entire custom logtype implementation

Signed-off-by: Subhobrata Dey <[email protected]>
opensearch-project · Jul 28, 2023 · 53a7865 · 53a7865
1 parent 22b5fc9
commit 53a7865
Show file tree

Hide file tree

Showing 50 changed files with 3,368 additions and 303 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
@@ -58,6 +58,7 @@
 import org.opensearch.securityanalytics.logtype.LogTypeService;
 import org.opensearch.securityanalytics.mapper.IndexTemplateManager;
 import org.opensearch.securityanalytics.mapper.MapperService;
+import org.opensearch.securityanalytics.model.CustomLogType;
 import org.opensearch.securityanalytics.resthandler.*;
 import org.opensearch.securityanalytics.transport.*;
 import org.opensearch.securityanalytics.model.Rule;
@@ -66,6 +67,7 @@
 import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
 import org.opensearch.securityanalytics.util.CorrelationIndices;
 import org.opensearch.securityanalytics.util.CorrelationRuleIndices;
+import org.opensearch.securityanalytics.util.CustomLogTypeIndices;
 import org.opensearch.securityanalytics.util.DetectorIndices;
 import org.opensearch.securityanalytics.util.RuleIndices;
 import org.opensearch.securityanalytics.util.RuleTopicIndices;
@@ -87,6 +89,8 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map
     public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations";
     public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules";
 
+    public static final String CUSTOM_LOG_TYPE_URI = PLUGINS_BASE_URI + "/logtype";
+
     private CorrelationRuleIndices correlationRuleIndices;
 
     private DetectorIndices detectorIndices;
@@ -95,6 +99,8 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map
 
     private CorrelationIndices correlationIndices;
 
+    private CustomLogTypeIndices customLogTypeIndices;
+
     private MapperService mapperService;
 
     private RuleIndices ruleIndices;
@@ -126,14 +132,15 @@ public Collection<Object> createComponents(Client client,
         detectorIndices = new DetectorIndices(client.admin(), clusterService, threadPool);
         ruleTopicIndices = new RuleTopicIndices(client, clusterService, logTypeService);
         correlationIndices = new CorrelationIndices(client, clusterService);
+        customLogTypeIndices = new CustomLogTypeIndices(client.admin(), clusterService);
         indexTemplateManager = new IndexTemplateManager(client, clusterService, indexNameExpressionResolver, xContentRegistry);
         mapperService = new MapperService(client, clusterService, indexNameExpressionResolver, indexTemplateManager, logTypeService);
         ruleIndices = new RuleIndices(logTypeService, client, clusterService, threadPool);
         correlationRuleIndices = new CorrelationRuleIndices(client, clusterService);
         this.client = client;
 
         return List.of(
-                detectorIndices, correlationIndices, correlationRuleIndices, ruleTopicIndices, ruleIndices,
+                detectorIndices, correlationIndices, correlationRuleIndices, ruleTopicIndices, customLogTypeIndices, ruleIndices,
                 mapperService, indexTemplateManager, builtinLogTypeLoader
         );
     }
@@ -172,7 +179,10 @@ public List<RestHandler> getRestHandlers(Settings settings,
                 new RestIndexCorrelationRuleAction(),
                 new RestDeleteCorrelationRuleAction(),
                 new RestListCorrelationAction(),
-                new RestSearchCorrelationRuleAction()
+                new RestSearchCorrelationRuleAction(),
+                new RestIndexCustomLogTypeAction(),
+                new RestSearchCustomLogTypeAction(),
+                new RestDeleteCustomLogTypeAction()
         );
     }
 
@@ -181,7 +191,8 @@ public List<NamedXContentRegistry.Entry> getNamedXContent() {
         return List.of(
                 Detector.XCONTENT_REGISTRY,
                 DetectorInput.XCONTENT_REGISTRY,
-                Rule.XCONTENT_REGISTRY
+                Rule.XCONTENT_REGISTRY,
+                CustomLogType.XCONTENT_REGISTRY
         );
     }
 
