbol, StrValue, StrValueManager, UnboundLenWildCard
from app.translator.platforms.base.spl.escape_manager import spl_escape_manager


class SplStrValueManager(StrValueManager):
escape_manager = spl_escape_manager
str_spec_symbols_map: ClassVar[dict[str, type[BaseSpecSymbol]]] = {"*": UnboundLenWildCard}

def from_str_to_container(self, value: str) -> StrValue:
split = []
prev_char = None
for char in value:
if char == "\\":
if prev_char == "\\":
split.append("\\")
prev_char = None
continue
elif char in self.str_spec_symbols_map:
if prev_char == "\\":
split.append(char)
else:
split.append(self.str_spec_symbols_map[char]())
elif char in ('"', "=", "|", "<", ">"):
split.append(char)
else:
if prev_char == "\\":
split.append(prev_char)
split.append(char)

prev_char = char

return StrValue(self.escape_manager.remove_escape(value), self._concat(split))


spl_str_value_manager = SplStrValueManager()
1 change: 0 additions & 1 deletion uncoder-core/app/translator/platforms/sigma/parsers/sigma.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
"""

from datetime import timedelta
from re import I
from typing import Optional, Union

from app.translator.core.exceptions.core import SigmaRuleValidationException
Expand Down
7 changes: 7 additions & 0 deletions uncoder-core/app/translator/tools/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@
from typing import Optional


def execute_module(path: str) -> None:
with suppress(FileNotFoundError):
spec = importlib.util.spec_from_file_location("__init__", path)
init_module = importlib.util.module_from_spec(spec)
spec.loader.exec_module(init_module)


def execute_module(path: str) -> None:
with suppress(FileNotFoundError):
spec = importlib.util.spec_from_file_location("__init__", path)
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy