Revert "adds ioc fields list in log type config files and ioc fields …

…object in LogType POJO" This reverts commit 9bb5ecc.
opensearch-project · Oct 16, 2023 · 89984cb · 89984cb
1 parent c7a0a2a
commit 89984cb
Show file tree

Hide file tree

Showing 26 changed files with 30 additions and 106 deletions.
diff --git a/src/main/resources/OSMapping/ad_ldap_logtype.json b/src/main/resources/OSMapping/ad_ldap_logtype.json
@@ -2,8 +2,7 @@
   "name": "ad_ldap",
   "description": "AD/LDAP",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"TargetUserName",
       "ecs":"azure.signinlogs.properties.user_id"

diff --git a/src/main/resources/OSMapping/apache_access_logtype.json b/src/main/resources/OSMapping/apache_access_logtype.json
@@ -2,6 +2,5 @@
   "name": "apache_access",
   "description": "Apache Access Log type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[]
+  "mappings": []
 }
diff --git a/src/main/resources/OSMapping/azure_logtype.json b/src/main/resources/OSMapping/azure_logtype.json
@@ -2,8 +2,7 @@
   "name": "azure",
   "description": "Azure Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"Resultdescription",
       "ecs":"azure.signinlogs.result_description"

diff --git a/src/main/resources/OSMapping/cloudtrail_logtype.json b/src/main/resources/OSMapping/cloudtrail_logtype.json
@@ -2,15 +2,7 @@
   "name": "cloudtrail",
   "description": "Cloudtrail Log Type",
   "is_builtin": true,
-  "ioc_fields": [
-    {
-      "ioc": "ip",
-      "fields": [
-        "src_endpoint.ip"
-      ]
-    }
-  ],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"eventName",
       "ecs":"aws.cloudtrail.event_name",

diff --git a/src/main/resources/OSMapping/dns_logtype.json b/src/main/resources/OSMapping/dns_logtype.json
@@ -2,15 +2,7 @@
   "name": "dns",
   "description": "DNS Log Type",
   "is_builtin": true,
-  "ioc_fields": [
-    {
-      "ioc": "ip",
-      "fields": [
-        "src_endpoint.ip"
-      ]
-    }
-  ],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type",

diff --git a/src/main/resources/OSMapping/github_logtype.json b/src/main/resources/OSMapping/github_logtype.json
@@ -2,8 +2,7 @@
   "name": "github",
   "description": "Github Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"action",
       "ecs":"github.action"

diff --git a/src/main/resources/OSMapping/gworkspace_logtype.json b/src/main/resources/OSMapping/gworkspace_logtype.json
@@ -2,8 +2,7 @@
   "name": "gworkspace",
   "description": "GWorkspace Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"eventSource",
       "ecs":"google_workspace.admin.service.name"

diff --git a/src/main/resources/OSMapping/linux_logtype.json b/src/main/resources/OSMapping/linux_logtype.json
@@ -2,8 +2,7 @@
   "name": "linux",
   "description": "Linux Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"name",
       "ecs":"user.filesystem.name"

diff --git a/src/main/resources/OSMapping/m365_logtype.json b/src/main/resources/OSMapping/m365_logtype.json
@@ -2,8 +2,7 @@
   "name": "m365",
   "description": "Microsoft 365 Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"eventSource",
       "ecs":"rsa.misc.event_source"

diff --git a/src/main/resources/OSMapping/netflow_logtype.json b/src/main/resources/OSMapping/netflow_logtype.json
@@ -2,16 +2,7 @@
   "name": "netflow",
   "description": "Netflow Log Type used only in Integration Tests",
   "is_builtin": true,
-  "ioc_fields": [
-    {
-      "ioc": "ip",
-      "fields": [
-        "destination.ip",
-        "source.ip"
-      ]
-    }
-  ],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"netflow.source_ipv4_address",
       "ecs":"source.ip"

diff --git a/src/main/resources/OSMapping/network_logtype.json b/src/main/resources/OSMapping/network_logtype.json
@@ -2,16 +2,7 @@
   "name": "network",
   "description": "Network Log Type",
   "is_builtin": true,
-  "ioc_fields": [
-    {
-      "ioc": "ip",
-      "fields": [
-        "destination.ip",
-        "source.ip"
-      ]
-    }
-  ],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"action",
       "ecs":"netflow.firewall_event"

