Adding Sysdig connector

stix_shifter_modules/sysdig/configuration/config.json

@@ -0,0 +1,34 @@
+{
+    "connection": {
+        "type": {
+            "displayName": "Sysdig",
+            "group": "sysdig"
+        },
+        "host": {
+            "type": "text",
+            "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9_:/\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9_:/\\-]*[A-Za-z0-9])$"
+        },
+        "port": {
+            "type": "number",
+            "default": 443,
+            "min": 1,
+            "max": 65535
+        },
+        "help": {
+            "type": "link",
+            "default": "data-sources.html"
+        },
+        "selfSignedCert": {
+            "type": "password",
+            "optional": true
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type" : "fields",
+            "token": {
+                "type": "password"
+            }
+        }
+    }
+}

stix_shifter_modules/sysdig/configuration/lang_en.json

@@ -0,0 +1,28 @@
+{
+  "connection": {
+    "host": {
+      "label": "Management IP address or hostname",
+      "description": "Specify the IP address or hostname of the data source"
+    },
+    "port": {
+      "label": "Host port",
+      "description": "Set the port number that is associated with the hostname or IP address"
+    },
+    "help": {
+      "label": "Need additional help?",
+      "description": "More details on the data source setting can be found in the specified link"
+    },
+    "selfSignedCert": {
+      "label": "Sysdig connection certificate",
+      "description": "Use self-signed SSL certificate or CA content(root and intermediate) of data source"
+    }
+  },
+  "configuration": {
+    "auth": {
+      "token": {
+        "label": "API token",
+        "description": "Token with readonly access to the Sysdig API"
+      }
+    }
+  }
+}

stix_shifter_modules/sysdig/entry_point.py

@@ -0,0 +1,12 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+
+
+class EntryPoint(BaseEntryPoint):
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        self.set_async(False)
+        if connection:
+            self.setup_transmission_basic(connection, configuration)
+
+        self.setup_translation_simple(dialect_default='default')

stix_shifter_modules/sysdig/stix_translation/json/config_map.json

@@ -0,0 +1,32 @@
+{
+  "int_supported_fields": [
+    "severity",
+    "ruleType",
+    "ruleSubType",
+    "policyId",
+    "agentId",
+    "aws.accountId"
+  ],
+  "string_supported_fields": [
+    "kubernetes.cluster.name",
+    "kubernetes.namespace.name",
+    "kubernetes.deployment.name",
+    "containerId",
+    "container.name",
+    "container.image.id",
+    "container.image.repo",
+    "container.image.tag",
+    "container.image.digest",
+    "container.label.io.kubernetes.pod.namespace",
+    "ruleName",
+    "category",
+    "originator",
+    "source",
+    "host.hostName",
+    "cloudProvider.name",
+    "aws.region"
+  ],
+  "mac_supported_fields": [
+    "machineId"
+  ]
+}

stix_shifter_modules/sysdig/stix_translation/json/from_stix_map.json

@@ -0,0 +1,107 @@
+{
+  "mac-addr": {
+    "fields": {
+      "value": [
+        "machineId"
+      ]
+    }
+  },
+  "x-oca-asset": {
+    "fields": {
+      "hostname": [
+        "host.hostName"
+      ],
+      "extensions.'x-oca-container-ext'.container_id": [
+        "containerId"
+      ],
+      "extensions.'x-oca-container-ext'.name": [
+        "container.name"
+      ],
+      "extensions.'x-oca-container-ext'.image_id": [
+        "container.image.id"
+      ],
+      "extensions.'x-oca-container-ext'.x_repo": [
+        "container.image.repo"
+      ],
+      "extensions.'x-oca-container-ext'.x_tag": [
+        "container.image.tag"
+      ],
+      "extensions.'x-oca-container-ext'.x_digest": [
+        "container.image.digest"
+      ],
+      "extensions.'x-oca-pod-ext'.x_namespace": [
+        "container.label.io.kubernetes.pod.namespace"
+      ]
+    }
+  },
+  "x-ibm-finding": {
+    "fields": {
+      "name": [
+        "ruleName"
+      ],
+      "severity": [
+        "severity"
+      ],
+      "x_category": [
+        "category"
+      ],
+      "x_threat_originator": [
+        "originator"
+      ],
+      "x_threat_source": [
+        "source"
+      ],
+      "x_agent_id": [
+        "agentId"
+      ]
+    }
+  },
+  "x-sysdig-cluster": {
+    "fields": {
+      "name": [
+        "kubernetes.cluster.name"
+      ],
+      "namespace": [
+        "kubernetes.namespace.name"
+      ]
+    }
+  },
+  "x-sysdig-deployment": {
+    "fields": {
+      "name": [
+        "kubernetes.deployment.name"
+      ]
+    }
+  },
+  "x-sysdig-policy": {
+    "fields": {
+      "rule_name": [
+        "ruleName"
+      ],
+      "rule_type": [
+        "ruleType"
+      ],
+      "rule_subtype": [
+        "ruleSubType"
+      ],
+      "policy_id": [
+        "policyId"
+      ]
+    }
+  },
+  "x-cloud-provider": {
+    "fields": {
+      "account_id": [
+        "aws.accountId"
+      ],
+      "name": [
+        "cloudProvider.name"
+      ],
+      "region": [
+        "aws.region"
+      ]
+    }
+  }
+}
+
+

