update results translator

opencybersecurityalliance · Apr 11, 2022 · 3b2fc33 · 3b2fc33
1 parent 7093526
commit 3b2fc33
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 6 deletions.
diff --git a/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json b/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json
@@ -5,12 +5,12 @@
     "transformer": "ToInteger"
   },
   "endpointId": {
-    "key": "x-reaqta.endpoint_id",
+    "key": "x-reaqta-event.endpoint_id",
     "object": "x-reaqta"
   },
   "payload": {
       "localId":{
-        "key": "x-reaqta.local_id",
+        "key": "x-reaqta-event.local_id",
         "object": "x-reaqta"
       },
       "process": {
@@ -23,7 +23,7 @@
             "object": "event"
           },
           "endpointId": {
-            "key": "x-reaqta.process_endpoint_id",
+            "key": "x-reaqta-event.process_endpoint_id",
             "object": "x-reaqta"
           },
           "program": {
@@ -178,7 +178,7 @@
         "object": "x-ibm-finding"
       },
       "triggeredIncidents": {
-        "key": "x-ibm-finding.extensions.x-reaqta-alert.triggeredIncidents",
+        "key": "x-ibm-finding.extensions.x-reaqta-alert.triggered_incidents",
         "object": "x-ibm-finding"
       },
       "data": {
@@ -255,6 +255,11 @@
           }
       },
       "eventType": {
+        "key": "x-ibm-finding.finding_type",
+        "object": "x-ibm-finding",
+        "transformer": "ToString"
+      },
+      "eventName": {
         "key": "x-ibm-finding.name",
         "object": "x-ibm-finding"
       }

diff --git a/stix_shifter_modules/reaqta/stix_translation/results_translator.py b/stix_shifter_modules/reaqta/stix_translation/results_translator.py
@@ -1,5 +1,22 @@
+import os
+import json
 from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import JSONToStix
 
-
 class ResultsTranslator(JSONToStix):
-    pass
+
+    def __init__(self, options, dialect, base_file_path=None, callback=None):
+        super().__init__(options, dialect, base_file_path, callback)
+
+        event_names_path = os.path.abspath(os.path.join(base_file_path, "json", "event_names_map.json"))
+        self.event_names = self.read_json(event_names_path, options)
+
+    def translate_results(self, data_source, data):
+        results = json.loads(data)
+        for result in results:
+            payload = result['payload']
+            if payload.get('eventType'):
+                event_name = self.event_names[str(payload.get('eventType'))]
+            result['payload']['eventName'] = event_name
+
+        data = json.dumps(results, indent=4)
+        return super().translate_results(data_source, data)