Skip to content

Commit

Permalink
Add models and interfaces for rule engine
Browse files Browse the repository at this point in the history
Signed-off-by: Chase Engelbrecht <[email protected]>
  • Loading branch information
engechas committed Apr 22, 2024
1 parent 62129cd commit 59b6a4e
Show file tree
Hide file tree
Showing 12 changed files with 184 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
package org.opensearch.securityanalytics.ruleengine;

public class RuleEngine {
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package org.opensearch.securityanalytics.ruleengine.evaluator;

import org.opensearch.securityanalytics.ruleengine.model.Match;

import java.util.List;

public interface RuleEvaluator<T> {
List<Match> evaluate(List<T> data);
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package org.opensearch.securityanalytics.ruleengine.evaluator;

import org.opensearch.securityanalytics.ruleengine.model.DataType;
import org.opensearch.securityanalytics.ruleengine.model.Match;

import java.util.List;

public class StatelessRuleEvaluator implements RuleEvaluator<DataType> {
@Override
public List<Match> evaluate(final List<DataType> data) {
return null;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
package org.opensearch.securityanalytics.ruleengine.model;

import java.util.HashMap;
import java.util.Map;

public abstract class DataType {
private final Map<String, String> dataTypeMetadata;

public DataType() {
this.dataTypeMetadata = new HashMap<>();
}

abstract Object getValue(String fieldName);
abstract String getTimeFieldName();

public void putDataTypeMetadata(final String key, final String value) {
dataTypeMetadata.put(key, value);
}

public Map<String, String> getDataTypeMetadata() {
return dataTypeMetadata;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package org.opensearch.securityanalytics.ruleengine.model;

import org.opensearch.securityanalytics.ruleengine.rules.Rule;

import java.util.ArrayList;
import java.util.List;

public class Match {
private final DataType datum;
private final List<Rule> rules;

public Match(final DataType datum) {
this.datum = datum;
this.rules = new ArrayList<>();
}

public void addRule(final Rule rule) {
rules.add(rule);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package org.opensearch.securityanalytics.ruleengine.parser;

import org.opensearch.securityanalytics.ruleengine.rules.ParsedRules;

public interface RuleParser {
ParsedRules parseRules();
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package org.opensearch.securityanalytics.ruleengine.provider;

import org.opensearch.securityanalytics.ruleengine.model.DataType;

import java.util.Map;
import java.util.function.Predicate;

public class RuleData {
private final String ruleAsString;
private final Predicate<DataType> evaluationCondition;
private final Map<String, Object> metadata;

public RuleData(final String ruleAsString, final Predicate<DataType> evaluationCondition, final Map<String, Object> metadata) {
this.ruleAsString = ruleAsString;
this.evaluationCondition = evaluationCondition;
this.metadata = metadata;
}

public String getRuleAsString() {
return ruleAsString;
}

public Predicate<DataType> getEvaluationCondition() {
return evaluationCondition;
}

public Map<String, Object> getMetadata() {
return metadata;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package org.opensearch.securityanalytics.ruleengine.provider;

import java.util.List;

public interface RuleProvider {
List<RuleData> getRuleData();
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package org.opensearch.securityanalytics.ruleengine.rules;

import java.util.List;

public class ParsedRules {
private final List<StatelessRule> statelessRules;
private final List<StatefulRule> statefulRules;

public ParsedRules(final List<StatelessRule> statelessRules, final List<StatefulRule> statefulRules) {
this.statelessRules = statelessRules;
this.statefulRules = statefulRules;
}

public List<StatelessRule> getStatelessRules() {
return statelessRules;
}

public List<StatefulRule> getStatefulRules() {
return statefulRules;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package org.opensearch.securityanalytics.ruleengine.rules;

import java.util.function.Predicate;

public abstract class Rule<T, U> {
private final String id;
private final Predicate<T> evaluationCondition;
private final Predicate<U> ruleCondition;

public Rule(final String id, final Predicate<T> evaluationCondition, final Predicate<U> ruleCondition) {
this.id = id;
this.evaluationCondition = evaluationCondition;
this.ruleCondition = ruleCondition;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package org.opensearch.securityanalytics.ruleengine.rules;

import org.opensearch.securityanalytics.ruleengine.model.Match;

import java.time.Duration;
import java.util.List;
import java.util.function.Predicate;

public class StatefulRule extends Rule<Match, List<Match>> {
private final Duration timeframe;
private final List<String> filterFields;

public StatefulRule(final String id, final Predicate<Match> evaluationCondition,
final Predicate<List<Match>> ruleCondition, final Duration timeframe,
final List<String> filterFields) {
super(id, evaluationCondition, ruleCondition);
this.timeframe = timeframe;
this.filterFields = filterFields;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package org.opensearch.securityanalytics.ruleengine.rules;

import org.opensearch.securityanalytics.ruleengine.model.DataType;

import java.util.function.Predicate;

public class StatelessRule extends Rule<DataType, DataType> {
private final boolean isStatefulCondition;

public StatelessRule(final String id, final Predicate<DataType> evaluationCondition,
final Predicate<DataType> ruleCondition, final boolean isStatefulCondition) {
super(id, evaluationCondition, ruleCondition);
this.isStatefulCondition = isStatefulCondition;
}
}

0 comments on commit 59b6a4e

Please sign in to comment.