Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add EQL as an indicator type #2095

Merged
merged 4 commits into from
May 26, 2022
Merged

Add EQL as an indicator type #2095

merged 4 commits into from
May 26, 2022

Conversation

dcode
Copy link
Contributor

@dcode dcode commented May 19, 2022

Proposed changes

  • Adds EQL as an indicator type in the UI
  • Adds Python validator using the EQL Python library, implementing the Elasticsearch language variant

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality (Not sure how to build and test an environment 😬 )
  • I wrote test cases for the relevant uses case (Didn't see one for the other languages)
  • I added/update the relevant documentation (either on github or on notion) (I'll check this out)
  • Where necessary I refactored code to improve the overall quality (Are you opposed to sorting indicator types alphabetically?)

Further comments

None

SamuelHassine
SamuelHassine approved these changes May 19, 2022
View reviewed changes
Copy link
Member

@SamuelHassine SamuelHassine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this great PR!

SamuelHassine
SamuelHassine requested changes May 19, 2022
View reviewed changes
Copy link
Member

@SamuelHassine SamuelHassine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conflict is caused by:

183 | parsuricata 0.3.2 depends on lark-parser<0.13.0 and >=0.12.0
184 | eql 0.9.12 depends on lark-parser~=0.11.1

@dcode
Copy link
Contributor Author

dcode commented May 19, 2022

I'll work on bumping up the python dependency from the EQL library

@dcode
Copy link
Contributor Author

dcode commented May 19, 2022

Related: endgameinc/eql#61

@dcode
Copy link
Contributor Author

dcode commented May 20, 2022

This is fixed in the upstream PR, but will probably be early next week before the package is pushed to pypi.

@SamuelHassine
Copy link
Member

@dcode What do you think about using git+https on the master branch in the requirements.txt to be able to merge?

@dcode
Copy link
Contributor Author

dcode commented May 25, 2022
edited
Loading

it's been shipped endgameinc/eql#62

https://pypi.org/project/eql/0.9.13/

@SamuelHassine SamuelHassine merged commit fdb0d41 into OpenCTI-Platform:master May 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamuelHassine SamuelHassine SamuelHassine requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcode @SamuelHassine