Merge pull request #163 from WuerthIT/dev_paramdetectionqueries

use det_queries for confluence
2024-11-06 09:35:21 +00:00 · 2020-03-23 01:30:03 +01:00 · 2020-03-23 01:30:03 +01:00 · 106da23f65
commit 106da23f65
parent f9cfe7035b 3e67ee11fe
2 changed files with 13 additions and 30 deletions
--- a/scripts/detectionrule.py
+++ b/scripts/detectionrule.py
@ -222,7 +222,12 @@ class DetectionRule:
                # have to remove '-' due to problems with
                # Jinja2 variable naming,e.g es-qs throws error
                # 'no es variable'
-                self.fields.update({output.replace("-", ""): str(query)[2:-3]})
+                #self.fields.update({output.replace("-", ""): str(query)[2:-3]})
+                det_queries[output] = str(query)[2:-3].replace("\\n", "\n")
+                
+            # Update detection rules
+            self.fields.update({"det_queries": det_queries})
+            self.fields.update({"queries": queries})

            # Data Needed
            data_needed = ATCutils.main_dn_calculatoin_func(self.yaml_file)
--- a/scripts/templates/confluence_alert_template.html.j2
+++ b/scripts/templates/confluence_alert_template.html.j2
@ -215,46 +215,24 @@
 </ac:structured-macro>
 {% else %}
 {% endif %}
-{% if esqs is defined and esqs|length %}
+
+{% if det_queries is defined and det_queries|length %}
+{% if queries is defined and queries|length %}
+{% for query in queries %}
 <ac:structured-macro ac:name="expand">
-    <ac:parameter ac:name="title">Kibana query</ac:parameter>
+    <ac:parameter ac:name="title">{{ query }}</ac:parameter>
    <ac:rich-text-body>
        <ac:structured-macro ac:name="code">
            <ac:parameter ac:name="language">text</ac:parameter>
            <ac:plain-text-body>
-                <![CDATA[{{ esqs }}]]>
+                <![CDATA[{{ det_queries[query] }}]]>
            </ac:plain-text-body>
        </ac:structured-macro>
    </ac:rich-text-body>
 </ac:structured-macro>
+{% endfor %}
 {% else %}
 {% endif %}
-{% if xpackwatcher is defined and xpackwatcher|length %}
-<ac:structured-macro ac:name="expand">
-    <ac:parameter ac:name="title">X-Pack Watcher</ac:parameter>
-    <ac:rich-text-body>
-        <ac:structured-macro ac:name="code">
-            <ac:parameter ac:name="language">text</ac:parameter>
-            <ac:plain-text-body>
-                <![CDATA[{{ xpackwatcher }}]]>
-            </ac:plain-text-body>
-        </ac:structured-macro>
-    </ac:rich-text-body>
-</ac:structured-macro>
-{% else %}
-{% endif %}
-{% if graylog is defined and graylog|length %}
-<ac:structured-macro ac:name="expand">
-    <ac:parameter ac:name="title">Graylog</ac:parameter>
-    <ac:rich-text-body>
-        <ac:structured-macro ac:name="code">
-            <ac:parameter ac:name="language">text</ac:parameter>
-            <ac:plain-text-body>
-                <![CDATA[{{ graylog }}]]>
-            </ac:plain-text-body>
-        </ac:structured-macro>
-    </ac:rich-text-body>
-</ac:structured-macro>
 {% else %}
 {% endif %}
 {% if splunk is defined and splunk|length %}