forked from opensearch-project/security-analytics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add models and interfaces for rule engine
Signed-off-by: Chase Engelbrecht <[email protected]>
- Loading branch information
Showing
12 changed files
with
184 additions
and
0 deletions.
There are no files selected for viewing
4 changes: 4 additions & 0 deletions
4
src/main/java/org/opensearch/securityanalytics/ruleengine/RuleEngine.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
package org.opensearch.securityanalytics.ruleengine; | ||
|
||
public class RuleEngine { | ||
} |
9 changes: 9 additions & 0 deletions
9
src/main/java/org/opensearch/securityanalytics/ruleengine/evaluator/RuleEvaluator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package org.opensearch.securityanalytics.ruleengine.evaluator; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.Match; | ||
|
||
import java.util.List; | ||
|
||
public interface RuleEvaluator<T> { | ||
List<Match> evaluate(List<T> data); | ||
} |
13 changes: 13 additions & 0 deletions
13
...in/java/org/opensearch/securityanalytics/ruleengine/evaluator/StatelessRuleEvaluator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package org.opensearch.securityanalytics.ruleengine.evaluator; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.DataType; | ||
import org.opensearch.securityanalytics.ruleengine.model.Match; | ||
|
||
import java.util.List; | ||
|
||
public class StatelessRuleEvaluator implements RuleEvaluator<DataType> { | ||
@Override | ||
public List<Match> evaluate(final List<DataType> data) { | ||
return null; | ||
} | ||
} |
23 changes: 23 additions & 0 deletions
23
src/main/java/org/opensearch/securityanalytics/ruleengine/model/DataType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package org.opensearch.securityanalytics.ruleengine.model; | ||
|
||
import java.util.HashMap; | ||
import java.util.Map; | ||
|
||
public abstract class DataType { | ||
private final Map<String, String> dataTypeMetadata; | ||
|
||
public DataType() { | ||
this.dataTypeMetadata = new HashMap<>(); | ||
} | ||
|
||
abstract Object getValue(String fieldName); | ||
abstract String getTimeFieldName(); | ||
|
||
public void putDataTypeMetadata(final String key, final String value) { | ||
dataTypeMetadata.put(key, value); | ||
} | ||
|
||
public Map<String, String> getDataTypeMetadata() { | ||
return dataTypeMetadata; | ||
} | ||
} |
20 changes: 20 additions & 0 deletions
20
src/main/java/org/opensearch/securityanalytics/ruleengine/model/Match.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package org.opensearch.securityanalytics.ruleengine.model; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.rules.Rule; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
public class Match { | ||
private final DataType datum; | ||
private final List<Rule> rules; | ||
|
||
public Match(final DataType datum) { | ||
this.datum = datum; | ||
this.rules = new ArrayList<>(); | ||
} | ||
|
||
public void addRule(final Rule rule) { | ||
rules.add(rule); | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
src/main/java/org/opensearch/securityanalytics/ruleengine/parser/RuleParser.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
package org.opensearch.securityanalytics.ruleengine.parser; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.rules.ParsedRules; | ||
|
||
public interface RuleParser { | ||
ParsedRules parseRules(); | ||
} |
30 changes: 30 additions & 0 deletions
30
src/main/java/org/opensearch/securityanalytics/ruleengine/provider/RuleData.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package org.opensearch.securityanalytics.ruleengine.provider; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.DataType; | ||
|
||
import java.util.Map; | ||
import java.util.function.Predicate; | ||
|
||
public class RuleData { | ||
private final String ruleAsString; | ||
private final Predicate<DataType> evaluationCondition; | ||
private final Map<String, Object> metadata; | ||
|
||
public RuleData(final String ruleAsString, final Predicate<DataType> evaluationCondition, final Map<String, Object> metadata) { | ||
this.ruleAsString = ruleAsString; | ||
this.evaluationCondition = evaluationCondition; | ||
this.metadata = metadata; | ||
} | ||
|
||
public String getRuleAsString() { | ||
return ruleAsString; | ||
} | ||
|
||
public Predicate<DataType> getEvaluationCondition() { | ||
return evaluationCondition; | ||
} | ||
|
||
public Map<String, Object> getMetadata() { | ||
return metadata; | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
src/main/java/org/opensearch/securityanalytics/ruleengine/provider/RuleProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
package org.opensearch.securityanalytics.ruleengine.provider; | ||
|
||
import java.util.List; | ||
|
||
public interface RuleProvider { | ||
List<RuleData> getRuleData(); | ||
} |
21 changes: 21 additions & 0 deletions
21
src/main/java/org/opensearch/securityanalytics/ruleengine/rules/ParsedRules.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package org.opensearch.securityanalytics.ruleengine.rules; | ||
|
||
import java.util.List; | ||
|
||
public class ParsedRules { | ||
private final List<StatelessRule> statelessRules; | ||
private final List<StatefulRule> statefulRules; | ||
|
||
public ParsedRules(final List<StatelessRule> statelessRules, final List<StatefulRule> statefulRules) { | ||
this.statelessRules = statelessRules; | ||
this.statefulRules = statefulRules; | ||
} | ||
|
||
public List<StatelessRule> getStatelessRules() { | ||
return statelessRules; | ||
} | ||
|
||
public List<StatefulRule> getStatefulRules() { | ||
return statefulRules; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
src/main/java/org/opensearch/securityanalytics/ruleengine/rules/Rule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package org.opensearch.securityanalytics.ruleengine.rules; | ||
|
||
import java.util.function.Predicate; | ||
|
||
public abstract class Rule<T, U> { | ||
private final String id; | ||
private final Predicate<T> evaluationCondition; | ||
private final Predicate<U> ruleCondition; | ||
|
||
public Rule(final String id, final Predicate<T> evaluationCondition, final Predicate<U> ruleCondition) { | ||
this.id = id; | ||
this.evaluationCondition = evaluationCondition; | ||
this.ruleCondition = ruleCondition; | ||
} | ||
} |
20 changes: 20 additions & 0 deletions
20
src/main/java/org/opensearch/securityanalytics/ruleengine/rules/StatefulRule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package org.opensearch.securityanalytics.ruleengine.rules; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.Match; | ||
|
||
import java.time.Duration; | ||
import java.util.List; | ||
import java.util.function.Predicate; | ||
|
||
public class StatefulRule extends Rule<Match, List<Match>> { | ||
private final Duration timeframe; | ||
private final List<String> filterFields; | ||
|
||
public StatefulRule(final String id, final Predicate<Match> evaluationCondition, | ||
final Predicate<List<Match>> ruleCondition, final Duration timeframe, | ||
final List<String> filterFields) { | ||
super(id, evaluationCondition, ruleCondition); | ||
this.timeframe = timeframe; | ||
this.filterFields = filterFields; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
src/main/java/org/opensearch/securityanalytics/ruleengine/rules/StatelessRule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package org.opensearch.securityanalytics.ruleengine.rules; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.DataType; | ||
|
||
import java.util.function.Predicate; | ||
|
||
public class StatelessRule extends Rule<DataType, DataType> { | ||
private final boolean isStatefulCondition; | ||
|
||
public StatelessRule(final String id, final Predicate<DataType> evaluationCondition, | ||
final Predicate<DataType> ruleCondition, final boolean isStatefulCondition) { | ||
super(id, evaluationCondition, ruleCondition); | ||
this.isStatefulCondition = isStatefulCondition; | ||
} | ||
} |