Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-08 12:33:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b4314c07df1decf9cd2c8a23663ce46044b610c2
marcredhat-siem-toolkit-pat…/backend
T
History
Mick 7b4eceefb8 Fix MITRE extraction to use actual S1 API structure + use generatedAlerts for firing status 
MITRE fix:
- S1 platform-rules API returns rule["mitre"] = [{tactic, techniques:[{id,title}]}]
  not the flat field names we were checking — updated _extract_mitre to handle
  this as the primary path, keeping flat field fallback for STAR rules
- generatedAlerts field on each platform rule stored in raw JSON during import

Firing status fix:
- sync-rule-firing now reads generatedAlerts from ParsedRule.raw as fast path
  (instant, no SDL PowerQuery needed) since it's returned directly by the
  platform-rules API on every library sync
- SDL PowerQuery retained as fallback for rules imported from detections.json

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 10:42:48 -04:00
..
routers
Fix MITRE extraction to use actual S1 API structure + use generatedAlerts for firing status
2026-05-22 10:42:48 -04:00
services
Cherry-pick improvements from PR #2 (marcredhat)
2026-05-22 10:11:42 -04:00
db.py
Add MITRE ATT&CK heatmap and detection rule firing status
2026-05-22 10:25:45 -04:00
Dockerfile
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00
main.py
Add MITRE ATT&CK heatmap and detection rule firing status
2026-05-22 10:25:45 -04:00
requirements.txt
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00