Added macro for attack data query

dlamspl · dlamspl · commit 4087f286d1bb · 2020-04-16T16:22:59.000+04:00
diff --git a/local/data/ui/views/attack_range_main_dashboard.xml b/local/data/ui/views/attack_range_main_dashboard.xml
@@ -1,6 +1,6 @@
 <form theme="dark">
   <search id="BaseSearch">
-    <query>index="attack" Technique!="Technique" Technique!=""
+    <query>`get_attack_data`
       | sseidenrichment type=mitreid field=Technique 
       | eval mitre_id = Technique+" - "+mitre_technique_display, atomic_test= 'Test Number'+"-"+'Test Name'
       |lookup mitre_matrix_list_ar Technique AS mitre_technique_display
@@ -234,7 +234,7 @@
       <title>Possible Analytic stories</title>
       <table>
         <search>
-          <query>index="attack" Technique!="Technique"
+          <query>`get_attack_data`
 | sseidenrichment type=mitreid field=Technique 
 | eval mitre_id = Technique+" - "+mitre_technique_display, atomic_test= 'Test Number'+"-"+'Test Name'
 |lookup mitre_matrix_list_ar Technique AS mitre_technique_display
diff --git a/local/macros.conf b/local/macros.conf
@@ -0,0 +1,3 @@
+[get_attack_data]
+definition = index="attack" Technique!="Technique" Technique!="" Technique!="T1531"
+iseval = 0
diff --git a/metadata/local.meta b/metadata/local.meta
@@ -11,7 +11,7 @@ access = read : [ * ]
 export = none
 owner = admin
 version = 8.0.1
-modtime = 1586941209.657182000
+modtime = 1587039557.989469000
 
 [views/attack_range_navigator]
 access = read : [ * ]
@@ -55,3 +55,10 @@ export = none
 owner = admin
 version = 8.0.1
 modtime = 1586924042.816955000
+
+[macros/get_attack_data]
+access = read : [ * ]
+export = none
+owner = admin
+version = 8.0.1
+modtime = 1587039526.751615000

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[get_attack_data]`
	`2`	`+definition = index="attack" Technique!="Technique" Technique!="" Technique!="T1531"`
	`3`	`+iseval = 0`