throw error when no iocs are stored due to incompatible ioc types fro…

…m S3 downloaded iocs file (#1129)

Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 5d3dbca)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

src/main/java/org/opensearch/securityanalytics/services/STIX2IOCConsumer.java

@@ -7,6 +7,8 @@
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.opensearch.OpenSearchStatusException;
+import org.opensearch.core.rest.RestStatus;
 import org.opensearch.securityanalytics.commons.model.IOC;
 import org.opensearch.securityanalytics.commons.model.STIX2;
 import org.opensearch.securityanalytics.commons.model.UpdateAction;
@@ -43,6 +45,10 @@ public void accept(final STIX2 ioc) {
         // TODO hurneyt refactor once the enum values are updated
         // If the IOC received is not a type listed for the config, do not add it to the queue
         if (!feedStore.getSaTifSourceConfig().getIocTypes().contains(stix2IOC.getType().name())) {
+            log.error("{} is not a supported Ioc type for tif source config {}. Skipping IOC {}: of type {} value {}",
+                    stix2IOC.getType().name(), feedStore.getSaTifSourceConfig().getId(),
+                    stix2IOC.getId(), stix2IOC.getType(), stix2IOC.getValue()
+            );
             return;
         }
 
@@ -56,7 +62,7 @@ public void accept(final STIX2 ioc) {
 
     public void flushIOCs() {
         if (queue.isEmpty()) {
-            return;
+            throw new OpenSearchStatusException("No compatible Iocs were downloaded for config " + feedStore.getSaTifSourceConfig().getName(), RestStatus.BAD_REQUEST);
         }
 
         final List<STIX2IOC> iocsToFlush = new ArrayList<>(queue.size());

src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java

@@ -164,13 +164,12 @@ public void createIocAndTIFSourceConfig(
                                                     saTifSourceConfigService.deleteTIFSourceConfig(indexSaTifSourceConfigResponse, ActionListener.wrap(
                                                             deleteResponse -> {
                                                                 log.debug("Successfully deleted threat intel source config [{}]", indexSaTifSourceConfigResponse.getId());
-                                                                listener.onFailure(new OpenSearchException("Successfully deleted threat intel source config [{}]", indexSaTifSourceConfigResponse.getId()));
+                                                                listener.onFailure(e);
                                                             }, ex -> {
                                                                 log.error("Failed to delete threat intel source config [{}]", indexSaTifSourceConfigResponse.getId());
                                                                 listener.onFailure(ex);
                                                             }
                                                     ));
-                                                    listener.onFailure(e);
                                                 })
                                 );
                             }, e -> {

src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetIocFindingsAction.java

@@ -110,7 +110,9 @@ protected void doExecute(Task task, GetIocFindingsRequest request, ActionListene
         List<String> findingIds = request.getFindingIds();
 
         if (findingIds != null && !findingIds.isEmpty()) {
-            queryBuilder.filter(QueryBuilders.termsQuery("id", findingIds));
+            BoolQueryBuilder findingIdsFilter = QueryBuilders.boolQuery();
+            findingIds.forEach(it -> findingIdsFilter.should(QueryBuilders.matchQuery("_id", it)));
+            queryBuilder.filter(findingIdsFilter);
         }
 
         List<String> iocIds = request.getIocIds();