security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1490 from frack113/ElasticSearchRuleBackend

Browse Source 
FIx ElasticSearchRuleBackend to use uuid instead of title for the rule id
This commit is contained in:
Florian Roth
2021-05-18 20:01:25 +02:00
committed by GitHub
parent 5a3af872d8 3b23c18f70
commit 18bbb2a342
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/sigma/backends/elasticsearch.py
+5 -1
View File
@@ -1346,7 +1346,11 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend):
tactics_list.append(tact)
threat = self.create_threat_description(tactics_list=tactics_list, techniques_list=technics_list)
rule_name = configs.get("title", "").lower()
rule_id = re.sub(re.compile('[()*+!,\[\].\s"]'), "_", rule_name)
rule_uuid = configs.get("id", "").lower()
if rule_uuid == "":
rule_id = re.sub(re.compile('[()*+!,\[\].\s"]'), "_", rule_name)
else:
rule_id = re.sub(re.compile('[()*+!,\[\].\s"]'), "_", rule_uuid)
risk_score = self.map_risk_score(configs.get("level", "medium"))
references = configs.get("reference")
if references is None: