Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added base_query filters to merged queries for all command line argument scenarios #78

Merged
merged 13 commits into from
Nov 3, 2022
Merged

Added base_query filters to merged queries for all command line argument scenarios #78

merged 13 commits into from
Nov 3, 2022

Conversation

xC0uNt3r7hr34t
Copy link
Contributor

Changes

  • fixed "contains" to "containcis" in two other locations that were missed in a previous PR.
  • added AND operator and paranthesis in function for base_query (filters)
  • added the ability for filters to be used with any other commandline parameter such as deffile, query, ioc, etc.

Closes #77

rc-csmith
rc-csmith suggested changes Oct 4, 2022
View reviewed changes
Copy link
Contributor

@rc-csmith rc-csmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both the _process_queries and get_results functions rely on the self._queries to build S1 searches. I would leave these functions as-is since they are standardized across EDR product files.

Since self._queries is defined in the function nested_process_search, I would recommend inject the filter options there. Per line #339 (or around that area), base_query is processed but is never used so it should just be a matter of adjusting how new entries into self._queries are created.

products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
surveyor.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
rc-csmith
rc-csmith suggested changes Oct 7, 2022
View reviewed changes
products/sentinel_one.py Outdated Show resolved Hide resolved
products/sentinel_one.py Outdated Show resolved Hide resolved
@rc-csmith rc-csmith merged commit 3c9c7ad into redcanaryco:master Nov 3, 2022
xC0uNt3r7hr34t pushed a commit to xC0uNt3r7hr34t/surveyor that referenced this pull request Jun 30, 2023
@rc-csmith
Merge pull request redcanaryco#78 from xC0uNt3r7hr34t/master
e8e849d 
Added base_query filters to merged queries for all command line argument scenarios
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rc-csmith rc-csmith rc-csmith approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Base query filter and query string not being concatenated with an operator causing invalid query
2 participants
@xC0uNt3r7hr34t @rc-csmith