kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ec26183e2e7160deae6930095851d2325c1fe1c3
Aegis/backend/app/models/detection_rule.py
T
kitos ec26183e2e refactor(pep8): enforce full PEP8 compliance across backend Python codebase 
- ruff.toml: select E/W/F/I/N rules, line-length=120, drop legacy ignores
- Auto-fix: sort 82 import blocks (isort), remove 29 unused imports,
  strip 6 trailing-whitespace blank lines in docstrings
- main.py: move setup_logging and settings imports to top (E402)
- errors.py: noqa N818 on DDD exception names (96 call sites, safe)
- intel_service.py: noqa N817 for universal ET alias
- atomic/elastic/sigma import services: move _MAX_UNCOMPRESSED_SIZE and
  _MAX_ENTRIES to module level (N806)
- compliance_import_service.py: move SAMPLE_CONTROLS / CIS_CONTROLS to
  module level; wrap long description strings (N806 + E501)
- snapshot_service.py: move STATUS_ORDER dict to module level (N806)
- sigma_import_service.py: remove dead dedup_key expression (F841)
- threat_actor_import_service.py: remove dead stix_to_actor expression (F841)
- data_source.py, seed_demo.py, campaign_scheduler_service.py,
  lolbas_import_service.py: wrap lines exceeding 120 chars (E501)
- d3fend_import_service.py: per-file E501 ignore (data file with long strings)

All 439 unit tests pass. ruff check app/ → All checks passed!

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 16:40:14 +02:00

42 lines
1.9 KiB
Python
Raw Blame History

"""DetectionRule model — detection rules from multiple sources."""
import uuid
from sqlalchemy import Boolean, Column, DateTime, Index, String, Text, func
from sqlalchemy.dialects.postgresql import JSONB, UUID
from app.database import Base
class DetectionRule(Base):
"""
Detection rule from an external source (Sigma, Elastic, Splunk, custom).
Each rule is mapped to one MITRE ATT&CK technique via
``mitre_technique_id`` and stores the complete rule content in
``rule_content``.
"""
__tablename__ = "detection_rules"
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
mitre_technique_id = Column(String, nullable=False) # e.g. "T1059.001"
title = Column(String, nullable=False)
description = Column(Text, nullable=True)
source = Column(String, nullable=False) # sigma / elastic / splunk / custom
source_id = Column(String, nullable=True) # ID in the source repo (for dedup)
source_url = Column(String, nullable=True)
rule_content = Column(Text, nullable=False) # YAML / KQL / SPL content
rule_format = Column(String, nullable=False) # sigma_yaml / kql / spl / custom
severity = Column(String, nullable=True) # informational / low / medium / high / critical
platforms = Column(JSONB, nullable=True, default=[])
log_sources = Column(JSONB, nullable=True) # e.g. {"product": "windows", "service": "sysmon"}
false_positive_rate = Column(String, nullable=True) # low / medium / high
is_active = Column(Boolean, default=True)
created_at = Column(DateTime(timezone=True), server_default=func.now())
__table_args__ = (
Index('ix_detection_rules_mitre_technique_id', 'mitre_technique_id'),
Index('ix_detection_rules_source', 'source'),
Index('ix_detection_rules_severity', 'severity'),
)
Reference in New Issue View Git Blame Copy Permalink