diff --git a/src/main/resources/OSMapping/okta_logtype.json b/src/main/resources/OSMapping/okta_logtype.json
@@ -2,8 +2,7 @@
   "name": "okta",
   "description": "Okta Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"eventtype",
       "ecs":"okta.event_type"

diff --git a/src/main/resources/OSMapping/others_application_logtype.json b/src/main/resources/OSMapping/others_application_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_application",
   "description": "others_application",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_apt_logtype.json b/src/main/resources/OSMapping/others_apt_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_apt",
   "description": "others_apt",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_cloud_logtype.json b/src/main/resources/OSMapping/others_cloud_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_cloud",
   "description": "others_cloud",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_compliance_logtype.json b/src/main/resources/OSMapping/others_compliance_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_compliance",
   "description": "others_compliance",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_macos_logtype.json b/src/main/resources/OSMapping/others_macos_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_macos",
   "description": "others_macos",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_proxy_logtype.json b/src/main/resources/OSMapping/others_proxy_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_proxy",
   "description": "others_proxy",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/others_web_logtype.json b/src/main/resources/OSMapping/others_web_logtype.json
@@ -2,8 +2,7 @@
   "name": "others_web",
   "description": "others_web",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"record_type",
       "ecs":"dns.answers.type"

diff --git a/src/main/resources/OSMapping/s3_logtype.json b/src/main/resources/OSMapping/s3_logtype.json
@@ -2,8 +2,7 @@
   "name": "s3",
   "description": "S3 Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"eventName",
       "ecs":"aws.cloudtrail.event_name"

diff --git a/src/main/resources/OSMapping/vpcflow_logtype.json b/src/main/resources/OSMapping/vpcflow_logtype.json
@@ -2,16 +2,7 @@
   "name": "vpcflow",
   "description": "VPC Flow Log Type",
   "is_builtin": true,
-  "ioc_fields": [
-    {
-      "ioc": "ip",
-      "fields": [
-        "dst_endpoint.ip",
-        "src_endpoint.ip"
-      ]
-    }
-  ],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"version",
       "ecs":"netflow.version",

diff --git a/src/main/resources/OSMapping/waf_logtype.json b/src/main/resources/OSMapping/waf_logtype.json
@@ -2,8 +2,7 @@
   "name": "waf",
   "description": "Web Application Firewall Log Type",
   "is_builtin": true,
-  "ioc_fields" : [],
-  "mappings":[
+  "mappings": [
     {
       "raw_field":"cs-method",
       "ecs":"waf.request.method"

diff --git a/src/main/resources/OSMapping/windows_logtype.json b/src/main/resources/OSMapping/windows_logtype.json
@@ -2,13 +2,7 @@
   "name": "windows",
   "description": "Windows Log Type",
   "is_builtin": true,
-  "ioc_fields" : [
-    {
-      "ioc": "ip",
-      "fields": ["destination.ip","source.ip"]
-    }
-  ],
-  "mappings": [
+  "mappings":[
     {
       "raw_field":"AccountName",
       "ecs":"winlog.computerObject.name"

diff --git a/src/test/java/org/opensearch/securityanalytics/LogTypeServiceTests.java b/src/test/java/org/opensearch/securityanalytics/LogTypeServiceTests.java
@@ -50,8 +50,7 @@ protected void beforeTest() throws Exception {
                                 new LogType.Mapping("rawFld1", "ecsFld1", "ocsfFld1"),
                                 new LogType.Mapping("rawFld2", "ecsFld2", "ocsfFld2"),
                                 new LogType.Mapping("rawFld3", "ecsFld3", "ocsfFld3")
-                        ),
-                        List.of(new LogType.IocFields("ip", List.of("dst.ip")))
+                        )
                 )
             );
             when(builtinLogTypeLoader.getAllLogTypes()).thenReturn(dummyLogTypes);

