From 9af179eff0caf899551f276a8f45e32b1bc3801a Mon Sep 17 00:00:00 2001 From: Dmytro <47281757+tarnopolskyi@users.noreply.github.com> Date: Mon, 11 Mar 2024 12:55:54 +0100 Subject: [PATCH 1/2] Merge branch 'fix-logrhythm-mitre-order' into 'prod' gis-fix-logrhythm-bug See merge request tdm_backends/uncoder-group/uncoder-core!172 --- .../renders/logrhythm_axon_rule.py | 20 ++----------------- 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py b/translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py index 59a86013..e8b06993 100644 --- a/translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py +++ b/translator/app/translator/platforms/logrhythm_axon/renders/logrhythm_axon_rule.py @@ -16,7 +16,6 @@ limitations under the License. ----------------------------------------------------------------- """ - import copy import json from typing import Optional @@ -50,21 +49,6 @@ class LogRhythmAxonRuleRender(LogRhythmAxonQueryRender): or_token = "or" field_value_map = LogRhythmAxonRuleFieldValue(or_token=or_token) - def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> tuple[list, list]: - tactics = set() - techniques = [] - - for tactic in meta_info.mitre_attack.get("tactics"): - tactics.add(tactic["tactic"]) - - for technique in meta_info.mitre_attack.get("techniques"): - if technique.get("tactic"): - for tactic in technique["tactic"]: - tactics.add(tactic) - techniques.append(technique["technique_id"]) - - return sorted(tactics), sorted(techniques) - def finalize_query( self, prefix: str, @@ -91,11 +75,11 @@ def finalize_query( ) if tactics := meta_info.mitre_attack.get("tactics"): rule["observationPipeline"]["metadataFields"]["threat.mitre_tactic"] = ", ".join( - f"{i['external_id']}:{i['tactic']}" for i in tactics + f"{i['external_id']}:{i['tactic']}" for i in sorted(tactics, key=lambda x: x["external_id"]) ) if techniques := meta_info.mitre_attack.get("techniques"): rule["observationPipeline"]["metadataFields"]["threat.mitre_technique"] = ", ".join( - f"{i['technique_id']}:{i['technique']}" for i in techniques + f"{i['technique_id']}:{i['technique']}" for i in sorted(techniques, key=lambda x: x["technique_id"]) ) if meta_info.fields: rule["observationPipeline"]["pattern"]["operations"][0]["logObserved"]["groupByFields"] = [ From 28ee688f245a9677983eaa3b56ec748887087ed1 Mon Sep 17 00:00:00 2001 From: Dmytro <47281757+tarnopolskyi@users.noreply.github.com> Date: Mon, 11 Mar 2024 12:55:58 +0100 Subject: [PATCH 2/2] fix-generate-all-bug --- translator/app/translator/translator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translator/app/translator/translator.py b/translator/app/translator/translator.py index 8791d4c7..870030d8 100644 --- a/translator/app/translator/translator.py +++ b/translator/app/translator/translator.py @@ -87,7 +87,7 @@ def __generate_all(self, text: str, source: str) -> list[dict]: status, data = self.__render_translation(query_container=raw_query_container, target=target) else: status, data = self.__render_translation(query_container=tokenized_query_container, target=target) - result.append({"status": status, "result": parsed_data, "siem_type": target}) + result.append({"status": status, "result": data, "siem_type": target}) return result pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy