stix-shifter-modules-sysdig 8.0.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. stix_shifter_modules/sysdig/__init__.py +0 -0
  2. stix_shifter_modules/sysdig/configuration/config.json +603 -0
  3. stix_shifter_modules/sysdig/configuration/dialects.json +6 -0
  4. stix_shifter_modules/sysdig/configuration/lang_en.json +69 -0
  5. stix_shifter_modules/sysdig/entry_point.py +12 -0
  6. stix_shifter_modules/sysdig/stix_translation/__init__.py +0 -0
  7. stix_shifter_modules/sysdig/stix_translation/json/config_map.json +33 -0
  8. stix_shifter_modules/sysdig/stix_translation/json/from_stix_map.json +110 -0
  9. stix_shifter_modules/sysdig/stix_translation/json/operators.json +13 -0
  10. stix_shifter_modules/sysdig/stix_translation/json/stix_2_1/from_stix_map.json +110 -0
  11. stix_shifter_modules/sysdig/stix_translation/json/stix_2_1/to_stix_map.json +332 -0
  12. stix_shifter_modules/sysdig/stix_translation/json/to_stix_map.json +332 -0
  13. stix_shifter_modules/sysdig/stix_translation/json_to_stix_translator.py +529 -0
  14. stix_shifter_modules/sysdig/stix_translation/query_constructor.py +472 -0
  15. stix_shifter_modules/sysdig/stix_translation/query_translator.py +26 -0
  16. stix_shifter_modules/sysdig/stix_translation/transformers.py +66 -0
  17. stix_shifter_modules/sysdig/stix_transmission/__init__.py +0 -0
  18. stix_shifter_modules/sysdig/stix_transmission/api_client.py +37 -0
  19. stix_shifter_modules/sysdig/stix_transmission/connector.py +213 -0
  20. stix_shifter_modules/sysdig/stix_transmission/error_mapper.py +34 -0
  21. stix_shifter_modules_sysdig-8.0.2.dist-info/METADATA +148 -0
  22. stix_shifter_modules_sysdig-8.0.2.dist-info/RECORD +27 -0
  23. stix_shifter_modules_sysdig-8.0.2.dist-info/WHEEL +5 -0
  24. stix_shifter_modules_sysdig-8.0.2.dist-info/licenses/AUTHORS.md +23 -0
  25. stix_shifter_modules_sysdig-8.0.2.dist-info/licenses/LICENSE.md +219 -0
  26. stix_shifter_modules_sysdig-8.0.2.dist-info/licenses/NOTICE +32 -0
  27. stix_shifter_modules_sysdig-8.0.2.dist-info/top_level.txt +1 -0
stix_shifter_modules/sysdig/__init__.py ADDED
File without changes
stix_shifter_modules/sysdig/configuration/config.json ADDED
@@ -0,0 +1,603 @@
1
+ {
2
+ "connection": {
3
+ "type": {
4
+ "displayName": "Sysdig",
5
+ "group": "sysdig",
6
+ "type": "connectorType"
7
+ },
8
+ "host": {
9
+ "type": "text",
10
+ "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9_:/\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9_:/\\-]*[A-Za-z0-9])$"
11
+ },
12
+ "port": {
13
+ "type": "number",
14
+ "default": 443,
15
+ "min": 1,
16
+ "max": 65535
17
+ },
18
+ "help": {
19
+ "type": "link",
20
+ "default": "data-sources.html"
21
+ },
22
+ "selfSignedCert": {
23
+ "type": "password",
24
+ "optional": true
25
+ },
26
+ "options": {
27
+ "type": "fields",
28
+ "async_call": {
29
+ "type": "text",
30
+ "hidden": true,
31
+ "optional": true
32
+ },
33
+ "result_limit": {
34
+ "default": 10000,
35
+ "min": 1,
36
+ "max": 10000000,
37
+ "type": "number",
38
+ "previous": "connection.resultSizeLimit"
39
+ },
40
+ "batch_size": {
41
+ "default": 2000,
42
+ "min": 1,
43
+ "max": 10000,
44
+ "type": "number",
45
+ "optional": true,
46
