Settings accepting OpenSearch DSL query syntax as JSON/Yaml are not parsed correctly

misje / opencti-wazuh-connector

OpenCTI–Wazuh connector looking for indicators in Wazuh and creating sightings

https://misje.github.io/opencti-wazuh-connector/

Apache License 2.0

15 stars 1 forks source link

Settings accepting OpenSearch DSL query syntax as JSON/Yaml are not parsed correctly #23

Open misje opened 6 months ago

misje commented 6 months ago

The settings

exclude_match
filter
include_match

all support JSON (or yaml) for specifying potentially complex DSL queries. However, they are parsed into a pydantic model that does not match the DSL syntax. Either make a note of this in the documentation, or parse actual DSL from config files (in addition to the simplified string syntax).