Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add email-message translation to ecs #1621

Merged
merged 2 commits into from
Nov 29, 2023
Merged

add email-message translation to ecs #1621

merged 2 commits into from
Nov 29, 2023

Conversation

subbyte
Copy link
Member

@subbyte subbyte commented Nov 29, 2023

No description provided.

@subbyte
Copy link
Member Author

subbyte commented Nov 29, 2023

Partially resolve #1518

@codecov Codecov
Copy link

codecov bot commented Nov 29, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (fe810d0) 86.00% compared to head (a8486ac) 86.01%.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #1621   +/-   ##
========================================
  Coverage    86.00%   86.01%           
========================================
  Files          572      572           
  Lines        48676    48710   +34     
========================================
+ Hits         41862    41896   +34     
  Misses        6814     6814

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

mdazam1942
mdazam1942 reviewed Nov 29, 2023
View reviewed changes
stix_shifter_modules/elastic_ecs/tests/stix_translation/test_elastic_ecs_json_to_stix.py
observed_data = translation_objects[1]
stix_objects = observed_data.get("objects")
assert len(stix_objects) == 8
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i would put more specific test to verify if the objects are created correctly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More specific tests added.

@mdazam1942 mdazam1942 merged commit 30ba487 into opencybersecurityalliance:develop Nov 29, 2023
5 checks passed
DerekRushton pushed a commit that referenced this pull request Dec 7, 2023
@subbyte @DerekRushton
add email-message translation to ecs (#1621)
63a2b59
DerekRushton added a commit that referenced this pull request Jul 22, 2024
@DerekRushton @thangaraj-ramesh
@dependabot @delliott90 @mdazam1942 @subbyte @Alex-Kidston @KaneBrennan132
Tanium threat response connector 2 (#1693)
97bf644 
* CP4S-39527 Initial Translation Code - Draft

* Tanium Threat Response

* Fix Azure log analytics results translation. (#1612)

Updating azure log analytics review comments.
1. Added transformer for converting int to float for latitude.
2.Updated TimestampConversion transformer to handle without milliseconds and added mappings for first and last observed.
3. Updated transformer to handle ConfidenceScore value is 'nan'.

* Bump aioboto3 from 11.3.1 to 12.0.0 in /stix_shifter (#1611)

Bumps [aioboto3](https://github.com/terrycain/aioboto3) from 11.3.1 to 12.0.0.
- [Changelog](https://github.com/terrycain/aioboto3/blob/main/CHANGELOG.rst)
- [Commits](terricain/aioboto3@v11.3.1...v12.0.0)

---
updated-dependencies:
- dependency-name: aioboto3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyopenssl from 23.2.0 to 23.3.0 in /stix_shifter (#1610)

Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 23.2.0 to 23.3.0.
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@23.2.0...23.3.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* table of mapping script update for to-stix dialects (#1609)

* Bump azure-identity from 1.14.1 to 1.15.0 in /stix_shifter (#1614)

Bumps [azure-identity](https://github.com/Azure/azure-sdk-for-python) from 1.14.1 to 1.15.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.14.1...azure-identity_1.15.0)

---
updated-dependencies:
- dependency-name: azure-identity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flatten-json from 0.1.13 to 0.1.14 in /stix_shifter (#1613)

Bumps [flatten-json](https://github.com/amirziai/flatten) from 0.1.13 to 0.1.14.
- [Release notes](https://github.com/amirziai/flatten/releases)
- [Commits](https://github.com/amirziai/flatten/commits)

---
updated-dependencies:
- dependency-name: flatten-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update CHANGELOG.md for 6.3.0

* Cisco secure email added readme detailed file. (#1615)

* Added tested communication code for Tanium

* Added suggestions from Azam.

* Fix parameter assignment in error handling function (#1616)

* Remove future timestamp qualifier conditions (#1619)

* Make sure certificate is verified when required by RestApiClientAsync (#1620)

Deprecates selfSignedCert: false bypasss

* Update CHANGELOG.md for 7.0.0

* add email-message translation to ecs (#1621)

* Update group_ref keyword documenation (#1622)

* Initial To Stix mapping - Event and Transformers

* Another temporary commit to hold x-oca-event form

* Finished up the to_stix mapping + test.

* Removed additional event data.

* Fixing the unittest failure

* Another Attempt

* Added the missing fields to the Tanium API response and request.

* Updated toStix and fromStix

* Update CHANGELOG.md for 7.0.1

* second half of email.* mapping for elastic_ecs (#1632)

* Sysdig connector (#1630)

* Update machine ID field in QRadar module (#1634)

Co-authored-by: Kane Brennan <[email protected]>

* Sysdig Connector - Formatting issue in sysdig_supported_stix.md file corrected  (#1635)

* Added the readme (WIP)

* Undid an unintended change.

* Another Attempt to undo the change.

* Removing one more unintended change.

* One more unintended change.

* Updated the sample for the unit test.

* Azam's suggestions.

* Cleaned out the testing code I had left.

* Clean-up - Fixed up the readme.

* Added Azam's suggestions

* Cleaned the Json so it's standardized.

* Removed the total size from the meta data as it's not needed.

* Cleaning up some comments+fixed observation queries.

Signed-off-by: DerekRushton <[email protected]>

* Making the config values consistent.

Signed-off-by: DerekRushton <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: DerekRushton <[email protected]>
Co-authored-by: thangaraj-ramesh <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Danny Elliott <[email protected]>
Co-authored-by: Md Azam <[email protected]>
Co-authored-by: Xiaokui Shu <[email protected]>
Co-authored-by: Alex-Kidston <[email protected]>
Co-authored-by: Kane Brennan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdazam1942 mdazam1942 mdazam1942 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@subbyte @mdazam1942