Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added base_query filters to merged queries for all command line argument scenarios #78

Merged
merged 13 commits into from
Nov 3, 2022
Merged

Added base_query filters to merged queries for all command line argument scenarios #78

Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
f46912f
Added 'AND' operator and parenthesis to properly build full query.
Sep 27, 2022
c538a00
fixed containscis parsing and existing operator,parameter pair check
Sep 28, 2022
7373070
added ability to use commandline filters with deffile
Sep 28, 2022
a2b192b
added option for base_query to work for all commandline parameter opt…
Sep 28, 2022
7d15be4
Revert "added option for base_query to work for all commandline param…
Oct 4, 2022
11c8426
Revert "added ability to use commandline filters with deffile"
Oct 4, 2022
4689f0c
fixed formatting for base_query
Oct 4, 2022
cbfaf10
added abillity for variations of contains operator.
Oct 4, 2022
abe1e04
add base_query to self._queries if it exists
Oct 5, 2022
97d3587
add formatting for building query in order to not have double operato…
Oct 5, 2022
8c321db
prevent empty parenthesis and AND operator if build_query is empty
Oct 5, 2022
aea3822
fix empty base_query for deffiles
Oct 7, 2022
6087443
add base_query to merged query instead of self._queries
Oct 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions products/sentinel_one.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ def _get_dv_events(self, query_id: str) -> list[dict]:

def process_search(self, tag: Tag, base_query: dict, query: str) -> None:
build_query, from_date, to_date = self.build_query(base_query)
query = query + build_query
self._query_base = build_query
self._echo(f'Built Query: {query}')

if tag not in self._queries:
Expand All @@ -337,7 +337,7 @@ def process_search(self, tag: Tag, base_query: dict, query: str) -> None:

def nested_process_search(self, tag: Tag, criteria: dict, base_query: dict):
query_base, from_date, to_date = self.build_query(base_query)

self._query_base = query_base
try:
for search_field, terms in criteria.items():
all_terms = ', '.join(f'"{term}"' for term in terms)
Expand Down Expand Up @@ -389,9 +389,9 @@ def _process_queries(self):

for tag, queries in self._queries.items():
for query in queries:
if query.operator == 'contains':
if query.operator in ('contains', 'containscis', 'contains anycase'):
key = (query.operator, query.parameter)
if query.operator not in combined_queries:
if key not in combined_queries:
combined_queries[key] = list()

combined_queries[key].append((tag, query.search_value))
Expand All @@ -404,7 +404,7 @@ def _process_queries(self):
# merge combined queries and add them to query_text
data: list[Tuple[Tag, str]]
for (operator, parameter), data in combined_queries.items():
if operator == 'contains':
if operator in ('contains', 'containscis', 'contains anycase'):
full_query = f'{parameter} in contains anycase ({", ".join(x[1] for x in data)})'

tag = Tag(','.join(tag[0].tag for tag in data), ','.join(tag[0].data for tag in data))
Expand Down Expand Up @@ -434,11 +434,15 @@ def _process_queries(self):
# merge all query tags into a single string
merged_tag = Tag(','.join(tag.tag for tag in merged_tags), ','.join(str(tag.data) for tag in merged_tags))

if len(self._query_base):
# add base_query filter to merged query string
merged_query = f'{self._query_base} AND ({merged_query})'

if len(self._site_ids):
# restrict query to specified sites
# S1QL does not support restricting a query to a specified account ID
merged_query = f'SiteID in contains ("' + '", "'.join(self._site_ids) + f'") AND ({merged_query})'

# build request body for DV API call
params = self._get_default_body()
params.update({
Expand Down