Made changes based on PR feedback.

Signed-off-by: AWSHurneyt <[email protected]>
opensearch-project · May 30, 2024 · 5429ac9 · 5429ac9
1 parent 2b9e04a
commit 5429ac9
Show file tree

Hide file tree

Showing 9 changed files with 255 additions and 149 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
@@ -7,7 +7,6 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.function.Supplier;
 import java.util.Optional;
@@ -62,7 +61,6 @@
 import org.opensearch.securityanalytics.mapper.IndexTemplateManager;
 import org.opensearch.securityanalytics.mapper.MapperService;
 import org.opensearch.securityanalytics.model.CustomLogType;
-import org.opensearch.securityanalytics.model.IocDao;
 import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
 import org.opensearch.securityanalytics.resthandler.*;
 import org.opensearch.securityanalytics.threatIntel.service.DetectorThreatIntelService;
@@ -111,15 +109,6 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map
     public static final String CUSTOM_LOG_TYPE_URI = PLUGINS_BASE_URI + "/logtype";
     public static final String JOB_INDEX_NAME = ".opensearch-sap--job";
     public static final Map<String, Object> TIF_JOB_INDEX_SETTING = Map.of(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1, IndexMetadata.SETTING_AUTO_EXPAND_REPLICAS, "0-all", IndexMetadata.SETTING_INDEX_HIDDEN, true);
-    public static final String IOC_INDEX_NAME_BASE = ".opensearch-sap-iocs";
-    public static final String IOC_ALL_INDEX_PATTERN = IOC_INDEX_NAME_BASE + "-*";
-    public static final String IOC_DOMAIN_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.DOMAIN.name().toLowerCase(Locale.ROOT);
-    public static final String IOC_HASH_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.HASH.name().toLowerCase(Locale.ROOT);
-    public static final String IOC_IP_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.IP.name().toLowerCase(Locale.ROOT);
-
-    // TODO hurneyt IOC system index names should be refactored to include the timestamp instead of the IOC type
-    public static final String IOC_HISTORY_WRITE_INDEX_ALIAS = IOC_INDEX_NAME_BASE + "-history-write";
-    public static final String IOC_HISTORY_INDEX_PATTERN = "<." + IOC_INDEX_NAME_BASE + "-history-{now/d{yyyy.MM.dd.hh.mm.ss|UTC}}-1>";
 
     private CorrelationRuleIndices correlationRuleIndices;
 

diff --git a/src/main/java/org/opensearch/securityanalytics/action/FetchIocsActionResponse.java b/src/main/java/org/opensearch/securityanalytics/action/FetchIocsActionResponse.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.core.action.ActionResponse;
+import org.opensearch.core.common.io.stream.StreamInput;
+import org.opensearch.core.common.io.stream.StreamOutput;
+import org.opensearch.core.xcontent.ToXContentObject;
+import org.opensearch.core.xcontent.XContentBuilder;
+import org.opensearch.securityanalytics.model.IOC;
+import org.opensearch.securityanalytics.model.IocDto;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+public class FetchIocsActionResponse extends ActionResponse implements ToXContentObject {
+    public static String IOCS_FIELD = "iocs";
+    public static String TOTAL_FIELD = "total";
+    private List<IocDto> iocs = Collections.emptyList();
+
+    public FetchIocsActionResponse(List<IOC> iocs) {
+        super();
+        iocs.forEach( ioc -> this.iocs.add(new IocDto(ioc)));
+    }
+
+    public FetchIocsActionResponse(StreamInput sin) throws IOException {
+        this(sin.readList(IOC::new));
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        out.writeList(iocs);
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        return builder.startObject()
+                .field(IOCS_FIELD, this.iocs)
+                .field(TOTAL_FIELD, this.iocs.size())
+                .endObject();
+    }
+
+    public List<IocDto> getIocs() {
+        return iocs;
+    }
+}
diff --git a/...earch/securityanalytics/model/IocDao.java → ...ensearch/securityanalytics/model/IOC.java b/...earch/securityanalytics/model/IocDao.java → ...ensearch/securityanalytics/model/IOC.java
@@ -23,12 +23,8 @@
 import java.util.Locale;
 import java.util.Objects;
 
-import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_DOMAIN_INDEX_NAME;
-import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_HASH_INDEX_NAME;
-import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_IP_INDEX_NAME;
-
-public class IocDao implements Writeable, ToXContentObject {
-    private static final Logger logger = LogManager.getLogger(IocDao.class);
+public class IOC implements Writeable, ToXContentObject {
+    private static final Logger logger = LogManager.getLogger(IOC.class);
 
     public static final String NO_ID = "";
 
@@ -56,7 +52,7 @@ public class IocDao implements Writeable, ToXContentObject {
     private List<String> labels;
     private String feedId;
 
-    public IocDao(
+    public IOC(
             String id,
             String name,
             IocType type,
@@ -83,7 +79,7 @@ public IocDao(
         validate();
     }
 
-    public IocDao(StreamInput sin) throws IOException {
+    public IOC(StreamInput sin) throws IOException {
         this(
                 sin.readString(), // id
                 sin.readString(), // name
@@ -99,7 +95,7 @@ public IocDao(StreamInput sin) throws IOException {
         );
     }
 
-    public IocDao(IocDto iocDto) {
+    public IOC(IocDto iocDto) {
         this(
                 iocDto.getId(),
                 iocDto.getName(),
@@ -115,8 +111,8 @@ public IocDao(IocDto iocDto) {
         );
     }
 
