From 4f3a89328db50d45a70f8088e74df7a6a16dbdb5 Mon Sep 17 00:00:00 2001 From: Hendrik Date: Mon, 2 Nov 2020 19:57:24 +0100 Subject: [PATCH] Dynamically add Data Needed to Customer by DR I like the dynamic way how a detection rule is able to declare the data needed part. This change will extend the list of DN for a customer depending on the detection rules which are applied to the customer. --- scripts/customer.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/customer.py b/scripts/customer.py index 7c76923b..882ff66e 100644 --- a/scripts/customer.py +++ b/scripts/customer.py @@ -19,17 +19,19 @@ all_rules = [] all_names = [] all_titles = [] +all_paths = [] for dr_path in dr_dirs: rules, paths = ATCutils.load_yamls_with_paths(dr_path) all_rules = all_rules + rules + all_paths = all_paths + paths names = [path.split('/')[-1].replace('.yml', '') for path in paths] all_names = all_names + names titles = [rule.get('title') for rule in rules] all_titles = all_titles + titles -_ = zip(all_rules, all_names, all_titles) -rules_by_title = {title: (rule, name) for (rule, name, title) in _} +_ = zip(all_rules, all_names, all_titles, all_paths) +rules_by_title = {title: (rule, name, path) for (rule, name, title, path) in _} uc_dirs = ATCconfig.get('usecases_directory') @@ -137,6 +139,11 @@ def render_template(self, template_type): for title in self.detection_rules: if title is not None: name = rules_by_title.get(title)[1] + path = rules_by_title.get(title)[2] + learned_dn = ATCutils.main_dn_calculatoin_func(path) + for item in learned_dn: + if item not in self.cu_fields['dataneeded']: + self.cu_fields['dataneeded'].append(item) else: name = '' dr = (title, name)