+ "hidden": true
47
+ },
48
+ "time_range": {
49
+ "default": 5,
50
+ "min": 1,
51
+ "max": 10000,
52
+ "type": "number",
53
+ "previous": "connection.timerange",
54
+ "nullable": true
55
+ },
56
+ "timeout": {
57
+ "default": 30,
58
+ "min": 1,
59
+ "max": 3600,
60
+ "hidden": true,
61
+ "type": "number",
62
+ "previous": "connection.timeoutLimit"
63
+ },
64
+ "dialects": {
65
+ "type": "array",
66
+ "hidden": true,
67
+ "optional": true
68
+ },
69
+ "language": {
70
+ "type": "string",
71
+ "default": "stix",
72
+ "optional": true,
73
+ "hidden": true
74
+ },
75
+ "validate_pattern": {
76
+ "type": "boolean",
77
+ "optional": true,
78
+ "hidden": true,
79
+ "previous": "connection.validate_pattern"
80
+ },
81
+ "stix_validator": {
82
+ "type": "boolean",
83
+ "default": false,
84
+ "optional": true,
85
+ "hidden": true,
86
+ "previous": "connection.stix_validator"
87
+ },
88
+ "mapping": {
89
+ "type": "json",
90
+ "optional": true,
91
+ "previous": "connection.mapping",
92
+ "default": {
93
+ "config_map": {
94
+ "int_supported_fields": [
95
+ "severity",
96
+ "ruleType",
97
+ "ruleSubType",
98
+ "policyId",
99
+ "agentId",
100
+ "aws.accountId"
101
+ ],
102
+ "string_supported_fields": [
103
+ "kubernetes.cluster.name",
104
+ "kubernetes.namespace.name",
105
+ "kubernetes.deployment.name",
106
+ "containerId",
107
+ "container.name",
108
+ "container.image.id",
109
+ "container.image.repo",
110
+ "container.image.tag",
111
+ "container.image.digest",
112
+ "container.label.io.kubernetes.pod.name",
113
+ "container.label.io.kubernetes.pod.namespace",
114
+ "ruleName",
115
+ "category",
116
+ "originator",
117
+ "source",
118
+ "host.hostName",
119
+ "cloudProvider.name",
120
+ "aws.region"
121
+ ],
122
+ "mac_supported_fields": [
123
+ "machineId"
124
+ ]
125
+ },
126
+ "to_stix_map": {
127
+ "category": {
128
+ "key": "x-ibm-finding.x_category",
129
+ "object": "finding"
130
+ },
131
+ "originator": {
132
+ "key": "x-ibm-finding.x_threat_originator",
133
+ "object": "finding"
134
+ },
135
+ "source": {
136
+ "key": "x-ibm-finding.x_threat_source",
137
+ "object": "finding"
138
+ },
139
+ "agentId": {
140
+ "key": "x-ibm-finding.x_agent_id",
141
+ "object": "finding"
142
+ },
143
+ "finding_type": {
144
+ "key": "x-ibm-finding.finding_type",
145
+ "object": "finding"
146
+ },
147
+ "l4protocol": {
148
+ "key": "network-traffic.protocols",
149
+ "object": "network",
150
+ "transformer": "ToLowercaseArray"
151
+ },
152
+ "clientPort": {
153
+ "key": "network-traffic.src_port",
154
+ "object": "network",
155
+ "transformer": "ToInteger"
156
+ },
157
+ "serverPort": {
158
+ "key": "network-traffic.dst_port",
159
+ "object": "network",
160
+ "transformer": "ToInteger"
161
+ },
162
+ "serverIpv4": [
163
+ {
164
+ "key": "ipv4-addr.value",
165
+ "object": "dst_ip"
166
+ },
167
+ {
168
+ "key": "network-traffic.dst_ref",
169
+ "object": "network",
170
+ "references": "dst_ip"
171
+ }
172
+ ],
173
+ "clientIpv4": [
174
+ {
175
+ "key": "ipv4-addr.value",
176
+ "object": "src_ip"
177
+ },
178
+ {
179
+ "key": "network-traffic.src_ref",
180
+ "object": "network",
181
+ "references": "src_ip"
182
+ }
183
+ ],
184
+ "severity": {
185
+ "key": "x-ibm-finding.severity",
