Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-08 12:33:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b4eceefb8815b0240975af8f15042a62f944fef
marcredhat-siem-toolkit-pat…/backend/routers
T
History
Mick 7b4eceefb8 Fix MITRE extraction to use actual S1 API structure + use generatedAlerts for firing status 
MITRE fix:
- S1 platform-rules API returns rule["mitre"] = [{tactic, techniques:[{id,title}]}]
  not the flat field names we were checking — updated _extract_mitre to handle
  this as the primary path, keeping flat field fallback for STAR rules
- generatedAlerts field on each platform rule stored in raw JSON during import

Firing status fix:
- sync-rule-firing now reads generatedAlerts from ParsedRule.raw as fast path
  (instant, no SDL PowerQuery needed) since it's returned directly by the
  platform-rules API on every library sync
- SDL PowerQuery retained as fallback for rules imported from detections.json

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 10:42:48 -04:00
..
__init__.py
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00
coverage.py
Fix MITRE extraction to use actual S1 API structure + use generatedAlerts for firing status
2026-05-22 10:42:48 -04:00
ingest.py
Cherry-pick improvements from PR #2 (marcredhat)
2026-05-22 10:11:42 -04:00
quality.py
Add unlabelled event detection, stub parser quality, Sync All, and modern UI redesign
2026-05-22 10:00:21 -04:00
settings.py
Add unlabelled event detection, stub parser quality, Sync All, and modern UI redesign
2026-05-22 10:00:21 -04:00