diff --git a/MANIFEST.in b/MANIFEST.in index 62bb7bebf..6ef2cb45b 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,4 +5,10 @@ include *.md include LICENSE.txt # Include JSON files +include stix_shifter/stix_translation/src/modules/aws_security_hub/json/*.json +include stix_shifter/stix_translation/src/modules/bigfix/json/*.json +include stix_shifter/stix_translation/src/modules/car/json/*.json +include stix_shifter/stix_translation/src/modules/csa/json/*.json +include stix_shifter/stix_translation/src/modules/dummy/json/*.json include stix_shifter/stix_translation/src/modules/qradar/json/*.json +include stix_shifter/stix_translation/src/modules/splunk/json/*.json diff --git a/stix_shifter/stix_translation/src/modules/splunk/stix_to_splunk.py b/stix_shifter/stix_translation/src/modules/splunk/stix_to_splunk.py index e07f1eb0d..89e045829 100644 --- a/stix_shifter/stix_translation/src/modules/splunk/stix_to_splunk.py +++ b/stix_shifter/stix_translation/src/modules/splunk/stix_to_splunk.py @@ -31,7 +31,7 @@ def transform_query(self, data, options, mapping=None): query_object = generate_query(data) data_mapper = options.get('data_mapper') mapping = options.get('mapping') - fields = options.get('fields') + fields = options.get('select_fields') if not data_mapper: data_mapper_module = cim_data_mapping diff --git a/tests/stix_translation/test_splunk_stix_to_spl.py b/tests/stix_translation/test_splunk_stix_to_spl.py index c28218f09..86df48de8 100644 --- a/tests/stix_translation/test_splunk_stix_to_spl.py +++ b/tests/stix_translation/test_splunk_stix_to_spl.py @@ -159,7 +159,7 @@ def test_custom_mapping(self): options = { "timerange": timerange, "result_limit": result_limit, - "mapping": { + "mapping": { "mac-addr": { "cim_type": "flow", "fields": { @@ -173,7 +173,7 @@ def test_custom_mapping(self): } } }, - "fields": { + "select_fields": { "default": [ "src_ip",