186
+ "object": "finding",
187
+ "transformer": "SeverityToScore"
188
+ },
189
+ "containerId": {
190
+ "key": "x-oca-asset.extensions.x-oca-container-ext.container_id",
191
+ "object": "asset"
192
+ },
193
+ "description": [
194
+ {
195
+ "key": "x-sysdig-policy.description",
196
+ "object": "policy"
197
+ },
198
+ {
199
+ "key": "x-ibm-finding.x_policy_ref",
200
+ "object": "finding",
201
+ "references": "policy"
202
+ }
203
+ ],
204
+ "content": {
205
+ "ruleName": {
206
+ "key": "x-sysdig-policy.rule_name",
207
+ "object": "policy"
208
+ },
209
+ "ruleType": {
210
+ "key": "x-sysdig-policy.rule_type",
211
+ "object": "policy"
212
+ },
213
+ "ruleSubType": {
214
+ "key": "x-sysdig-policy.rule_subtype",
215
+ "object": "policy"
216
+ },
217
+ "policyId": {
218
+ "key": "x-sysdig-policy.policy_id",
219
+ "object": "policy"
220
+ },
221
+ "fields": {
222
+ "falco.rule": {
223
+ "key": "x-ibm-finding.name",
224
+ "object": "finding"
225
+ },
226
+ "proc.cmdline": {
227
+ "key": "process.command_line",
228
+ "object": "proc"
229
+ },
230
+ "proc.name": [
231
+ {
232
+ "key": "file.name",
233
+ "object": "file"
234
+ },
235
+ {
236
+ "key": "process.name",
237
+ "object": "proc"
238
+ },
239
+ {
240
+ "key": "process.binary_ref",
241
+ "object": "proc",
242
+ "references": "file"
243
+ }
244
+ ],
245
+ "proc.pid": {
246
+ "key": "process.pid",
247
+ "object": "proc",
248
+ "transformer": "ToInteger"
249
+ },
250
+ "proc.sid": {
251
+ "key": "process.x_sid",
252
+ "object": "proc"
253
+ },
254
+ "proc.exepath": [
255
+ {
256
+ "key": "directory.path",
257
+ "object": "file_dir"
258
+ },
259
+ {
260
+ "key": "file.parent_directory_ref",
261
+ "object": "file",
262
+ "references": "file_dir"
263
+ }
264
+ ],
265
+ "proc.cwd": {
266
+ "key": "process.cwd",
267
+ "object": "proc"
268
+ },
269
+ "proc.pname": [
270
+ {
271
+ "key": "file.name",
272
+ "object": "parent_file"
273
+ },
274
+ {
275
+ "key": "process.name",
276
+ "object": "parent_proc"
277
+ },
278
+ {
279
+ "key": "process.parent_ref",
280
+ "object": "proc",
281
+ "references": "parent_proc"
282
+ },
283
+ {
284
+ "key": "process.binary_ref",
285
+ "object": "parent_proc",
286
+ "references": "parent_file"
287
+ }
288
+ ],
289
+ "proc.pcmdline": {
290
+ "key": "process.command_line",
291
+ "object": "parent_proc"
292
+ },
293
+ "proc.ppid": {
294
+ "key": "process.pid",
295
+ "object": "parent_proc",
296
+ "transformer": "ToInteger"
297
+ },
298
+ "proc.anames": {
299
+ "key": "process.x_parent_names",
300
+ "object": "parent_proc"
301
+ },
302
+ "user.loginname": {
303
+ "key": "user-account.account_login",
304
+ "object": "user"
305
+ },
306
+ "user.loginuid": {
307
+ "key": "user-account.x_loginuid",
308
+ "object": "user"
309
+ },
310
+ "user.name": [
311
+ {
312
+ "key": "user-account.display_name",
313
+ "object": "user"
314
+ },
315
+ {
316
+ "key": "process.creator_user_ref",
317
+ "object": "proc",
318
+ "references": "user"
319
+ }
320
+ ],
321
+ "user.uid": {
322
+ "key": "user-account.user_id",
323
+ "object": "user"
324
+ }
325
+ }
326
+ },
327
+ "labels": {
328
+ "host.hostName": {
329
+ "key": "x-oca-asset.hostname",
330
+ "object": "asset"
331
+ },
332
