changes made in the securonix connector

opencybersecurityalliance · Jan 6, 2025 · 68edf87 · 68edf87
1 parent a363459
commit 68edf87
Show file tree

Hide file tree

Showing 17 changed files with 402 additions and 1,119 deletions.
diff --git a/stix_shifter/scripts/stix_shifter.py b/stix_shifter/scripts/stix_shifter.py
@@ -364,5 +364,6 @@ def transmit(args):
     return result
 
 
+
 if __name__ == "__main__":
     main()
diff --git a/stix_shifter_modules/securonix/.idea/.gitignore b/stix_shifter_modules/securonix/.idea/.gitignore
diff --git a/stix_shifter_modules/securonix/.idea/inspectionProfiles/Project_Default.xml b/stix_shifter_modules/securonix/.idea/inspectionProfiles/Project_Default.xml
diff --git a/stix_shifter_modules/securonix/.idea/inspectionProfiles/profiles_settings.xml b/stix_shifter_modules/securonix/.idea/inspectionProfiles/profiles_settings.xml
diff --git a/stix_shifter_modules/securonix/.idea/misc.xml b/stix_shifter_modules/securonix/.idea/misc.xml
diff --git a/stix_shifter_modules/securonix/.idea/modules.xml b/stix_shifter_modules/securonix/.idea/modules.xml
diff --git a/stix_shifter_modules/securonix/.idea/securonix.iml b/stix_shifter_modules/securonix/.idea/securonix.iml
diff --git a/stix_shifter_modules/securonix/__init__.py b/stix_shifter_modules/securonix/__init__.py
@@ -0,0 +1,4 @@
+from stix_shifter_modules.securonix.entry_point import EntryPoint
+
+def entry(connection={}, configuration={}, options={}):
+    return EntryPoint(connection, configuration, options)
diff --git a/stix_shifter_modules/securonix/entry_point.py b/stix_shifter_modules/securonix/entry_point.py
@@ -4,9 +4,9 @@
 
 class EntryPoint(BaseEntryPoint):
 
-    def _init_(self, connection={}, configuration={}, options={}):
-        super()._init_(connection, configuration, options)
-        self.set_async(True)
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        self.set_async(False)
 
         if connection:
             self.setup_transmission_basic(connection, configuration)
@@ -19,8 +19,12 @@ def get_translated_queries(self, data, query, options={}):
 
     def create_results_connection(self, query, offset, length, metadata=None):
         # Wrap the async call in asyncio.run
-        return asyncio.run(self.transmission.create_results_connection(query, offset, length, metadata))
+        return asyncio.run(super().create_results_connection(query, offset, length, metadata=metadata))
 
     def ping_connection(self):
         # Wrap the async call in asyncio.run
-        return asyncio.run(self.transmission.ping_connection())
+        return asyncio.run(self.transmission.ping_connection())
+
+    def get_query_translator(self, dialect):
+        # Ensure we pass parameters to query translator
+        return self.stix_translation.QueryTranslator(self.connection, self.configuration)
diff --git a/stix_shifter_modules/securonix/json.json b/stix_shifter_modules/securonix/json.json
@@ -0,0 +1,58 @@
+{
+      "rg_category": "malware",
+      "year": "2024",
+      "devicecustomfloatingpoint1label": "46679",
+      "eventlatitude": "1.2868",
+      "userid": "-1",
+      "resourcegroupid": "103",
+      "customstring30": "8ab851ebb2754040b4ca992f4a8ca124",
+      "datetime": "1735343890911",
+      "sourceuserid": "api-client-id:8ab851ebb2754040b4ca992f4a8ca124",
+      "accountname": "API-CLIENT-ID:8AB851EBB2754040B4CA992F4A8CA124",
+      "id": "-1",
+      "raweventsize": "740",
+      "customstring38": "true",
+      "categorybehavior": "Process Stop",
+      "rawevent": "UserIp=52.187.106.132|AuditKeyValues.key.offset=46674|offset=46679|Message=|OperationName=streamStopped|customerIDString=c0fc60ef90d248c68873b63b38574f7e|UTCTimestamp=1735343890|Attributes={\"partition\":\"0\",\"offset\":\"46674\",\"APIClientID\":\"8ab851ebb2754040b4ca992f4a8ca124\",\"appId\":\"snypr_103\",\"eventType\":\"All event type(s)\"}|AuditKeyValues.key.eventType=All event type(s)|eventType=AuthActivityAuditEvent|AuditKeyValues.key.APIClientID=8ab851ebb2754040b4ca992f4a8ca124|version=1.0|AuditKeyValues.key.appId=snypr_103|Success=true|Source=Crowdstrike Streaming API|SourceIp=52.187.106.132|ServiceName=Crowdstrike Streaming API|UserId=api-client-id:8ab851ebb2754040b4ca992f4a8ca124|eventCreationTime=1735343890911|AuditKeyValues.key.partition=0",
+      "customstring34": "streamStopped",
+      "dayofyear": "362",
+      "poprocessedtime": "1735344120000",
+      "customstring41": "1.0",
+      "rg_vendor": "CrowdStrike",
+      "month": "12",
+      "tenantname": "Trinity Christian Centre Limited",
+      "resourcename": "CrowdStrike Alerts",
+      "categoryoutcome": "Success",
+      "eventcountry": "Singapore",
+      "rg_timezoneoffset": "UTC",
+      "resourcegroupname": "CrowdStrike Alerts",
+      "ipaddress": "52.187.106.132",
+      "eventid": "b6e2406d-1bed-427c-a031-ece25aca35df",
+      "week": "52",
+      "categoryobject": "Process",
+      "rg_functionality": "Cloud Antivirus / Malware / EDR",
+      "destinationservicename": "Crowdstrike Streaming API",
+      "customfield2": "c0fc60ef90d248c68873b63b38574f7e",
+      "dayofmonth": "27",
+      "collectiontimestamp": "1735344120000",
+      "hour": "11",
+      "tenantid": "2",
+      "rg_resourcetypeid": "35",
+      "eventlongitude": "103.8503",
+      "eventcity": "Singapore",
+      "collectionmethod": "crowdstrikestreaming",
+      "publishedtime": "1735344363393",
+      "receivedtime": "1735344150718",
+      "unparsed": "FALSE",
+      "transactionstring1": "Crowdstrike",
+      "categorizedtime": "Late Evening",
+      "resourcetype": "Crowdstrike Alerts Streaming",
+      "rg_ipaddress": "",
+      "minute": "58",
+      "categoryseverity": "0",
+      "sourceaddress": "52.187.106.132",
+      "dayofweek": "6",
+      "deviceeventcategory": "AuthActivityAuditEvent",
+      "eventregion": "Asia",
+      "ingestionnodeid": "Trinity Christian Centre Limited-TCC-RIN01"
+    }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -364,5 +364,6 @@ def transmit(args):
		return result



		if __name__ == "__main__":
		main()