Skip to content

Commit

Permalink
test udpate detector disabling threat intel
Browse files Browse the repository at this point in the history 
Signed-off-by: Surya Sashank Nistala <[email protected]>
  • Loading branch information
@eirsep
eirsep committed Oct 17, 2023
1 parent decee51 commit a79b8ac
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 3 deletions.
1 change: 1 addition & 0 deletions src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -691,6 +691,7 @@ private void addThreatIntelBasedDocLevelQueries(Detector detector, List<DocLevel
try {

if (detector.getThreatIntelEnabled()) {
log.debug("threat intel enabled for detector {} . adding threat intel based doc level queries.", detector.getName());
List<LogType.IocFields> iocFieldsList = logTypeService.getIocFieldsList(detector.getDetectorType());
if (iocFieldsList == null || iocFieldsList.isEmpty()) {

Expand Down
4 changes: 1 addition & 3 deletions src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1078,7 +1078,6 @@ public void testCreateDetectorWiththreatIntelEnabled_updateDetectorWithThreatInt
DetectorInput input = new DetectorInput("windows detector for security analytics", List.of("windows"), detectorRules,
Collections.emptyList());
Detector detector = randomDetectorWithInputsAndThreatIntel(List.of(input), true);

Response createResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector));

String request = "{\n" +
Expand Down Expand Up @@ -1137,8 +1136,7 @@ public void testCreateDetectorWiththreatIntelEnabled_updateDetectorWithThreatInt
ArrayList<String> docs = (ArrayList<String>) docLevelQueryResults.get(threatIntelDocLevelQueryId);
assertEquals(docs.size(), 3);

detector.setThreatIntelEnabled(false);
Response updateResponse = makeRequest(client(), "PUT", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId, Collections.emptyMap(), toHttpEntity(detector));
Response updateResponse = makeRequest(client(), "PUT", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId, Collections.emptyMap(), toHttpEntity(randomDetectorWithInputsAndThreatIntel(List.of(input), true)));

assertEquals("Update detector failed", RestStatus.OK, restStatus(updateResponse));

Expand Down

0 comments on commit a79b8ac

Please sign in to comment.