+ "container.image.digest": {
333
+ "key": "x-oca-asset.extensions.x-oca-container-ext.x_digest",
334
+ "object": "asset"
335
+ },
336
+ "container.image.id": {
337
+ "key": "x-oca-asset.extensions.x-oca-container-ext.image_id",
338
+ "object": "asset"
339
+ },
340
+ "container.image.tag": {
341
+ "key": "x-oca-asset.extensions.x-oca-container-ext.x_tag",
342
+ "object": "asset"
343
+ },
344
+ "container.image.repo": {
345
+ "key": "x-oca-asset.extensions.x-oca-container-ext.x_repo",
346
+ "object": "asset"
347
+ },
348
+ "container.label.io.kubernetes.pod.name": {
349
+ "key": "x-oca-asset.extensions.x-oca-pod-ext.pod_name",
350
+ "object": "asset"
351
+ },
352
+ "container.label.io.kubernetes.pod.namespace": {
353
+ "key": "x-oca-asset.extensions.x-oca-pod-ext.x_namespace",
354
+ "object": "asset"
355
+ },
356
+ "container.name": {
357
+ "key": "x-oca-asset.extensions.x-oca-container-ext.name",
358
+ "object": "asset"
359
+ },
360
+ "host.mac": [
361
+ {
362
+ "key": "mac-addr.value",
363
+ "object": "mac"
364
+ },
365
+ {
366
+ "key": "x-oca-asset.mac_refs",
367
+ "object": "asset",
368
+ "references": [
369
+ "mac"
370
+ ]
371
+ }
372
+ ],
373
+ "kubernetes.cluster.name": [
374
+ {
375
+ "key": "x-sysdig-cluster.name",
376
+ "object": "cluster"
377
+ },
378
+ {
379
+ "key": "x-ibm-finding.x_cluster_ref",
380
+ "object": "finding",
381
+ "references": "cluster"
382
+ },
383
+ {
384
+ "key": "x-sysdig-cluster.x_node_ref",
385
+ "object": "cluster",
386
+ "references": "asset"
387
+ }
388
+ ],
389
+ "kubernetes.daemonSet.name": {
390
+ "key": "x-sysdig-cluster.daemonset",
391
+ "object": "cluster"
392
+ },
393
+ "kubernetes.namespace.name": {
394
+ "key": "x-sysdig-cluster.namespace",
395
+ "object": "cluster"
396
+ },
397
+ "kubernetes.deployment.name": [
398
+ {
399
+ "key": "x-sysdig-deployment.name",
400
+ "object": "deployment"
401
+ },
402
+ {
403
+ "key": "x-ibm-finding.x_deployment_ref",
404
+ "object": "finding",
405
+ "references": "deployment"
406
+ }
407
+ ],
408
+ "kubernetes.node.name": [
409
+ {
410
+ "key": "ipv4-addr.value",
411
+ "object": "ip",
412
+ "transformer": "HostnameToIpAddress"
413
+ },
414
+ {
415
+ "key": "x-oca-asset.ip_refs",
416
+ "object": "asset",
417
+ "references": [
418
+ "ip"
419
+ ]
420
+ }
421
+ ],
422
+ "kubernetes.workload.name": {
423
+ "key": "x-ibm-finding.x_workload_name",
424
+ "object": "finding"
425
+ },
426
+ "kubernetes.workload.type": {
427
+ "key": "x-ibm-finding.x_workload_type",
428
+ "object": "finding"
429
+ },
430
+ "aws.accountId": {
431
+ "key": "x-cloud-provider.account_id",
432
+ "object": "cloud_provider"
433
+ },
434
+ "cloudProvider.name": {
435
+ "key": "x-cloud-provider.name",
436
+ "object": "cloud_provider"
437
+ },
438
+ "aws.region": {
439
+ "key": "x-cloud-provider.region",
440
+ "object": "cloud_provider"
441
+ },
442
+ "aws.instanceId": {
443
+ "key": "x-cloud-resource.aws_instance_id",
444
+ "object": "cloud_resource"
445
+ }
446
+ },
447
+ "timestamp": [
448
+ {
449
+ "key": "first_observed",
450
+ "transformer": "TimestampConversion"
451
+ },
452
+ {
453
+ "key": "last_observed",
454
+ "transformer": "TimestampConversion"
455
+ }
456
+ ]
457
+ },
458
+ "from_stix_map": {