diff --git a/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java b/src/test/java/org/opensearch/securityanalytics/model/WriteableTests.java
@@ -50,8 +50,7 @@ public void testEmptyUserAsStream() throws IOException {
     public void testLogTypeAsStreamRawFieldOnly() throws IOException {
         LogType logType = new LogType(
                 "1", "my_log_type", "description", false,
-                List.of(new LogType.Mapping("rawField", null, null)),
-                List.of(new LogType.IocFields("ip", List.of("dst.ip")))
+                List.of(new LogType.Mapping("rawField", null, null))
         );
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
@@ -67,8 +66,7 @@ public void testLogTypeAsStreamRawFieldOnly() throws IOException {
     public void testLogTypeAsStreamFull() throws IOException {
         LogType logType = new LogType(
                 "1", "my_log_type", "description", false,
-                List.of(new LogType.Mapping("rawField", "some_ecs_field", "some_ocsf_field")),
-                List.of(new LogType.IocFields("ip", List.of("dst.ip")))
+                List.of(new LogType.Mapping("rawField", "some_ecs_field", "some_ocsf_field"))
         );
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
@@ -82,7 +80,7 @@ public void testLogTypeAsStreamFull() throws IOException {
     }
 
     public void testLogTypeAsStreamNoMappings() throws IOException {
-        LogType logType = new LogType("1", "my_log_type", "description", false, null, null);
+        LogType logType = new LogType("1", "my_log_type", "description", false, null);
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
         StreamInput sin = StreamInput.wrap(out.bytes().toBytesRef().bytes);

diff --git a/src/test/java/org/opensearch/securityanalytics/writable/LogTypeTests.java b/src/test/java/org/opensearch/securityanalytics/writable/LogTypeTests.java
@@ -21,8 +21,7 @@ public class LogTypeTests {
     public void testLogTypeAsStreamRawFieldOnly() throws IOException {
         LogType logType = new LogType(
                 "1", "my_log_type", "description", false,
-                List.of(new LogType.Mapping("rawField", null, null)),
-                List.of(new LogType.IocFields("ip", List.of("dst.ip")))
+                List.of(new LogType.Mapping("rawField", null, null))
         );
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
@@ -33,16 +32,13 @@ public void testLogTypeAsStreamRawFieldOnly() throws IOException {
         assertEquals(logType.getIsBuiltIn(), newLogType.getIsBuiltIn());
         assertEquals(logType.getMappings().size(), newLogType.getMappings().size());
         assertEquals(logType.getMappings().get(0).getRawField(), newLogType.getMappings().get(0).getRawField());
-        assertEquals(logType.getIocFieldsList().get(0).getFields().get(0), newLogType.getIocFieldsList().get(0).getFields().get(0));
-        assertEquals(logType.getIocFieldsList().get(0).getIoc(), newLogType.getIocFieldsList().get(0).getIoc());
     }
 
     @Test
     public void testLogTypeAsStreamFull() throws IOException {
         LogType logType = new LogType(
                 "1", "my_log_type", "description", false,
-                List.of(new LogType.Mapping("rawField", "some_ecs_field", "some_ocsf_field")),
-                List.of(new LogType.IocFields("ip", List.of("dst.ip")))
+                List.of(new LogType.Mapping("rawField", "some_ecs_field", "some_ocsf_field"))
         );
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
@@ -53,14 +49,11 @@ public void testLogTypeAsStreamFull() throws IOException {
         assertEquals(logType.getIsBuiltIn(), newLogType.getIsBuiltIn());
         assertEquals(logType.getMappings().size(), newLogType.getMappings().size());
         assertEquals(logType.getMappings().get(0).getRawField(), newLogType.getMappings().get(0).getRawField());
-        assertEquals(logType.getIocFieldsList().get(0).getFields().get(0), newLogType.getIocFieldsList().get(0).getFields().get(0));
-        assertEquals(logType.getIocFieldsList().get(0).getIoc(), newLogType.getIocFieldsList().get(0).getIoc());
-
     }
 
     @Test
     public void testLogTypeAsStreamNoMappings() throws IOException {
-        LogType logType = new LogType("1", "my_log_type", "description", false, null, null);
+        LogType logType = new LogType("1", "my_log_type", "description", false, null);
         BytesStreamOutput out = new BytesStreamOutput();
         logType.writeTo(out);
         StreamInput sin = StreamInput.wrap(out.bytes().toBytesRef().bytes);