forked from opensearch-project/security-analytics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Chase Engelbrecht <[email protected]>
- Loading branch information
Showing
31 changed files
with
2,558 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM opensearchproject/opensearch:2.11.1 | ||
RUN if [ -d /usr/share/opensearch/plugins/opensearch-alerting ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-alerting; fi | ||
RUN if [ -d /usr/share/opensearch/plugins/opensearch-security-analytics ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security-analytics; fi | ||
ADD build/distributions/opensearch-alerting-2.11.1.0-SNAPSHOT.zip /tmp/ | ||
ADD build/distributions/opensearch-security-analytics-2.11.1.0-SNAPSHOT.zip /tmp/ | ||
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/opensearch-alerting-2.11.1.0-SNAPSHOT.zip | ||
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/opensearch-security-analytics-2.11.1.0-SNAPSHOT.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
...gine/src/main/java/org/opensearch/securityanalytics/ruleengine/cloudtrail/CloudTrail.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.ruleengine.cloudtrail; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.model.DataType; | ||
|
||
public class CloudTrail extends DataType { | ||
// TODO - versioning on log types | ||
private String eventName; | ||
private long time; | ||
|
||
public CloudTrail() { | ||
super(); | ||
} | ||
|
||
@Override | ||
public Object getValue(final String fieldName) { | ||
switch (fieldName) { | ||
case "eventName": return eventName; | ||
case "time": return time; | ||
default: throw new UnsupportedOperationException("Unknown field name: " + fieldName); | ||
} | ||
} | ||
|
||
@Override | ||
public String getTimeFieldName() { | ||
return "time"; | ||
} | ||
|
||
public void setEventName(final String eventName) { | ||
this.eventName = eventName; | ||
} | ||
|
||
public void setTime(final long time) { | ||
this.time = time; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
...n/java/org/opensearch/securityanalytics/ruleengine/exception/RuleEvaluationException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.ruleengine.exception; | ||
|
||
public class RuleEvaluationException extends RuntimeException { | ||
public RuleEvaluationException(final String message) { | ||
super(message); | ||
} | ||
public RuleEvaluationException(final String message, final Throwable cause) { | ||
super(message, cause); | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...c/main/java/org/opensearch/securityanalytics/ruleengine/exception/RuleParseException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.ruleengine.exception; | ||
|
||
public class RuleParseException extends RuntimeException { | ||
public RuleParseException(final String message) { | ||
super(message); | ||
} | ||
|
||
public RuleParseException(final String message, final Throwable cause) { | ||
super(message, cause); | ||
} | ||
} |
56 changes: 56 additions & 0 deletions
56
...engine/src/main/java/org/opensearch/securityanalytics/ruleengine/field/FieldAccessor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.ruleengine.field; | ||
|
||
import org.opensearch.securityanalytics.ruleengine.exception.RuleEvaluationException; | ||
import org.opensearch.securityanalytics.ruleengine.model.DataType; | ||
|
||
import java.util.Collections; | ||
import java.util.Map; | ||
|
||
public class FieldAccessor { | ||
private final Map<String, String> fieldTranslations; | ||
|
||
public FieldAccessor(final Map<String, String> fieldTranslations) { | ||
this.fieldTranslations = fieldTranslations == null ? Collections.emptyMap() : fieldTranslations; | ||
} | ||
|
||
public String getStringValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), String.class); | ||
} | ||
|
||
public Boolean getBooleanValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), Boolean.class); | ||
} | ||
|
||
public Integer getIntegerValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), Integer.class); | ||
} | ||
|
||
public Float getFloatValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), Float.class); | ||
} | ||
|
||
public Double getDoubleValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), Double.class); | ||
} | ||
|
||
public Object getObjectValue(final DataType dataType, final String fieldName) { | ||
return getValue(dataType, convertFieldName(fieldName), Object.class); | ||
} | ||
|
||
private <T> T getValue(final DataType dataType, final String fieldName, final Class<T> clazz) { | ||
try { | ||
return clazz.cast(dataType.getValue(fieldName)); | ||
} catch (final ClassCastException e) { | ||
throw new RuleEvaluationException("Unable to cast field " + fieldName + " to class " + clazz.getName(), e); | ||
} | ||
} | ||
|
||
private String convertFieldName(final String fieldName) { | ||
final String mappedFieldName = fieldTranslations.get(fieldName); | ||
return mappedFieldName == null ? fieldName : mappedFieldName; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.