Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootstrap the RuleEngine package #4442

Closed
wants to merge 4 commits into from
Closed

Bootstrap the RuleEngine package #4442

wants to merge 4 commits into from

Conversation

engechas
Copy link
Collaborator

Description

Adds a new gradle project and the initial files for the Rule Engine.

Check List

  • [N/A] New functionality includes testing.
  • [N/A] New functionality has a documentation issue. Please link to it in this PR.
    • [N/A] New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

engechas added 4 commits April 18, 2024 09:47
@engechas
Bootstrap rule engine project
34d3964 
Signed-off-by: Chase Engelbrecht <[email protected]>
@engechas
Add missing readmes
3092c25 
Signed-off-by: Chase Engelbrecht <[email protected]>
@engechas
Remove unnecessary readmes
1ad4b44 
Signed-off-by: Chase Engelbrecht <[email protected]>
@engechas
Add TODO
dfa4b20 
Signed-off-by: Chase Engelbrecht <[email protected]>
chenqi0805
chenqi0805 reviewed Apr 18, 2024
View reviewed changes
rule-engine/README.md
@@ -0,0 +1,6 @@
# Rule Engine

This project implements an engine to perform real-time security rule matching against a stream of incoming data.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you specify how this engine is going to be used in the pipelines?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This project will be semi-separate from the rest of DataPrepper, but it will be integrated into DataPrepper through a processor that leverages the rule engine.

The long term vision is to perform security rule analysis against data moving through the pipeline with this rule engine

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by semi-separate?

It seems this may be a good candidate for a new project in the opensearchproject. You could make a library publish to Maven Central and then use that in Data Prepper. This would be especially helpful if you want a different group of maintainers to review changes to that core library.

Can you elaborate some on the vision here to see if this is the right project to use?

dlvenable
dlvenable requested changes Apr 19, 2024
View reviewed changes
rule-engine/README.md
@@ -0,0 +1,6 @@
# Rule Engine

This project implements an engine to perform real-time security rule matching against a stream of incoming data.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by semi-separate?

It seems this may be a good candidate for a new project in the opensearchproject. You could make a library publish to Maven Central and then use that in Data Prepper. This would be especially helpful if you want a different group of maintainers to review changes to that core library.

Can you elaborate some on the vision here to see if this is the right project to use?

rule-engine/build.gradle
id 'java'
}

group 'org.opensearch.ruleengine'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a clearer group you can use here? We actually have a different PR ( #4446) with rule evaluation?

group 'org.opensearch.securityanalytics.rulengine

???

rule-engine/src/main/java/org/opensearch/ruleengine/RuleEngine.java
@@ -0,0 +1,10 @@
package org.opensearch.ruleengine;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar comment for the package as I had with the groupId.

@engechas engechas closed this Apr 23, 2024
@kkondaka kkondaka added this to the v2.8 milestone May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlvenable dlvenable dlvenable requested changes

@chenqi0805 chenqi0805 chenqi0805 approved these changes

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@asifsmohammed asifsmohammed Awaiting requested review from asifsmohammed

@KarstenSchnitter KarstenSchnitter Awaiting requested review from KarstenSchnitter KarstenSchnitter is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.8
Development

Successfully merging this pull request may close these issues.
4 participants
@engechas @dlvenable @chenqi0805 @kkondaka