Merge pull request #163 from UncoderIO/gis-case-insensitive-sigma-mapping

Gis case insensitive sigma mapping

Author: tarnopolskyi

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml

@@ -11,4 +11,4 @@ field_mapping:
   dns_query_name: xdm.network.dns.dns_question.name
   QueryName: xdm.network.dns.dns_question.name
   query: xdm.network.dns.dns_question.name
-  dns-record-type: xdm.network.dns.dns_question.type
+  dns-record-type: xdm.network.dns.dns_question.type

uncoder-core/app/translator/mappings/platforms/qradar/default.yml

@@ -75,4 +75,4 @@ field_mapping:
   EventSeverity: EventSeverity
   Source: 
     - Source
-    - source
+    - source

uncoder-core/app/translator/platforms/sigma/mapping.py

@@ -19,9 +19,9 @@ def __init__(
     def is_suitable(
         self, service: Optional[list[str]], product: Optional[list[str]], category: Optional[list[str]]
     ) -> bool:
-        product_match = set(product or []).issubset(self.products) if product else False
-        category_match = set(category or []).issubset(self.categories) if category else False
-        service_match = set(service or []).issubset(self.services) if service else False
+        product_match = set(product_.lower() for product_ in product or []).issubset(self.products) if product else False
+        category_match = set(category_.lower() for category_ in category or []).issubset(self.categories) if category else False
+        service_match = set(service_.lower() for service_ in service or [] or []).issubset(self.services) if service else False
         if not product and not service:
             return category_match
         return product_match and service_match or product_match and category_match