def _format_translated_queries(query_array): # remove empty strings in the array query_array = list( map(lambda x: x.strip(), list(filter(None, query_array)))) # Transform from human-readable timestamp to 13-digit millisecond time # Ex. START t'2014-04-25T15:51:20.000Z' to START 1398441080000 formatted_queries = [] for query in query_array: if _test_START_STOP_format(query): # Remove leading 't' before timestamps query = re.sub("(?<=START)t|(?<=STOP)t", "", query) # Split individual query to isolate timestamps query_parts = re.split("(START)|(STOP)", query) # Remove None array entries query_parts = list( map(lambda x: x.strip(), list(filter(None, query_parts)))) if len(query_parts) == 5: formatted_queries.append( _convert_timestamps_to_milliseconds(query_parts)) else: logger.info( "Omitting query due to bad format for START STOP qualifier timestamp" ) continue else: formatted_queries.append(query) return formatted_queries
def __init__(self, pattern: Pattern, data_model_mapper, options): logger.info("Cybereason Connector") self.dmm = data_model_mapper self.comparator_lookup = self.dmm.map_comparator() self.pattern = pattern self.options = options self.config_map = self.load_json(CONFIG_MAP_PATH) self.qualified_queries = [] self.parse_expression(pattern)