stix_shifter_modules/sysdig/stix_translation/json/operators.json

@@ -0,0 +1,13 @@
+{
+  "ComparisonExpressionOperators.And": "and",
+  "ComparisonExpressionOperators.Or": "or",
+  "ComparisonComparators.Equal": "=",
+  "ComparisonComparators.NotEqual": "!=",
+  "ComparisonComparators.GreaterThan": ">",
+  "ComparisonComparators.GreaterThanOrEqual": ">=",
+  "ComparisonComparators.LessThan": "<",
+  "ComparisonComparators.LessThanOrEqual": "<=",
+  "ComparisonComparators.In": "in",
+  "ObservationOperators.Or": "or",
+  "ObservationOperators.And": "or"
+}

stix_shifter_modules/sysdig/stix_translation/json/stix_2_1/from_stix_map.json

@@ -0,0 +1,107 @@
+{
+  "mac-addr": {
+    "fields": {
+      "value": [
+        "machineId"
+      ]
+    }
+  },
+  "x-oca-asset": {
+    "fields": {
+      "hostname": [
+        "host.hostName"
+      ],
+      "extensions.'x-oca-container-ext'.container_id": [
+        "containerId"
+      ],
+      "extensions.'x-oca-container-ext'.name": [
+        "container.name"
+      ],
+      "extensions.'x-oca-container-ext'.image_id": [
+        "container.image.id"
+      ],
+      "extensions.'x-oca-container-ext'.x_repo": [
+        "container.image.repo"
+      ],
+      "extensions.'x-oca-container-ext'.x_tag": [
+        "container.image.tag"
+      ],
+      "extensions.'x-oca-container-ext'.x_digest": [
+        "container.image.digest"
+      ],
+      "extensions.'x-oca-pod-ext'.x_namespace": [
+        "container.label.io.kubernetes.pod.namespace"
+      ]
+    }
+  },
+  "x-ibm-finding": {
+    "fields": {
+      "name": [
+        "ruleName"
+      ],
+      "x_severity": [
+        "severity"
+      ],
+      "x_category": [
+        "category"
+      ],
+      "x_threat_originator": [
+        "originator"
+      ],
+      "x_threat_source": [
+        "source"
+      ],
+      "x_agent_id": [
+        "agentId"
+      ]
+    }
+  },
+  "x-sysdig-cluster": {
+    "fields": {
+      "name": [
+        "kubernetes.cluster.name"
+      ],
+      "namespace": [
+        "kubernetes.namespace.name"
+      ]
+    }
+  },
+  "x-sysdig-deployment": {
+    "fields": {
+      "name": [
+        "kubernetes.deployment.name"
+      ]
+    }
+  },
+  "x-sysdig-policy": {
+    "fields": {
+      "rule_name": [
+        "ruleName"
+      ],
+      "rule_type": [
+        "ruleType"
+      ],
+      "rule_subtype": [
+        "ruleSubType"
+      ],
+      "policy_id": [
+        "policyId"
+      ]
+    }
+  },
+  "x-cloud-provider": {
+    "fields": {
+      "account_id": [
+        "aws.accountId"
+      ],
+      "name": [
+        "cloudProvider.name"
+      ],
+      "region": [
+        "aws.region"
+      ]
+    }
+  }
+}
+
+