Add missing pipeline selector for uberAgent 7.2.0

vastlimits · May 30, 2024 · 5bc460b · 5bc460b
1 parent c962042
commit 5bc460b
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 3 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pySigma-backend-uberAgent"
-version = "0.3.65"
+version = "0.3.66"
 description = "pySigma uAQL backend"
 authors = ["vast limits GmbH <[email protected]>"]
 license = "MIT"

diff --git a/sigma/pipelines/uberagent/__init__.py b/sigma/pipelines/uberagent/__init__.py
@@ -1,4 +1,4 @@
-from .uberagent import uberagent, uberagent600, uberagent610, uberagent620, uberagent700, uberagent710, uberagent_develop, uberagent_test
+from .uberagent import uberagent, uberagent600, uberagent610, uberagent620, uberagent700, uberagent710, uberagent720, uberagent_develop, uberagent_test
 
 pipelines = {
     "uberagent": uberagent,
@@ -7,5 +7,6 @@
     "uberagent-6.2.0": uberagent620,
     "uberagent-7.0.0": uberagent700,
     "uberagent-7.1.0": uberagent710,
+    "uberagent-7.2.0": uberagent720,
     "uberagent-develop": uberagent_develop
 }
diff --git a/sigma/pipelines/uberagent/uberagent.py b/sigma/pipelines/uberagent/uberagent.py
@@ -596,6 +596,16 @@ def uberagent710() -> ProcessingPipeline:
     return make_pipeline(Version(UA_VERSION_7_1))
 
 
+def uberagent720() -> ProcessingPipeline:
+    """
+    Create a processing pipeline for version 7.2 of uberAgent.
+
+    Returns:
+    - ProcessingPipeline: The assembled processing pipeline for version 7.2.
+    """
+    return make_pipeline(Version(UA_VERSION_7_2))
+
+
 def uberagent_develop() -> ProcessingPipeline:
     """
     Create a processing pipeline for the development version of uberAgent.

diff --git a/tests/test_pipelines_uberAgent.py b/tests/test_pipelines_uberAgent.py
@@ -4,7 +4,7 @@
 
 from sigma.backends.uberagent import uberagent
 from sigma.backends.uberagent.exceptions import MissingPropertyException, MissingFunctionException
-from sigma.pipelines.uberagent import uberagent as uberagent_pipeline, uberagent600, uberagent610, uberagent620, uberagent700, uberagent710, uberagent_develop, uberagent_test
+from sigma.pipelines.uberagent import uberagent as uberagent_pipeline, uberagent600, uberagent610, uberagent620, uberagent700, uberagent710, uberagent720, uberagent_develop, uberagent_test
 
 
 def test_ua_windows():
@@ -380,6 +380,23 @@ def test_uberagent710():
     ) == ['Process.Path == "test" and Process.CommandLine == "test"']
 
 
+def test_uberagent720():
+    assert uberagent(processing_pipeline=uberagent720()).convert(
+        SigmaCollection.from_yaml("""
+            title: Test
+            status: test
+            logsource:
+                product: windows
+                category: process_creation
+            detection:
+                sel:
+                    Image: test
+                    CommandLine: test
+                condition: sel
+        """)
+    ) == ['Process.Path == "test" and Process.CommandLine == "test"']
+
+
 def test_uberagent_develop():
     assert uberagent(processing_pipeline=uberagent_develop()).convert(
         SigmaCollection.from_yaml("""