Skip to content

Commit 51cdf69

Browse files
nazargesyknazargesyk
committed
gis-8503 fix false_positive metainfo
1 parent 66d87d5 commit 51cdf69

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

uncoder-core/app/translator/platforms/splunk/parsers/splunk_alert.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,13 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
9393
tags = rule.get("tags", {}).get("analytic_story", [])
9494
if rule.get("type"):
9595
tags.append(rule.get("type"))
96+
false_positives = None
97+
if rule.get("known_false_positives"):
98+
false_positives = (
99+
rule["known_false_positives"]
100+
if isinstance(rule["known_false_positives"], list)
101+
else [rule["known_false_positives"]]
102+
)
96103
return RawQueryContainer(
97104
query=rule.get("search"),
98105
language=language,
@@ -103,7 +110,7 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
103110
author=rule.get("author").split(", "),
104111
status=rule.get("status"),
105112
description=description,
106-
false_positives=rule.get("known_false_positives"),
113+
false_positives=false_positives,
107114
references=rule.get("references"),
108115
mitre_attack=mitre_attack_container,
109116
tags=tags,

0 commit comments

Comments
 (0)