@@ -258,7 +269,10 @@ public List<Setting<?>> getSettings() {
                 new ActionPlugin.ActionHandler<>(DeleteCorrelationRuleAction.INSTANCE, TransportDeleteCorrelationRuleAction.class),
                 new ActionPlugin.ActionHandler<>(AlertingActions.SUBSCRIBE_FINDINGS_ACTION_TYPE, TransportCorrelateFindingAction.class),
                 new ActionPlugin.ActionHandler<>(ListCorrelationsAction.INSTANCE, TransportListCorrelationAction.class),
-                new ActionPlugin.ActionHandler<>(SearchCorrelationRuleAction.INSTANCE, TransportSearchCorrelationRuleAction.class)
+                new ActionPlugin.ActionHandler<>(SearchCorrelationRuleAction.INSTANCE, TransportSearchCorrelationRuleAction.class),
+                new ActionHandler<>(IndexCustomLogTypeAction.INSTANCE, TransportIndexCustomLogTypeAction.class),
+                new ActionHandler<>(SearchCustomLogTypeAction.INSTANCE, TransportSearchCustomLogTypeAction.class),
+                new ActionHandler<>(DeleteCustomLogTypeAction.INSTANCE, TransportDeleteCustomLogTypeAction.class)
         );
     }
 

diff --git a/src/main/java/org/opensearch/securityanalytics/action/CorrelatedFindingRequest.java b/src/main/java/org/opensearch/securityanalytics/action/CorrelatedFindingRequest.java
@@ -14,15 +14,15 @@
 
 public class CorrelatedFindingRequest extends ActionRequest {
 
-    private Detector.DetectorType detectorType;
+    private String detectorType;
 
     private String findingId;
 
     private long timeWindow;
 
     private int noOfNearbyFindings;
 
-    public CorrelatedFindingRequest(String findingId, Detector.DetectorType detectorType, long timeWindow, int noOfNearbyFindings) {
+    public CorrelatedFindingRequest(String findingId, String detectorType, long timeWindow, int noOfNearbyFindings) {
         super();
         this.findingId = findingId;
         this.detectorType = detectorType;
@@ -33,7 +33,7 @@ public CorrelatedFindingRequest(String findingId, Detector.DetectorType detector
     public CorrelatedFindingRequest(StreamInput sin) throws IOException {
         this(
                 sin.readString(),
-                sin.readEnum(Detector.DetectorType.class),
+                sin.readString(),
                 sin.readLong(),
                 sin.readInt()
         );
@@ -47,7 +47,7 @@ public ActionRequestValidationException validate() {
     @Override
     public void writeTo(StreamOutput out) throws IOException {
         out.writeString(findingId);
-        out.writeEnum(detectorType);
+        out.writeString(detectorType);
         out.writeLong(timeWindow);
         out.writeInt(noOfNearbyFindings);
     }
@@ -56,7 +56,7 @@ public String getFindingId() {
         return findingId;
     }
 
-    public Detector.DetectorType getDetectorType() {
+    public String getDetectorType() {
         return detectorType;
     }
 