459
+ "mac-addr": {
460
+ "fields": {
461
+ "value": [
462
+ "machineId"
463
+ ]
464
+ }
465
+ },
466
+ "x-oca-asset": {
467
+ "fields": {
468
+ "hostname": [
469
+ "host.hostName"
470
+ ],
471
+ "extensions.'x-oca-container-ext'.container_id": [
472
+ "containerId"
473
+ ],
474
+ "extensions.'x-oca-container-ext'.name": [
475
+ "container.name"
476
+ ],
477
+ "extensions.'x-oca-container-ext'.image_id": [
478
+ "container.image.id"
479
+ ],
480
+ "extensions.'x-oca-container-ext'.x_repo": [
481
+ "container.image.repo"
482
+ ],
483
+ "extensions.'x-oca-container-ext'.x_tag": [
484
+ "container.image.tag"
485
+ ],
486
+ "extensions.'x-oca-container-ext'.x_digest": [
487
+ "container.image.digest"
488
+ ],
489
+ "extensions.'x-oca-pod-ext'.pod_name": [
490
+ "container.label.io.kubernetes.pod.name"
491
+ ],
492
+ "extensions.'x-oca-pod-ext'.x_namespace": [
493
+ "container.label.io.kubernetes.pod.namespace"
494
+ ]
495
+ }
496
+ },
497
+ "x-ibm-finding": {
498
+ "fields": {
499
+ "name": [
500
+ "ruleName"
501
+ ],
502
+ "severity": [
503
+ "severity"
504
+ ],
505
+ "x_category": [
506
+ "category"
507
+ ],
508
+ "x_threat_originator": [
509
+ "originator"
510
+ ],
511
+ "x_threat_source": [
512
+ "source"
513
+ ],
514
+ "x_agent_id": [
515
+ "agentId"
516
+ ]
517
+ }
518
+ },
519
+ "x-sysdig-cluster": {
520
+ "fields": {
521
+ "name": [
522
+ "kubernetes.cluster.name"
523
+ ],
524
+ "namespace": [
525
+ "kubernetes.namespace.name"
526
+ ]
527
+ }
528
+ },
529
+ "x-sysdig-deployment": {
530
+ "fields": {
531
+ "name": [
532
+ "kubernetes.deployment.name"
533
+ ]
534
+ }
535
+ },
536
+ "x-sysdig-policy": {
537
+ "fields": {
538
+ "rule_name": [
539
+ "ruleName"
540
+ ],
541
+ "rule_type": [
542
+ "ruleType"
543
+ ],
544
+ "rule_subtype": [
545
+ "ruleSubType"
546
+ ],
547
+ "policy_id": [
548
+ "policyId"
549
+ ]
550
+ }
551
+ },
552
+ "x-cloud-provider": {
553
+ "fields": {
554
+ "account_id": [
555
+ "aws.accountId"
556
+ ],
557
+ "name": [
558
+ "cloudProvider.name"
559
+ ],
560
+ "region": [
561
+ "aws.region"
562
+ ]
563
+ }
564
+ }
565
+ },
566
+ "operators": {
567
+ "ComparisonExpressionOperators.And": "and",
568
+ "ComparisonExpressionOperators.Or": "or",
569
+ "ComparisonComparators.Equal": "=",
570
+ "ComparisonComparators.NotEqual": "!=",
571
+ "ComparisonComparators.GreaterThan": ">",
572
+ "ComparisonComparators.GreaterThanOrEqual": ">=",
573
+ "ComparisonComparators.LessThan": "<",
574
+ "ComparisonComparators.LessThanOrEqual": "<=",
575
+ "ComparisonComparators.In": "in",
576
+ "ObservationOperators.Or": "or",
577
+ "ObservationOperators.And": "or"
578
+ }
579
+ }
580
+ },
581
+ "unmapped_fallback": {
582
+ "type": "boolean",
583
+ "default": false,
584
+ "optional": true,
585
+ "hidden": true
586
+ },
587
+ "stix_2.1": {
588
+ "type": "boolean",
589
+ "default": false,
590
+ "optional": true,
591
+ "hidden": true
592
+ }
593
+ }
594
+ },
595
+ "configuration": {
596
+ "auth": {
597
+ "type": "fields",
598
+ "token": {
599
+ "type": "password"
600
+ }
601
+ }
602
+ }
603
+ }
stix_shifter_modules/sysdig/configuration/dialects.json ADDED
@@ -0,0 +1,6 @@
1
+ {
2
+ "default": {
3
+ "language": "stix",
4
+ "default": true
5
+ }
6
+ }