Create TIF Source Config API #1046
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Joanne Wang <[email protected]>
jowg-amazon
requested review from
amsiglan,
AWSHurneyt,
getsaurabh02,
lezzago,
praveensameneni,
sbcd90,
eirsep,
engechas,
goyamegh and
riysaxen-amzn
as code owners
Signed-off-by: Joanne Wang <[email protected]>
eirsep
reviewed
May 24, 2024
| @@ -103,9 +111,11 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map | |||
| public static final String FINDINGS_CORRELATE_URI = FINDINGS_BASE_URI + "/correlate"; | |||
| public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations"; | |||
| public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules"; | |||
|
|
|||
| public static final String TIF_CONFIG_URI = PLUGINS_BASE_URI + "/tif"; | |||
There was a problem hiding this comment.
updated to /tif/source
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
eirsep
reviewed
May 24, 2024
| @@ -103,9 +111,12 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map | |||
| public static final String FINDINGS_CORRELATE_URI = FINDINGS_BASE_URI + "/correlate"; | |||
| public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations"; | |||
| public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules"; | |||
|
|
|||
| public static final String TIF_BASE_URI = PLUGINS_BASE_URI + "/tif"; | |||
There was a problem hiding this comment.
changed to threat_intel
eirsep
reviewed
May 24, 2024
| @@ -103,9 +111,12 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map | |||
| public static final String FINDINGS_CORRELATE_URI = FINDINGS_BASE_URI + "/correlate"; | |||
| public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations"; | |||
| public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules"; | |||
|
|
|||
| public static final String TIF_BASE_URI = PLUGINS_BASE_URI + "/tif"; | |||
| public static final String TIF_SOURCE_CONFIG_URI = PLUGINS_BASE_URI + "/tif/source"; | |||
There was a problem hiding this comment.
changed to threat_intel/source
eirsep
reviewed
May 24, 2024
| @@ -129,6 +140,9 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map | |||
| private BuiltinLogTypeLoader builtinLogTypeLoader; | |||
|
|
|||
| private LogTypeService logTypeService; | |||
|
|
|||
| private SATIFSourceConfigDao satifSourceConfigDao; | |||
eirsep
reviewed
May 24, 2024
| @@ -211,13 +228,14 @@ public List<RestHandler> getRestHandlers(Settings settings, | |||
| new RestSearchCorrelationRuleAction(), | |||
| new RestIndexCustomLogTypeAction(), | |||
| new RestSearchCustomLogTypeAction(), | |||
| new RestDeleteCustomLogTypeAction() | |||
| new RestDeleteCustomLogTypeAction(), | |||
| new RestIndexTIFConfigAction() | |||
eirsep
reviewed
May 24, 2024
| case FEED_SOURCE_CONFIG_FIELD: | ||
| return SATIFSourceConfig.parse(xcp, id, null); | ||
| default: | ||
| log.warn("Unsupported document was indexed"); |
There was a problem hiding this comment.
log level should be error
re-word message to make it more descriptive
message should include job parser failed, $fieldName (value), in security analytics job registration
There was a problem hiding this comment.
reworded error message
eirsep
reviewed
May 24, 2024
| xcp.nextToken(); | ||
| switch (fieldName) { | ||
| case FEED_SOURCE_CONFIG_FIELD: | ||
| return SATIFSourceConfig.parse(xcp, id, null); |
There was a problem hiding this comment.
Will address this in a future PR, need to understand what params should be used for parser
eirsep
reviewed
May 24, 2024
| public class SAIndexTIFSourceConfigRequest extends ActionRequest implements IndexTIFSourceConfigRequest { | ||
| private static final ParameterValidator VALIDATOR = new ParameterValidator(); | ||
| private String tifSourceConfigId; | ||
| private final WriteRequest.RefreshPolicy refreshPolicy; |
There was a problem hiding this comment.
dont accept param. always IMMEDIATE REFRESH
eirsep
reviewed
May 24, 2024
| private final String tifConfigId; | ||
| private final Long version; | ||
| private final RestStatus status; | ||
| private final SATIFSourceConfigDto saTIFConfigDto; |
There was a problem hiding this comment.