-    public static IocDao readFrom(StreamInput sin) throws IOException {
-        return new IocDao(sin);
+    public static IOC readFrom(StreamInput sin) throws IOException {
+        return new IOC(sin);
     }
 
     @Override
@@ -151,7 +147,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
                 .endObject();
     }
 
-    public static IocDao parse(XContentParser xcp, String id) throws IOException {
+    public static IOC parse(XContentParser xcp, String id) throws IOException {
         if (id == null) {
             id = NO_ID;
         }
@@ -233,7 +229,7 @@ public static IocDao parse(XContentParser xcp, String id) throws IOException {
             }
         }
 
-        return new IocDao(
+        return new IOC(
                 id,
                 name,
                 type,
@@ -314,27 +310,10 @@ public String getFeedId() {
     }
 
     public enum IocType {
-        DOMAIN("domain") {
-            @Override
-            public String getSystemIndexName() {
-                return IOC_DOMAIN_INDEX_NAME;
-            }
-        },
-        HASH("hash") { // TODO placeholder
-            @Override
-            public String getSystemIndexName() {
-                return IOC_HASH_INDEX_NAME;
-            }
-        },
-        IP("ip") {
-            @Override
-            public String getSystemIndexName() {
-                return IOC_IP_INDEX_NAME;
-            }
-        };
+        DOMAIN("domain"),
+        HASH("hash"),
+        IP("ip");
 
         IocType(String type) {}
-
-        public abstract String getSystemIndexName();
     }
 }
diff --git a/src/main/java/org/opensearch/securityanalytics/model/IocDto.java b/src/main/java/org/opensearch/securityanalytics/model/IocDto.java
@@ -13,20 +13,17 @@
 import org.opensearch.core.xcontent.ToXContentObject;
 import org.opensearch.core.xcontent.XContentBuilder;
 import org.opensearch.core.xcontent.XContentParser;
-import org.opensearch.core.xcontent.XContentParserUtils;
 
 import java.io.IOException;
 import java.time.Instant;
-import java.util.Collections;
 import java.util.List;
-import java.util.Locale;
 
 public class IocDto implements Writeable, ToXContentObject {
     private static final Logger logger = LogManager.getLogger(IocDto.class);
 
     private String id;
     private String name;
-    private IocDao.IocType type;
+    private IOC.IocType type;
     private String value;
     private String severity;
     private String specVersion;
@@ -36,22 +33,22 @@ public class IocDto implements Writeable, ToXContentObject {
     private List<String> labels;
     private String feedId;
 
-    public IocDto(IocDao iocDao) {
-        this.id = iocDao.getId();
-        this.name = iocDao.getName();
-        this.type = iocDao.getType();
-        this.value = iocDao.getValue();
-        this.severity = iocDao.getSeverity();
-        this.specVersion = iocDao.getSpecVersion();
-        this.created = iocDao.getCreated();
-        this.modified = iocDao.getModified();
-        this.description = iocDao.getDescription();
-        this.labels = iocDao.getLabels();
-        this.feedId = iocDao.getFeedId();
+    public IocDto(IOC ioc) {
+        this.id = ioc.getId();
+        this.name = ioc.getName();
+        this.type = ioc.getType();
+        this.value = ioc.getValue();
+        this.severity = ioc.getSeverity();
+        this.specVersion = ioc.getSpecVersion();
+        this.created = ioc.getCreated();
+        this.modified = ioc.getModified();
+        this.description = ioc.getDescription();
+        this.labels = ioc.getLabels();
+        this.feedId = ioc.getFeedId();
     }
 
     public IocDto(StreamInput sin) throws IOException {
-        this(new IocDao(sin));
+        this(new IOC(sin));
     }
 
     public static IocDto readFrom(StreamInput sin) throws IOException {
@@ -76,22 +73,22 @@ public void writeTo(StreamOutput out) throws IOException {
     @Override
     public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
         return builder.startObject()
-                .field(IocDao.ID_FIELD, id)
-                .field(IocDao.NAME_FIELD, name)
-                .field(IocDao.TYPE_FIELD, type)
-                .field(IocDao.VALUE_FIELD, value)
-                .field(IocDao.SEVERITY_FIELD, severity)
-                .field(IocDao.SPEC_VERSION_FIELD, specVersion)
-                .timeField(IocDao.CREATED_FIELD, created)
-                .timeField(IocDao.MODIFIED_FIELD, modified)
-                .field(IocDao.DESCRIPTION_FIELD, description)
-                .field(IocDao.LABELS_FIELD, labels)
-                .field(IocDao.FEED_ID_FIELD, feedId)
+                .field(IOC.ID_FIELD, id)
+                .field(IOC.NAME_FIELD, name)
+                .field(IOC.TYPE_FIELD, type)
+                .field(IOC.VALUE_FIELD, value)
+                .field(IOC.SEVERITY_FIELD, severity)
+                .field(IOC.SPEC_VERSION_FIELD, specVersion)
+                .timeField(IOC.CREATED_FIELD, created)
+                .timeField(IOC.MODIFIED_FIELD, modified)
+                .field(IOC.DESCRIPTION_FIELD, description)
+                .field(IOC.LABELS_FIELD, labels)
+                .field(IOC.FEED_ID_FIELD, feedId)
                 .endObject();
     }
 
     public static IocDto parse(XContentParser xcp, String id) throws IOException {
-            return new IocDto(IocDao.parse(xcp, id));
+            return new IocDto(IOC.parse(xcp, id));
         }
 
     public String getId() {
@@ -102,7 +99,7 @@ public String getName() {
         return name;
     }
 
-    public IocDao.IocType getType() {
+    public IOC.IocType getType() {
         return type;
     }