Merge branch 'feature/threat_intel_feeds' into job

Signed-off-by: Joanne Wang <[email protected]>
opensearch-project · Oct 20, 2023 · c0cb67b · c0cb67b
2 parents dfcf8fc + 0e89286
commit c0cb67b
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 2 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
@@ -127,6 +127,8 @@ public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings sett
         return Collections.singletonList(new SystemIndexDescriptor(THREAT_INTEL_DATA_INDEX_NAME_PREFIX, "System index used for threat intel data"));
     }
 
+
+
     @Override
     public Collection<Object> createComponents(Client client,
                                                ClusterService clusterService,
@@ -202,7 +204,8 @@ public List<RestHandler> getRestHandlers(Settings settings,
                 new RestSearchCorrelationRuleAction(),
                 new RestIndexCustomLogTypeAction(),
                 new RestSearchCustomLogTypeAction(),
-                new RestDeleteCustomLogTypeAction()
+                new RestDeleteCustomLogTypeAction(),
+                new RestPutTIFJobHandler(clusterSettings)
         );
     }
 

diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/action/RestPutTIFJobHandler.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/action/RestPutTIFJobHandler.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.opensearch.securityanalytics.threatIntel.action;
+
+import org.opensearch.client.node.NodeClient;
+import org.opensearch.common.settings.ClusterSettings;
+import org.opensearch.common.unit.TimeValue;
+import org.opensearch.core.xcontent.XContentParser;
+import org.opensearch.rest.BaseRestHandler;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.rest.action.RestToXContentListener;
+import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import static org.opensearch.rest.RestRequest.Method.GET;
+import static org.opensearch.rest.RestRequest.Method.PUT;
+
+/**
+ * Rest handler for threat intel TIFjob creation
+ *
+ * This handler handles a request of
+ * PUT /_plugins/security_analytics/threatintel/tifjob/{id}
+ * {
+ *     "id": {id},
+ *     "name": {name},
+ *     "update_interval_in_days": 1
+ * }
+ *
+ * When request is received, it will create a TIFjob
+ * After the creation of TIFjob is completed, it will schedule the next update task after update_interval_in_days.
+ *
+ */
+public class RestPutTIFJobHandler extends BaseRestHandler {
+    private static final String ACTION_NAME = "threatintel_tifjob_put";
+    private final ClusterSettings clusterSettings;
+
+    public RestPutTIFJobHandler(final ClusterSettings clusterSettings) {
+        this.clusterSettings = clusterSettings;
+    }
+
+    @Override
+    public String getName() {
+        return ACTION_NAME;
+    }
+
+    @Override
+    protected RestChannelConsumer prepareRequest(final RestRequest request, final NodeClient client) throws IOException {
+        final PutTIFJobRequest putTIFJobRequest = new PutTIFJobRequest("jobname",
+                new TimeValue(1, TimeUnit.MINUTES));
+
+        return channel -> client.executeLocally(PutTIFJobAction.INSTANCE, putTIFJobRequest, new RestToXContentListener<>(channel));
+    }
+
+    @Override
+    public List<Route> routes() {
+        String path = "/_p/_s";
+        return List.of(new Route(GET, path));
+    }
+}
diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/jobscheduler/TIFJobParameter.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/jobscheduler/TIFJobParameter.java
@@ -38,6 +38,22 @@ public class TIFJobParameter implements Writeable, ScheduledJobParameter {
     public static final String THREAT_INTEL_DATA_INDEX_NAME_PREFIX = ".opensearch-sap-threat-intel";
 
 
+    /**
+     * String fields for job scheduling parameters used for ParseField
+     */
+    private static final String name_field = "name";
+    private static final String enabled_field = "update_enabled";
+    private static final String last_update_time_field = "last_update_time";
+    private static final String last_update_time_field_readable = "last_update_time_field";
+    private static final String schedule_field = "schedule";
+    private static final String enabled_time_field = "enabled_time";
+    private static final String enabled_time_field_readable = "enabled_time_field";
+    private static final String state_field = "state";
+    private static final String indices_field = "indices";
+    private static final String update_stats_field = "update_stats";
+
+
+
     /**
      * String fields for job scheduling parameters used for ParseField
      */

diff --git a/.../java/org/opensearch/securityanalytics/threatIntel/integTests/ThreatIntelJobRunnerIT.java b/.../java/org/opensearch/securityanalytics/threatIntel/integTests/ThreatIntelJobRunnerIT.java
@@ -52,7 +52,7 @@ public void testCreateDetector_threatIntelEnabled_testJobRunner() throws IOExcep
 
         // update job runner to run every minute
         updateClusterSetting(TIF_UPDATE_INTERVAL.getKey(),"1m");
-
+      
         // Create a detector
         updateClusterSetting(ENABLE_WORKFLOW_USAGE.getKey(), "true");
         String index = createTestIndex(randomIndex(), windowsIndexMapping());