diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/aggregation.py b/siem-converter/app/converter/backends/microsoft/siem_functions/aggregation.py
deleted file mode 100644
index f8f9c82d..00000000
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/aggregation.py
+++ /dev/null
@@ -1,40 +0,0 @@
-from app.converter.core.models.functions.aggregation import AggregationExpression
-from app.converter.core.models.functions.types import AggregationType
-
-
-class AlaAggregationFunctionRender:
-
- aggregation_type_map = {
- AggregationType.SUM: 'sum',
- AggregationType.MIN: 'min',
- AggregationType.MAX: 'max',
- AggregationType.AVG: 'avg'
- }
-
- def __init__(self, function: AggregationExpression):
- self.function = function
-
- def render(self):
- result = 'summarize '
- for field in self.function.fields:
- if field.operation_type == AggregationType.COUNT:
- query = field.fieldname
- else:
- query = f"{self.aggregation_type_map.get(field.operation_type)}({field.fieldname})"
- if field.render_as:
- if ' ' in field.render_as:
- render_as = f"['{field.render_as}']"
- else:
- render_as = field.render_as
- result += f'{render_as}={query}, '
- else:
- result += query
- result = result.rstrip(' ').rstrip(',')
- if self.function.group_by:
- result += ' by '
- for value in self.function.group_by:
- result += f'{value}, '
-
- result = result.rstrip(' ').rstrip(',')
-
- return result
diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/base.py b/siem-converter/app/converter/backends/microsoft/siem_functions/base.py
index c05e7619..487effbc 100644
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/base.py
+++ b/siem-converter/app/converter/backends/microsoft/siem_functions/base.py
@@ -1,35 +1,9 @@
-from app.converter.backends.microsoft.siem_functions.aggregation import AlaAggregationFunctionRender
-from app.converter.backends.microsoft.siem_functions.search import AlaSearchFunctionRender
-from app.converter.backends.microsoft.siem_functions.sort import AlaSortFunctionRender
-from app.converter.backends.microsoft.siem_functions.table import AlaTableFunctionRender
from app.converter.core.functions import Functions
-from app.converter.core.models.functions.aggregation import AggregationExpression
-from app.converter.core.models.functions.search import SearchExpression
-from app.converter.core.models.functions.sort import SortExpression
-from app.converter.core.models.functions.table import TableExpression
from app.converter.core.models.functions.types import ParsedFunctions, NotSupportedFunction
class MicroSoftQueryFunctions(Functions):
- render_functions_map = {
- SortExpression: AlaSortFunctionRender,
- SearchExpression: AlaSearchFunctionRender,
- AggregationExpression: AlaAggregationFunctionRender,
- TableExpression: AlaTableFunctionRender,
- # WhereExpression: AlaWhereFunctionRender
- }
-
- def render(self, functions: list):
- query = "| "
- funcs = []
- for function in functions:
- if render_class := self.render_functions_map.get(type(function)):
- funcs.append(render_class(function).render())
- query += " | ".join(funcs)
- query = query.rstrip(" ")
- return query
-
def parse(self, query: str):
result = []
functions = query.split(self.function_delimiter)
diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/search.py b/siem-converter/app/converter/backends/microsoft/siem_functions/search.py
deleted file mode 100644
index 9f4d4d4a..00000000
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/search.py
+++ /dev/null
@@ -1,56 +0,0 @@
-from app.converter.core.models.functions.search import SearchExpression, SearchField, SearchValueType
-from app.converter.core.models.functions.types import ComparsionType
-from app.converter.core.operator_types.tokens import LogicalOperatorType
-
-
-class AlaSearchFunctionRender:
-
- search_expression_operator_map = {
- LogicalOperatorType.AND: ' and ',
- LogicalOperatorType.OR: ' or ',
- LogicalOperatorType.NOT: ' not '
- }
- search_operator_map = {
- ComparsionType.NOT_EQUAL: ' != ',
- ComparsionType.EQUAL: '==',
- ComparsionType.ILIKE: ':',
- ComparsionType.GT: ' > ',
- ComparsionType.LT: ' < '
- }
- sub_expression = "(%s)"
-
- def __init__(self, function: SearchExpression):
- self.function = function
-
- def generate_field(self, field: SearchField):
- if field.value == SearchValueType.ANY:
- return f'"{field.fieldname}"'
- else:
- if field.fieldname:
- operator = self.search_operator_map.get(field.operator)
- return f'{field.fieldname}{operator}"{field.value}"'
- else:
- return f'"{field.value}"'
-
- def generate_expression(self, expression: SearchExpression):
- res = []
- for field in expression.fields:
- if isinstance(field, SearchField):
- res.append(self.generate_field(field))
- elif isinstance(field, SearchExpression):
- res.append(self.generate_expression(field))
- operator = self.search_expression_operator_map.get(expression.operator)
- query = self.sub_expression % operator.join(res)
- if expression.operator == LogicalOperatorType.NOT:
- return f'not{query}'
- return query
-
- def render(self):
- res = []
- for field in self.function.fields:
- if isinstance(field, SearchField):
- res.append(self.generate_field(field))
- elif isinstance(field, SearchExpression):
- res.append(self.generate_expression(field))
- operator = self.search_expression_operator_map.get(self.function.operator)
- return f'search {operator.join(res)}'
diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/sort.py b/siem-converter/app/converter/backends/microsoft/siem_functions/sort.py
deleted file mode 100644
index 502fc8c4..00000000
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/sort.py
+++ /dev/null
@@ -1,17 +0,0 @@
-from app.converter.core.models.functions.sort import SortOrderType, SortExpression
-
-
-class AlaSortFunctionRender:
-
- sort_order_map = {SortOrderType.DESC: "desc", SortOrderType.ASC: "asc"}
-
- def __init__(self, function: SortExpression):
- self.function = function
-
- def render(self):
- result = "sort by "
- queries = []
- for field in self.function.fields:
- queries.append(f"{field.fieldname} {self.sort_order_map.get(field.order)}")
- result += ", ".join(queries)
- return result
diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/table.py b/siem-converter/app/converter/backends/microsoft/siem_functions/table.py
deleted file mode 100644
index b04ffc2d..00000000
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/table.py
+++ /dev/null
@@ -1,24 +0,0 @@
-from app.converter.backends.microsoft.const import MICROSOFT_SENTINEL_QUERY_DETAILS
-from app.converter.core.exceptions.render import FunctionRenderException
-from app.converter.core.models.functions.table import TableExpression
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.operator_types.tokens import OperatorType
-
-
-class AlaTableFunctionRender:
- details: PlatformDetails = PlatformDetails(**MICROSOFT_SENTINEL_QUERY_DETAILS)
-
- def __init__(self, function: TableExpression):
- self.function = function
-
- def render(self):
- result = "project "
- queries = []
- for field in self.function.fields:
- if field.operator != OperatorType.EQ:
- raise FunctionRenderException(
- f'{self.details.name}: operator "project" not support modifier "{str(field.operator).split(".")[-1]}" in "{field.raw_fieldname}"'
- )
- queries.append(f"{field.fieldname}")
- result += ", ".join(queries)
- return result
\ No newline at end of file
diff --git a/siem-converter/app/converter/backends/microsoft/siem_functions/where.py b/siem-converter/app/converter/backends/microsoft/siem_functions/where.py
deleted file mode 100644
index 86c01c60..00000000
--- a/siem-converter/app/converter/backends/microsoft/siem_functions/where.py
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-class AlaWhereFunctionRender:
- def __init__(self, function):
- self.function = function
-
- def render(self):
- a = 5
\ No newline at end of file
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy