Improved test coverage

rkondracki · Jun 5, 2020 · c992dc5 · c992dc5
1 parent 5d88d97
commit c992dc5
Showing 1 changed file with 3 additions and 9 deletions.
diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py
@@ -32,7 +32,6 @@ def _impl(self, method_args):
             return
     return _impl
 
-
 class WindowsDefenderATPBackend(SingleTextQueryBackend):
     """Converts Sigma rule into Microsoft Defender ATP Hunting Queries."""
     identifier = "mdatp"
@@ -188,14 +187,9 @@ def decompose_user(self, src_field, src_value):
 
     def generate(self, sigmaparser):
         self.table = None
-        try:
-            self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None)
-            self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None)
-            self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None)
-        except KeyError:
-            self.category = None
-            self.product = None
-            self.service = None
+        self.category = sigmaparser.parsedyaml['logsource'].get('category')
+        self.product = sigmaparser.parsedyaml['logsource'].get('product')
+        self.service = sigmaparser.parsedyaml['logsource'].get('service')
 
         if (self.category, self.product, self.service) == ("process_creation", "windows", None):
             self.table = "DeviceProcessEvents"