security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update base.py

Browse Source
This commit is contained in:
pdr9rc
2020-05-04 16:37:36 +01:00
parent dd85467a27
commit b3194e66c4
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/sigma/backends/base.py
+19 -3
View File
@@ -132,19 +132,35 @@ class BaseBackend:
result = self.generateNode(parsed.parsedSearch)
if parsed.parsedAgg:
result += self.generateAggregation(parsed.parsedAgg)
# if 'overrides' in self.sigmaconfig.config:
# for expression in self.sigmaconfig.config['overrides']:
# if 'regexes' in expression:
# for x in expression['regexes']:
# sub = expression['field']
# value = expression['value']
# result = re.sub(x, self.mapExpression % (sub, value), result)
# if 'literals' in expression:
# for x in expression['literals']:
# sub = expression['field']
# value = expression['value']
# result = result.replace(x, self.mapExpression % (sub, value))
result = self.applyOverrides(result)
return result
def applyOverrides(self, query):
if 'overrides' in self.sigmaconfig.config:
for expression in self.sigmaconfig.config['overrides']:
if 'regexes' in expression:
for x in expression['regexes']:
sub = expression['field']
value = expression['value']
result = re.sub(x, self.mapExpression % (sub, value), result)
query = re.sub(x, self.mapExpression % (sub, value), query)
if 'literals' in expression:
for x in expression['literals']:
sub = expression['field']
value = expression['value']
result = result.replace(x, self.mapExpression % (sub, value))
return result
query = query.replace(x, self.mapExpression % (sub, value))
return query
def generateNode(self, node):
if type(node) == sigma.parser.condition.ConditionAND: