From f0d079ea32339cd66d650ea9ef37954761de0539 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Thu, 4 Jul 2024 08:46:08 +0200 Subject: [PATCH] chg: [app] Renamed query-comparison with query-mirror --- exercise.py | 12 ++++++------ exercises/basic-filtering.json | 16 ++++++++-------- exercises/ransomware-encoding.json | 1 + inject_evaluator.py | 2 +- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/exercise.py b/exercise.py index 850cccd..25f4696 100644 --- a/exercise.py +++ b/exercise.py @@ -10,7 +10,7 @@ from typing import Union import jq import db -from inject_evaluator import eval_data_filtering, eval_query_comparison +from inject_evaluator import eval_data_filtering, eval_query_mirror import misp_api import config from config import logger @@ -352,10 +352,10 @@ def inject_checker_router(user_id: int, inject_evaluation: dict, data: dict, con if inject_evaluation['evaluation_strategy'] == 'data_filtering': return eval_data_filtering(user_id, inject_evaluation, data_to_validate) - elif inject_evaluation['evaluation_strategy'] == 'query_comparison': + elif inject_evaluation['evaluation_strategy'] == 'query_mirror': expected_data = data_to_validate['expected_data'] data_to_validate = data_to_validate['data_to_validate'] - return eval_query_comparison(user_id, expected_data, data_to_validate) + return eval_query_mirror(user_id, expected_data, data_to_validate) return False @@ -364,9 +364,9 @@ def get_data_to_validate(user_id: int, inject_evaluation: dict, data: dict) -> U if inject_evaluation['evaluation_strategy'] == 'data_filtering': event_id = parse_event_id_from_log(data) data_to_validate = fetch_data_for_data_filtering(event_id=event_id) - elif inject_evaluation['evaluation_strategy'] == 'query_comparison': + elif inject_evaluation['evaluation_strategy'] == 'query_mirror': perfomed_query = parse_performed_query_from_log(data) - data_to_validate = fetch_data_for_query_comparison(user_id, inject_evaluation, perfomed_query) + data_to_validate = fetch_data_for_query_mirror(user_id, inject_evaluation, perfomed_query) return data_to_validate @@ -419,7 +419,7 @@ def fetch_data_for_data_filtering(event_id=None) -> Union[None, dict]: return data -def fetch_data_for_query_comparison(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]: +def fetch_data_for_query_mirror(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]: data = None authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id] if perfomed_query is not None: diff --git a/exercises/basic-filtering.json b/exercises/basic-filtering.json index a65a5a0..dc821f5 100644 --- a/exercises/basic-filtering.json +++ b/exercises/basic-filtering.json @@ -119,7 +119,7 @@ } ], "result": "Published 48h retreived", - "evaluation_strategy": "query_comparison", + "evaluation_strategy": "query_mirror", "evaluation_context": { "request_is_rest": true, "query_context": { @@ -134,7 +134,7 @@ } ], "name": "Get Published in the past 48h", - "target_tool": "MISP-query", + "target_tool": "MISP", "uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4" }, { @@ -150,7 +150,7 @@ } ], "result": "IP CSV retrieved", - "evaluation_strategy": "query_comparison", + "evaluation_strategy": "query_mirror", "evaluation_context": { "request_is_rest": true, "query_context": { @@ -165,7 +165,7 @@ } ], "name": "IP IoCs changed in the past 48h in CSV", - "target_tool": "MISP-query", + "target_tool": "MISP", "uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba" }, { @@ -180,7 +180,7 @@ } ], "result": "20 Attribute tagged retrieved", - "evaluation_strategy": "query_comparison", + "evaluation_strategy": "query_mirror", "evaluation_context": { "request_is_rest": true, "query_context": { @@ -195,7 +195,7 @@ } ], "name": "First 20 Attribute with TLP lower than `amber`", - "target_tool": "MISP-query", + "target_tool": "MISP", "uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88" }, { @@ -209,7 +209,7 @@ } ], "result": "Phising counted", - "evaluation_strategy": "query_comparison", + "evaluation_strategy": "query_mirror", "evaluation_context": { "request_is_rest": true, "query_context": { @@ -224,7 +224,7 @@ } ], "name": "Event count with `Phishing - T1566` involved", - "target_tool": "MISP-query", + "target_tool": "MISP", "uuid": "1da0fdc8-9d0d-4618-a811-66491e196833" } ] diff --git a/exercises/ransomware-encoding.json b/exercises/ransomware-encoding.json index 574a7d1..1e6930a 100644 --- a/exercises/ransomware-encoding.json +++ b/exercises/ransomware-encoding.json @@ -219,6 +219,7 @@ } ], "name": "Event Creation", + "description": "Create an Event containing `ransomware`", "target_tool": "MISP", "uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae" }, diff --git a/inject_evaluator.py b/inject_evaluator.py index 10a2f26..53cc1a1 100644 --- a/inject_evaluator.py +++ b/inject_evaluator.py @@ -145,5 +145,5 @@ def eval_data_filtering(user_id: int, inject_evaluation: dict, data: dict) -> bo ## Query comparison ## -def eval_query_comparison(user_id: int, expected_data, data_to_validate) -> bool: +def eval_query_mirror(user_id: int, expected_data, data_to_validate) -> bool: return expected_data == data_to_validate