Merge remote-tracking branch 'origin/release/v11.2.2' into release/v11.2.2

Author: mjabascal10

etc/scripts/Pipfile

@@ -1,4 +1,4 @@
-# Sophos_XG filter, version 3.0.2
+# Sophos_XG filter, version 3.0.4
 # Supports SF 20.0 version log types
 # See manual: https://docs.sophos.com/nsg/sophos-firewall/20.0/pdf/sf-syslog-guide-20.0.pdf
 # and documentation https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/TroubleshootingLogs/LogFileDetails/index.html#https-ftp-waf
@@ -11,7 +11,7 @@ pipeline:
       - grok:
           patterns:
             - fieldName: log.syslogPriority
-              pattern: '\<{{.data}}\>'
+              pattern: '\<{{.integer}}\>'
             - fieldName: log.syslogVersion
               pattern: '{{.integer}}'
             - fieldName: log.syslogDeviceTime
@@ -29,7 +29,7 @@ pipeline:
       - grok:
           patterns:
             - fieldName: log.syslogPriority
-              pattern: '\<{{.data}}\>'
+              pattern: '\<{{.integer}}\>'
             - fieldName: log.restData
               pattern: '{{.greedy}}'
           source: raw

etc/scripts/Pipfile.lock

@@ -1,8 +1,8 @@
 import {Component, Input, OnInit} from '@angular/core';
 import {UtmModulesEnum} from '../../shared/enum/utm-module.enum';
+import {PLATFORMS} from "../shared/constant";
 import {Step} from '../shared/step';
 import {SYSLOGSTEPS} from './syslog.steps';
-import {PLATFORMS} from "../shared/constant";
 
 @Component({
   selector: 'app-guide-syslog',
@@ -45,7 +45,6 @@ export class GuideSyslogComponent implements OnInit {
     {module: UtmModulesEnum.DECEPTIVE_BYTES, port: '7010 TCP'},
     {module: UtmModulesEnum.DECEPTIVE_BYTES, port: '7010 UDP'},
 
-    {module: UtmModulesEnum.SOPHOS_XG, port: '7008 TCP'},
     {module: UtmModulesEnum.SOPHOS_XG, port: '7008 UDP'},
 
     {module: UtmModulesEnum.SYSLOG, port: '7014 TCP'},

etc/scripts/README.md

@@ -124,7 +124,6 @@ export class ImportRuleComponent implements OnInit, OnDestroy {
             dataTypes: file.dataTypes && file.dataTypes.length > 0 ? file.dataTypes : []
           };
       });
-      console.log('filesWithDataTypes', filesWithDataTypes);
 
       // Fetch and filter data types for each file
       forkJoin(
@@ -147,7 +146,7 @@ export class ImportRuleComponent implements OnInit, OnDestroy {
                 integrity: file.impact.integrity || 0,
                 availability: file.impact.availability || 0,
                 definition: file.where || '',
-                afterEvents: file.afterEvents || [],
+                afterEvents: file.afterEvents || file.correlation || [],
                 dataTypes: filteredDataTypes.filter(dt => !!dt)
               }))
             ),

etc/scripts/brute_force_office365.py

@@ -157,6 +157,7 @@ export class ImportRuleService {
       'impact',
       'where',
       'afterEvents',
+      'correlation',
       'name',
       'adversary',
       'confidentiality',