if a word is an a acronym let's make it liek SaTifSourceConfigDto
eirsep
reviewed
May 24, 2024
|
|
||
| public void indexTIFSourceConfig(SATIFSourceConfig satifSourceConfig, | ||
| TimeValue indexTimeout, | ||
| WriteRequest.RefreshPolicy refreshPolicy, |
There was a problem hiding this comment.
should always be refresh immediate. remove param
eirsep
reviewed
May 24, 2024
| public void indexTIFSourceConfig(SATIFSourceConfig satifSourceConfig, | ||
| TimeValue indexTimeout, | ||
| WriteRequest.RefreshPolicy refreshPolicy, | ||
| final ActionListener<SATIFSourceConfig> actionListener) throws Exception { |
eirsep
reviewed
May 24, 2024
| .source(satifSourceConfig.toXContent(XContentFactory.jsonBuilder(), ToXContent.EMPTY_PARAMS)) | ||
| .timeout(indexTimeout); | ||
| log.debug("Indexing tif source config"); | ||
| client.index(indexRequest, new ActionListener<>() { |
There was a problem hiding this comment.
changed to ActionListener.wrap()
eirsep
reviewed
May 24, 2024
| } | ||
| @Override | ||
| public void onFailure(Exception e) { | ||
| throw new SecurityAnalyticsException("Exception saving the tif source config in index", RestStatus.INTERNAL_SERVER_ERROR, e); |
There was a problem hiding this comment.
use listener.onFailure don't re-throw
eirsep
reviewed
May 24, 2024
| TimeValue indexTimeout, | ||
| WriteRequest.RefreshPolicy refreshPolicy, | ||
| final ActionListener<SATIFSourceConfig> actionListener) throws Exception { | ||
| IndexRequest indexRequest = new IndexRequest(SecurityAnalyticsPlugin.JOB_INDEX_NAME) |
There was a problem hiding this comment.
wrap entire logic in try-catch and listener.onFailure + log message in catch block
eirsep
reviewed
May 24, 2024
| client.index(indexRequest, new ActionListener<>() { | ||
| @Override | ||
| public void onResponse(IndexResponse response) { | ||
| log.debug("TIF source config indexed success."); |
There was a problem hiding this comment.
logged id in message
eirsep
reviewed
May 24, 2024
| @Override | ||
| public void onResponse(IndexResponse response) { | ||
| log.debug("TIF source config indexed success."); | ||
| satifSourceConfig.setId(response.getId()); |
eirsep
reviewed
May 24, 2024
| } | ||
| } catch (IOException e) { | ||
| log.error("Runtime exception when getting the threat intel index mapping", e); | ||
| throw new SecurityAnalyticsException("Runtime exception when getting the threat intel index mapping", RestStatus.INTERNAL_SERVER_ERROR, e); |
There was a problem hiding this comment.
Message can be "Failed to get threat intel index mapping"
There was a problem hiding this comment.
Changed message
Signed-off-by: Joanne Wang <[email protected]>
eirsep
requested changes
May 25, 2024
| stepListener.onResponse(null); | ||
| return; | ||
| } | ||
| log.error("Failed to create security analytics threat intel job index", e); |
There was a problem hiding this comment.
nit: log correct index name in message
There was a problem hiding this comment.
Changed to log the index name in error message
eirsep
reviewed
May 25, 2024
|
|
||
| import org.opensearch.core.action.ActionListener; | ||
| public interface TIFSourceConfigDao { | ||
| IndexTIFSourceConfigResponse indexTIFConfig(IndexTIFSourceConfigRequest request, ActionListener <IndexTIFSourceConfigResponse> listener); |
There was a problem hiding this comment.
response would be at transport and rest layer?
There was a problem hiding this comment.
