def _format_translated_queries(query_array):
# remove empty strings in the array
query_array = list(
map(lambda x: x.strip(), list(filter(None, query_array))))
# Transform from human-readable timestamp to 13-digit millisecond time
# Ex. START t'2014-04-25T15:51:20.000Z' to START 1398441080000
formatted_queries = []
for query in query_array:
if _test_START_STOP_format(query):
# Remove leading 't' before timestamps
query = re.sub("(?<=START)t|(?<=STOP)t", "", query)
# Split individual query to isolate timestamps
query_parts = re.split("(START)|(STOP)", query)
# Remove None array entries
query_parts = list(
map(lambda x: x.strip(), list(filter(None, query_parts))))
if len(query_parts) == 5:
formatted_queries.append(
_convert_timestamps_to_milliseconds(query_parts))
else:
logger.info(
"Omitting query due to bad format for START STOP qualifier timestamp"
)
continue
else:
formatted_queries.append(query)
return formatted_queries
def __init__(self, pattern: Pattern, data_model_mapper, options):
logger.info("Cybereason Connector")
self.dmm = data_model_mapper
self.comparator_lookup = self.dmm.map_comparator()
self.pattern = pattern
self.options = options
self.config_map = self.load_json(CONFIG_MAP_PATH)
self.qualified_queries = []
self.parse_expression(pattern)