in hunting/__main__.py [0:0]
def hunt_summary(breakdown: str):
"""
Generate a summary of hunt queries, broken down by platform, integration, or language.
"""
click.echo(f"Generating hunt summary broken down by {breakdown}...")
# Load all hunt queries
all_hunts = load_all_toml(HUNTING_DIR)
# Use Counter for more concise counting
platform_counter = Counter()
integration_counter = Counter()
language_counter = Counter()
for hunt, path in all_hunts:
# Get the platform based on the folder name
platform = path.parent.parent.stem
platform_counter[platform] += 1
# Count integrations
integration_counter.update(hunt.integration)
# Count languages, renaming 'SQL' to 'OSQuery'
languages = ['OSQuery' if lang == 'SQL' else lang for lang in hunt.language]
language_counter.update(languages)
# Prepare and display the table based on the selected breakdown
if breakdown == 'platform':
table_data = [[platform, count] for platform, count in platform_counter.items()]
table_headers = ["Platform (Folder)", "Hunt Count"]
elif breakdown == 'integration':
table_data = [[integration, count] for integration, count in integration_counter.items()]
table_headers = ["Integration", "Hunt Count"]
elif breakdown == 'language':
table_data = [[language, count] for language, count in language_counter.items()]
table_headers = ["Language", "Hunt Count"]
click.echo(tabulate(table_data, headers=table_headers, tablefmt="fancy_grid"))