Renamed to TIFSourceConfigService and changed to abstract class, will follow up on implementation in future PR.
eirsep
reviewed
May 26, 2024
| log.error("failed to release lock", exception); | ||
| listener.onFailure(exception); | ||
| }); | ||
| SaTifSourceConfigDao.createJobIndexIfNotExists(createIndexStepListener); |
There was a problem hiding this comment.
this should be done in dao itself before create
There was a problem hiding this comment.
moved the function invocation to the dao
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
eirsep
reviewed
May 28, 2024
| @@ -179,7 +179,7 @@ public Collection<Object> createComponents(Client client, | |||
| TIFJobParameterService tifJobParameterService = new TIFJobParameterService(client, clusterService); | |||
| TIFJobUpdateService tifJobUpdateService = new TIFJobUpdateService(clusterService, tifJobParameterService, threatIntelFeedDataService, builtInTIFMetadataLoader); | |||
| TIFLockService threatIntelLockService = new TIFLockService(clusterService, client); | |||
| SaTifSourceConfigDao = new SATIFSourceConfigDao(client, clusterService, threadPool); | |||
eirsep
reviewed
May 29, 2024
| actionListener.onFailure(e); | ||
| } | ||
| }, exception -> { | ||
| lockService.releaseLock(lock); |
There was a problem hiding this comment.
what does this lockservice achieve??
eirsep
reviewed
May 29, 2024
| public interface TIFSourceConfigDao { | ||
| IndexTIFSourceConfigResponse indexTIFConfig(IndexTIFSourceConfigRequest request, ActionListener <IndexTIFSourceConfigResponse> listener); | ||
| public abstract class TIFSourceConfigService { | ||
| IndexTIFSourceConfigResponse indexTIFConfig(IndexTIFSourceConfigRequest request, ActionListener <IndexTIFSourceConfigResponse> listener){ |
eirsep
approved these changes
May 29, 2024
eirsep
merged commit 1935ed2
into
opensearch-project:feature/threat_intel
2 checks passed
eirsep
pushed a commit
that referenced
this pull request
Jun 3, 2024
* create tif source config api implementation Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * tif/source Signed-off-by: Joanne Wang <[email protected]> * fix uri Signed-off-by: Joanne Wang <[email protected]> * comments Signed-off-by: Joanne Wang <[email protected]> * fix error message Signed-off-by: Joanne Wang <[email protected]> * moved createIndex invocation and other comments Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]>
jowg-amazon
added a commit
to jowg-amazon/security-analytics
that referenced
this pull request
Jun 4, 2024
* create tif source config api implementation Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * tif/source Signed-off-by: Joanne Wang <[email protected]> * fix uri Signed-off-by: Joanne Wang <[email protected]> * comments Signed-off-by: Joanne Wang <[email protected]> * fix error message Signed-off-by: Joanne Wang <[email protected]> * moved createIndex invocation and other comments Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]>
eirsep
pushed a commit
to eirsep/security-analytics
that referenced
this pull request
Jun 6, 2024
* create tif source config api implementation Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * tif/source Signed-off-by: Joanne Wang <[email protected]> * fix uri Signed-off-by: Joanne Wang <[email protected]> * comments Signed-off-by: Joanne Wang <[email protected]> * fix error message Signed-off-by: Joanne Wang <[email protected]> * moved createIndex invocation and other comments Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]>
eirsep
pushed a commit
that referenced
this pull request
Jun 6, 2024
* create tif source config api implementation Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * tif/source Signed-off-by: Joanne Wang <[email protected]> * fix uri Signed-off-by: Joanne Wang <[email protected]> * comments Signed-off-by: Joanne Wang <[email protected]> * fix error message Signed-off-by: Joanne Wang <[email protected]> * moved createIndex invocation and other comments Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]>
AWSHurneyt
pushed a commit
to AWSHurneyt/security-analytics
that referenced
this pull request
Jun 25, 2024
* create tif source config api implementation Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * tif/source Signed-off-by: Joanne Wang <[email protected]> * fix uri Signed-off-by: Joanne Wang <[email protected]> * comments Signed-off-by: Joanne Wang <[email protected]> * fix error message Signed-off-by: Joanne Wang <[email protected]> * moved createIndex invocation and other comments Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Preliminary architecture and flow for creating a job index and indexing a source config object.
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.