update palo alto funcs

oleksandr.volha · oleksandr.volha · commit 504d089ebfac · 2024-09-24T15:50:57.000+03:00
diff --git a/uncoder-core/app/translator/platforms/elasticsearch/renders/esql.py b/uncoder-core/app/translator/platforms/elasticsearch/renders/esql.py
@@ -27,12 +27,15 @@
 from app.translator.managers import render_manager
 from app.translator.platforms.elasticsearch.const import elasticsearch_esql_query_details
 from app.translator.platforms.elasticsearch.mapping import ElasticESQLMappings, esql_query_mappings
-from app.translator.platforms.elasticsearch.str_value_manager import ESQLStrValueManager, esql_str_value_manager
+from app.translator.platforms.elasticsearch.str_value_manager import (
+    ESQLQueryStrValueManager,
+    esql_query_str_value_manager
+)
 
 
 class ESQLFieldValueRender(BaseFieldValueRender):
     details: PlatformDetails = elasticsearch_esql_query_details
-    str_value_manager: ESQLStrValueManager = esql_str_value_manager
+    str_value_manager: ESQLQueryStrValueManager = esql_query_str_value_manager
 
     @staticmethod
     def _make_case_insensitive(value: str) -> str:
diff --git a/uncoder-core/app/translator/platforms/palo_alto/functions/__init__.py b/uncoder-core/app/translator/platforms/palo_alto/functions/__init__.py
@@ -1,12 +1,24 @@
 import os.path
 
 from app.translator.core.functions import PlatformFunctions
-from app.translator.platforms.palo_alto.functions.manager import CortexXQLFunctionsManager, cortex_xql_functions_manager
+from app.translator.platforms.palo_alto.functions.manager import (
+    CortexXQLFunctionsManager,
+    cortex_xdr_xql_functions_manager,
+    cortex_xsiam_xql_functions_manager,
+)
 
 
 class CortexXQLFunctions(PlatformFunctions):
     dir_path: str = os.path.abspath(os.path.dirname(__file__))
-    manager: CortexXQLFunctionsManager = cortex_xql_functions_manager
 
 
-cortex_xql_functions = CortexXQLFunctions()
+class CortexXSIAMXQLFunctions(CortexXQLFunctions):
+    manager: CortexXQLFunctionsManager = cortex_xsiam_xql_functions_manager
+
+
+class CortexXDRXQLFunctions(CortexXQLFunctions):
+    manager: CortexXQLFunctionsManager = cortex_xdr_xql_functions_manager
+
+
+cortex_xsiam_xql_functions = CortexXSIAMXQLFunctions()
+cortex_xdr_xql_functions = CortexXDRXQLFunctions()
diff --git a/uncoder-core/app/translator/platforms/palo_alto/functions/const.py b/uncoder-core/app/translator/platforms/palo_alto/functions/const.py
@@ -11,6 +11,7 @@ class CortexXQLFunctionType(CustomEnum):
     values = "values"
 
     divide = "divide"
+    multiply = "multiply"
 
     lower = "lowercase"
     split = "split"
@@ -26,18 +27,21 @@ class CortexXQLFunctionType(CustomEnum):
     config = "config"
     fields = "fields"
     filter = "filter"
+    iploc = "iploc"
+    join = "join"
     limit = "limit"
     sort = "sort"
     timeframe = "timeframe"
+    timestamp_diff = "timestamp_diff"
     union = "union"
 
 
-class XqlSortOrderType(CustomEnum):
+class CortexXQLSortOrderType(CustomEnum):
     asc = "asc"
     desc = "desc"
 
 
-class XqlTimeFrameType(CustomEnum):
+class CortexXQLTimeFrameType(CustomEnum):
     years = "y"
     months = "mo"
     days = "d"
diff --git a/uncoder-core/app/translator/platforms/palo_alto/functions/manager.py b/uncoder-core/app/translator/platforms/palo_alto/functions/manager.py
@@ -5,4 +5,5 @@ class CortexXQLFunctionsManager(PlatformFunctionsManager):
     ...
 
 
-cortex_xql_functions_manager = CortexXQLFunctionsManager()
+cortex_xsiam_xql_functions_manager = CortexXQLFunctionsManager()
+cortex_xdr_xql_functions_manager = CortexXQLFunctionsManager()
