Sync upstream features; preserve fork KV scanner, parsers, verifier

Brought in 35 upstream commits (MITRE heatmap, health score, dependency map, PowerQuery playground, onboarding tracker, product grouping, modern UI redesign). Preserved fork additions: backend/routers/quality.py KV scanner, pattern refs, JS keys, JSON mode, /parsers + /sync-from-sdl endpoints parsers/ 96 OCSF + tenant parsers tools/stormshield-verify/ end-to-end ingest regression test .gitignore un-ignored parsers/* CHANGES.md, PATCHES.md
2026-06-08 12:33:51 +00:00 · 2026-05-22 18:19:52 +02:00
parent a7ebcac9a6
commit 7c1687efce
102 changed files with 13912 additions and 178 deletions
@@ -0,0 +1,12 @@
+{
+  searches: [
+    {
+      title: "marc - Impossible traveller 2",
+      url: "/events/pq?_scopeId=2387775029058663326&_scopeLevel=site&_categoryId=eventSearch&startTime=4+hours&endTime=NOW&filter=%7C+sql+join+baseline+%3D+%28%0AdataSource.vendor%3D%27Microsoft%27+dataSource.category+%3D+%27security%27+event.type%3D%27Logon%27%0A%7C+columns+actor.user.email_addr%2C+device.ip%2C+geo_ip_state%28device.ip%29%0A%7C+group+login_freq_by_state%3Dcount%28%29+by+email_addr%3Dlower%28actor.user.email_addr%29%2Cstate%3Dgeo_ip_state%28device.ip%29%0A%7C+columns+email_addr%2Cstate%2Clogin_freq_by_state%0A%2F%2Fthe+sort+below+is+necessary+because+it+ensure+that+the+order+of+rows+is+preserved+when+using+array_ag++%0A%7C+sort+%2Bemail_addr%2C-login_freq_by_state%0A%7C+group+baseline_login_freq_by_state%3Dmax%28login_freq_by_state%29%2C+states%3Darray_agg%28state%29+by+email_addr%0A%7C+columns+email_addr%2Cstate%3Darray_get%28states%2C0%29%2Cbaseline_login_freq_by_state%0A%29%2C%0Alogons+%3D+%28%0AdataSource.vendor%3D%27Microsoft%27+dataSource.category+%3D+%27security%27+event.type%3D%27Logon%27%0A%2F%2F%7C+columns+actor.user.email_addr%2C+unmapped.UserId%2C+event.type%2C+device.ip%2C+geo_ip_state%28device.ip%29%0A%7C+group+deviation_login_count%3Dcount%28event.type%29%2Cdeviation_ip_addresses%3Darray_agg_distinct%28device.ip%29+by+email_addr%3Dlower%28actor.user.email_addr%29%2C+deviation_country%3Dgeo_ip_country%28device.ip%29%2C+state%3Dgeo_ip_state%28device.ip%29%0A%29+on+baseline.email_addr%3D%3Dlogons.email_addr%0A%7Cfilter+baseline.state%21%3Dlogons.state%0A%7C+columns+email_addr%2Cbaseline.state%2C+baseline_login_freq_by_state%2Cdeviation_login_source%3Dformat%28%22%25s+%28%25s%29%22%2Clogons.state%2Cdeviation_country%29%2Cdeviation_login_count%2C+deviation_ip_addresses"
+    },
+    {
+      title: "marc - Impossible traveller IP tets",
+      url: "/events/pq?_scopeId=2387775029058663326&_scopeLevel=site&_categoryId=eventSearch&startTime=72+hours&endTime=NOW&filter=%7C+sql+join+baseline+%3D+%28%0AdataSource.vendor%3D%27Microsoft%27+dataSource.category+%3D+%27security%27+event.type%3D%27Logon%27%0A%7C+columns+actor.user.email_addr%2C+device.ip%0A%7C+group+login_freq_by_ip%3Dcount%28%29+by+email_addr%3Dlower%28actor.user.email_addr%29%2Cdevice.ip%0A%7C+columns+email_addr%2Cdevice.ip%2Clogin_freq_by_ip%0A%2F%2Fthe+sort+below+is+necessary+because+it+ensure+that+the+order+of+rows+is+preserved+when+using+array_ag++%0A%7C+sort+%2Bemail_addr%2C-login_freq_by_ip%0A%7C+group+baseline_login_freq_by_ip%3Dmax%28login_freq_by_ip%29%2C+ips%3Darray_agg%28device.ip%29+by+email_addr%0A%7C+columns+email_addr%2Cip%3Darray_get%28ips%2C0%29%2Cbaseline_login_freq_by_ip%0A%29%2C%0Alogons+%3D+%28%0AdataSource.vendor%3D%27Microsoft%27+dataSource.category+%3D+%27security%27+event.type%3D%27Logon%27%0A%2F%2F%7C+columns+actor.user.email_addr%2C+unmapped.UserId%2C+event.type%2C+device.ip%0A%7C+group+deviation_login_count%3Dcount%28event.type%29%2Cdeviation_ip_addresses%3Darray_agg_distinct%28device.ip%29+by+email_addr%3Dlower%28actor.user.email_addr%29%2C+deviation_ip%3Ddevice.ip%29+on+baseline.email_addr%3D%3Dlogons.email_addr%0A"
+    }
+  ]
+}