fix bug: threat intel monitor finding doesnt contain all doc_ids cont…

…aining malicious IOC (#1184) (#1186) (cherry picked from commit d676715) Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Jul 19, 2024 · 6284691 · 6284691
1 parent 97cc701
commit 6284691
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...ain/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java b/...ain/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java
@@ -131,11 +131,11 @@ abstract void matchAgainstThreatIntelAndReturnMaliciousIocs(
                         List<String> vals = getValuesAsStringList(datum, field);
                         String id = getId(datum);
                         String docId = id + ":" + index;
-                        Set<String> iocs = docIdToIocsMap.getOrDefault(docIdToIocsMap.get(docId), new HashSet<>());
+                        Set<String> iocs = docIdToIocsMap.getOrDefault(docId, new HashSet<>());
                         iocs.addAll(vals);
                         docIdToIocsMap.put(docId, iocs);
                         for (String ioc : vals) {
-                            Set<String> docIds = iocValueToDocIdMap.getOrDefault(iocValueToDocIdMap.get(ioc), new HashSet<>());
+                            Set<String> docIds = iocValueToDocIdMap.getOrDefault(ioc, new HashSet<>());
                             docIds.add(docId);
                             iocValueToDocIdMap.put(ioc, docIds);
                         }