diff --git a/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeAction.java b/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeAction.java
@@ -0,0 +1,21 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionType;
+
+public class DeleteCustomLogTypeAction extends ActionType<DeleteCustomLogTypeResponse> {
+
+    public static final DeleteCustomLogTypeAction INSTANCE = new DeleteCustomLogTypeAction();
+    public static final String NAME = "cluster:admin/opensearch/securityanalytics/logtype/delete";
+
+    public DeleteCustomLogTypeAction() {
+        super(NAME, DeleteCustomLogTypeResponse::new);
+    }
+}
diff --git a/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeRequest.java b/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeRequest.java
@@ -0,0 +1,54 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionRequest;
+import org.opensearch.action.ActionRequestValidationException;
+import org.opensearch.action.support.WriteRequest;
+import org.opensearch.common.io.stream.StreamInput;
+import org.opensearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+public class DeleteCustomLogTypeRequest extends ActionRequest {
+
+    private String logTypeId;
+
+    private WriteRequest.RefreshPolicy refreshPolicy;
+
+    public DeleteCustomLogTypeRequest(String logTypeId, WriteRequest.RefreshPolicy refreshPolicy) {
+        super();
+        this.logTypeId = logTypeId;
+        this.refreshPolicy = refreshPolicy;
+    }
+
+    public DeleteCustomLogTypeRequest(StreamInput sin) throws IOException {
+        this(sin.readString(),
+                WriteRequest.RefreshPolicy.readFrom(sin));
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        return null;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        out.writeString(logTypeId);
+        refreshPolicy.writeTo(out);
+    }
+
+    public String getLogTypeId() {
+        return logTypeId;
+    }
+
+    public WriteRequest.RefreshPolicy getRefreshPolicy() {
+        return refreshPolicy;
+    }
+}
diff --git a/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeResponse.java b/src/main/java/org/opensearch/securityanalytics/action/DeleteCustomLogTypeResponse.java
@@ -0,0 +1,59 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionResponse;
+import org.opensearch.common.io.stream.StreamInput;
+import org.opensearch.common.io.stream.StreamOutput;
+import org.opensearch.core.xcontent.ToXContentObject;
+import org.opensearch.core.xcontent.XContentBuilder;
+import org.opensearch.rest.RestStatus;
+
+import java.io.IOException;
+
+import static org.opensearch.securityanalytics.util.RestHandlerUtils._ID;
+import static org.opensearch.securityanalytics.util.RestHandlerUtils._VERSION;
+
+public class DeleteCustomLogTypeResponse extends ActionResponse implements ToXContentObject {
+
+    private String id;
+
+    private Long version;
+
+    private RestStatus status;
+
+    public DeleteCustomLogTypeResponse(String id, Long version, RestStatus status) {
+        super();
+        this.id = id;
+        this.version = version;
+        this.status = status;
+    }
+
+    public DeleteCustomLogTypeResponse(StreamInput sin) throws IOException {
+        this(
+                sin.readString(),
+                sin.readLong(),
+                sin.readEnum(RestStatus.class)
+        );
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        builder.startObject()
+                .field(_ID, id)
+                .field(_VERSION, version);
+        return builder.endObject();
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        out.writeString(id);
+        out.writeLong(version);
+    }
+}
diff --git a/src/main/java/org/opensearch/securityanalytics/action/IndexCustomLogTypeAction.java b/src/main/java/org/opensearch/securityanalytics/action/IndexCustomLogTypeAction.java
@@ -0,0 +1,21 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionType;
+
+public class IndexCustomLogTypeAction extends ActionType<IndexCustomLogTypeResponse> {
+
+    public static final IndexCustomLogTypeAction INSTANCE = new IndexCustomLogTypeAction();
+    public static final String NAME = "cluster:admin/opensearch/securityanalytics/logtype/write";
+
+    public IndexCustomLogTypeAction() {
+        super(NAME, IndexCustomLogTypeResponse::new);
+    }
+}
diff --git a/src/main/java/org/opensearch/securityanalytics/action/IndexCustomLogTypeRequest.java b/src/main/java/org/opensearch/securityanalytics/action/IndexCustomLogTypeRequest.java
@@ -0,0 +1,90 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionRequest;
+import org.opensearch.action.ActionRequestValidationException;
+import org.opensearch.action.support.WriteRequest;
+import org.opensearch.common.io.stream.StreamInput;
+import org.opensearch.common.io.stream.StreamOutput;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.securityanalytics.model.CustomLogType;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class IndexCustomLogTypeRequest extends ActionRequest {
+
+    private String logTypeId;
+
+    private WriteRequest.RefreshPolicy refreshPolicy;
+
+    private RestRequest.Method method;
+
+    private CustomLogType customLogType;
+
+    private static final Pattern IS_VALID_CUSTOM_LOG_NAME = Pattern.compile("[a-zA-Z0-9 _,-.]{5,50}");
+
+    public IndexCustomLogTypeRequest(
+            String logTypeId,
+            WriteRequest.RefreshPolicy refreshPolicy,
+            RestRequest.Method method,
+            CustomLogType customLogType
+    ) {
+        super();
+        this.logTypeId = logTypeId;
+        this.refreshPolicy = refreshPolicy;
+        this.method = method;
+        this.customLogType = customLogType;
+    }
+
+    public IndexCustomLogTypeRequest(StreamInput sin) throws IOException {
+        this(
+                sin.readString(),
+                WriteRequest.RefreshPolicy.readFrom(sin),
+                sin.readEnum(RestRequest.Method.class),
+                CustomLogType.readFrom(sin)
+        );
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        Matcher matcher = IS_VALID_CUSTOM_LOG_NAME.matcher(customLogType.getName());
+        boolean find = matcher.matches();
+        if (!find) {
+            throw new ActionRequestValidationException();
+        }
+        return null;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        out.writeString(logTypeId);
+        refreshPolicy.writeTo(out);
+        out.writeEnum(method);
+        customLogType.writeTo(out);
+    }
+
+    public String getLogTypeId() {
+        return logTypeId;
+    }
+
+    public WriteRequest.RefreshPolicy getRefreshPolicy() {
+        return refreshPolicy;
+    }
+
+    public RestRequest.Method getMethod() {
+        return method;
+    }
+
+    public CustomLogType getCustomLogType() {
+        return customLogType;
+    }
+}