Moved Sysmon schema XML from contrib directory into module

2024-11-06 17:35:19 +00:00 · 2019-03-16 00:59:29 +01:00 · 2019-03-16 00:59:29 +01:00 · 2dda9a7b77
commit 2dda9a7b77
parent be25aa2c37
2 changed files with 7 additions and 5 deletions
--- a/tools/sigma/backends/ala.py
+++ b/tools/sigma/backends/ala.py
@ -16,8 +16,8 @@

 import re
 import xml.etree.ElementTree as xml
-import os
 from .base import SingleTextQueryBackend
+from .data import sysmon_schema
 from .exceptions import NotSupportedError

 class AzureLogAnalyticsBackend(SingleTextQueryBackend):
@ -53,10 +53,8 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend):

    def map_sysmon_schema(self, eventid):
        schema_keys = []
-        abs_path = os.path.abspath(os.path.dirname(__file__))
-        sysmon_schema = os.path.join(abs_path, "../../../contrib/sysmon-schema.xml")
        try:
-            tree = xml.parse(sysmon_schema)
+            tree = xml.ElementTree(xml.fromstring(sysmon_schema))
        except:
            raise NotSupportedError("Required Sysmon schema not provided")
        root = tree.getroot()
--- a/tools/sigma/backends/data.py
+++ b/tools/sigma/backends/data.py
@ -1,3 +1,6 @@
+# Static data required by backends
+
+sysmon_schema = """
 <manifest schemaversion="4.2" binaryversion="8.00">
  <configuration>
    <options>
@ -253,4 +256,5 @@
      <data name="Filter" inType="win:UnicodeString" outType="xs:string" />
    </event>
  </events>
-</manifest>
+</manifest>
+"""