Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guardium rel 1.10 #958

Merged
merged 9 commits into from May 25, 2022
Merged

Guardium rel 1.10 #958

merged 9 commits into from May 25, 2022

Conversation

deepsiIBM
Copy link
Contributor

No description provided.

@codecov
Copy link

codecov bot commented May 23, 2022
edited

Codecov Report

Merging #958 (a887f4c) into develop (5872672) will decrease coverage by 0.06%.
The diff coverage is 91.02%.

@@             Coverage Diff             @@
##           develop     #958      +/-   ##
===========================================
- Coverage    64.72%   64.65%   -0.07%     
===========================================
  Files          517      517              
  Lines        48597    48804     +207     
===========================================
+ Hits         31452    31554     +102     
- Misses       17145    17250     +105
Impacted Files Coverage Δ
...ules/guardium/stix_translation/query_translator.py 86.66% <ø> (ø)
...les/guardium/stix_translation/query_constructor.py 69.86% <88.52%> (-11.36%) ⬇️
..._to_qsearch/test_guardium_qsearch_stix_to_query.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5872672...a887f4c. Read the comment docs.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py Outdated
DEFAULT_DAYS_BACK = 2


class QueryStringPatternTranslator:
# Change comparator values to match with supported data source operators
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the comparator_lookup, it's not needed since they are now defined in operators.json.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the comparator_lookup.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py Outdated

def __init__(self, pattern: Pattern, data_model_mapper, options, transformers):
self.dmm = data_model_mapper
self.comparator_lookup = self.dmm.map_comparator()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to remain since the comparator_lookup is now defined in the data model mapper rather than calling on the comparator_lookup dictionary at the top of the query_constructor.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py Outdated
@@ -513,7 +596,7 @@ def _parse_expression(self, expression, qualifier=None) -> str:
# Multiple data source fields may map to the same STIX Object
mapped_fields_array = self.dmm.map_field(stix_object, stix_field)
# Resolve the comparison symbol to use in the query string (usually just ':')
comparator = self.comparator_lookup[str(expression.comparator)]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py Outdated
@@ -551,7 +635,7 @@ def _parse_expression(self, expression, qualifier=None) -> str:
return "{}".format(comparison_string)

elif isinstance(expression, CombinedComparisonExpression):
operator = self.comparator_lookup[str(expression.operator)]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep as is. This line shouldn't have been changed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py
@@ -569,15 +653,17 @@ def _parse_expression(self, expression, qualifier=None) -> str:
return self._parse_expression(expression.comparison_expression, qualifier)
elif hasattr(expression, 'qualifier') and hasattr(expression, 'observation_expression'):
if isinstance(expression.observation_expression, CombinedObservationExpression):
operator = self.comparator_lookup[str(expression.observation_expression.operator)]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

delliott90
delliott90 reviewed May 24, 2022
View reviewed changes
stix_shifter_modules/guardium/stix_translation/query_constructor.py
elif isinstance(expression, CombinedObservationExpression):
operator = self.comparator_lookup[str(expression.operator)]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done the change.

delliott90
delliott90 requested changes May 24, 2022
View reviewed changes
Copy link
Collaborator

@delliott90 delliott90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you are using the old way of defining the comparator lookup rather than relying on the operators.json file. The comparator_lookup is part of the data model mapper and is defined with self.comparator_lookup = self.dmm.map_comparator()

@deepsiIBM
Copy link
Contributor Author

deepsiIBM commented May 25, 2022
edited

I have worked on the comments and done with the changes. Please check.

@delliott90 delliott90 merged commit 4bf87e5 into opencybersecurityalliance:develop May 25, 2022
delliott90 pushed a commit that referenced this pull request May 25, 2022
@deepsiIBM @delliott90
Guardium rel 1.10 (#958)
1ab8504 
Update Guardium connector to use the STIX IN operator in queries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@delliott90 delliott90 delliott90 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@deepsiIBM @delliott90