-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix for doc level query constructor change #651
Conversation
Signed-off-by: Surya Sashank Nistala <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Revoking approval while test failures are investigated.
Codecov Report
@@ Coverage Diff @@
## main #651 +/- ##
=========================================
Coverage 25.05% 25.05%
- Complexity 946 947 +1
=========================================
Files 255 255
Lines 11155 11158 +3
Branches 1250 1250
=========================================
+ Hits 2795 2796 +1
- Misses 8107 8110 +3
+ Partials 253 252 -1
|
* fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 58a3a83)
Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 58a3a83)
Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 58a3a83) Co-authored-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 58a3a83) Co-authored-by: Surya Sashank Nistala <[email protected]>
* add mapping for indices storing threat intel feed data Signed-off-by: Surya Sashank Nistala <[email protected]> * fix feed indices mapping Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added Signed-off-by: Surya Sashank Nistala <[email protected]> * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO Signed-off-by: Surya Sashank Nistala <[email protected]> * fix compilation issues in tests Signed-off-by: Surya Sashank Nistala <[email protected]> * test udpate detector disabling threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for detector creation and updation with threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel test (#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> * fix threat intel integ tests and add update detector logic Signed-off-by: Surya Sashank Nistala <[email protected]> * JS for Threat intel feeds - changed extension (#675) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * TIF Job Runner Cleanup (#676) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> * removed google commons unused import, updated interval setting, removed rest action Signed-off-by: Joanne Wang <[email protected]> * removed policy file and updated name for job scheduler Signed-off-by: Joanne Wang <[email protected]> * responded to comments about parameter validator and TIFMetadata Signed-off-by: Joanne Wang <[email protected]> * refactored ThreatIntelFeedDataService and changed variables to public static final where possible Signed-off-by: Joanne Wang <[email protected]> * changed opensearch-sap-threatintel to opensearch-sap-threat-intel Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * fix TIFJobParameter class Signed-off-by: Surya Sashank Nistala <[email protected]> * test detector updation when feed updation job runs Signed-off-by: Surya Sashank Nistala <[email protected]> * removed delete job scheduler code and cleaned up (#678) Signed-off-by: Joanne Wang <[email protected]> * working integ test (#680) Signed-off-by: Joanne Wang <[email protected]> * fix timeout of tif job creation Signed-off-by: Surya Sashank Nistala <[email protected]> * remove unncessary thread forking in put tif job action Signed-off-by: Surya Sashank Nistala <[email protected]> * refactoring code to address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * detector trigger detection types Signed-off-by: Surya Sashank Nistala <[email protected]> * pull out threat intel rest tests into separate test class Signed-off-by: Surya Sashank Nistala <[email protected]> * add detection types testing in detector trigger for rules and threat intel detection scenarios Signed-off-by: Surya Sashank Nistala <[email protected]> * add license header Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel field aliases in mapping view response Signed-off-by: Surya Sashank Nistala <[email protected]> * fix threat intel feed parser Signed-off-by: Surya Sashank Nistala <[email protected]> * fix workflow failing test Signed-off-by: Surya Sashank Nistala <[email protected]> * spotless check failures fixed Signed-off-by: Surya Sashank Nistala <[email protected]> * remove dockerfile (#689) Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
* add mapping for indices storing threat intel feed data Signed-off-by: Surya Sashank Nistala <[email protected]> * fix feed indices mapping Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added Signed-off-by: Surya Sashank Nistala <[email protected]> * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO Signed-off-by: Surya Sashank Nistala <[email protected]> * fix compilation issues in tests Signed-off-by: Surya Sashank Nistala <[email protected]> * test udpate detector disabling threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for detector creation and updation with threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel test (opensearch-project#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> * fix threat intel integ tests and add update detector logic Signed-off-by: Surya Sashank Nistala <[email protected]> * JS for Threat intel feeds - changed extension (opensearch-project#675) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * TIF Job Runner Cleanup (opensearch-project#676) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> * removed google commons unused import, updated interval setting, removed rest action Signed-off-by: Joanne Wang <[email protected]> * removed policy file and updated name for job scheduler Signed-off-by: Joanne Wang <[email protected]> * responded to comments about parameter validator and TIFMetadata Signed-off-by: Joanne Wang <[email protected]> * refactored ThreatIntelFeedDataService and changed variables to public static final where possible Signed-off-by: Joanne Wang <[email protected]> * changed opensearch-sap-threatintel to opensearch-sap-threat-intel Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * fix TIFJobParameter class Signed-off-by: Surya Sashank Nistala <[email protected]> * test detector updation when feed updation job runs Signed-off-by: Surya Sashank Nistala <[email protected]> * removed delete job scheduler code and cleaned up (opensearch-project#678) Signed-off-by: Joanne Wang <[email protected]> * working integ test (opensearch-project#680) Signed-off-by: Joanne Wang <[email protected]> * fix timeout of tif job creation Signed-off-by: Surya Sashank Nistala <[email protected]> * remove unncessary thread forking in put tif job action Signed-off-by: Surya Sashank Nistala <[email protected]> * refactoring code to address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * detector trigger detection types Signed-off-by: Surya Sashank Nistala <[email protected]> * pull out threat intel rest tests into separate test class Signed-off-by: Surya Sashank Nistala <[email protected]> * add detection types testing in detector trigger for rules and threat intel detection scenarios Signed-off-by: Surya Sashank Nistala <[email protected]> * add license header Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel field aliases in mapping view response Signed-off-by: Surya Sashank Nistala <[email protected]> * fix threat intel feed parser Signed-off-by: Surya Sashank Nistala <[email protected]> * fix workflow failing test Signed-off-by: Surya Sashank Nistala <[email protected]> * spotless check failures fixed Signed-off-by: Surya Sashank Nistala <[email protected]> * remove dockerfile (opensearch-project#689) Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
* add mapping for indices storing threat intel feed data Signed-off-by: Surya Sashank Nistala <[email protected]> * fix feed indices mapping Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added Signed-off-by: Surya Sashank Nistala <[email protected]> * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO Signed-off-by: Surya Sashank Nistala <[email protected]> * fix compilation issues in tests Signed-off-by: Surya Sashank Nistala <[email protected]> * test udpate detector disabling threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for detector creation and updation with threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel test (opensearch-project#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> * fix threat intel integ tests and add update detector logic Signed-off-by: Surya Sashank Nistala <[email protected]> * JS for Threat intel feeds - changed extension (opensearch-project#675) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * TIF Job Runner Cleanup (opensearch-project#676) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> * removed google commons unused import, updated interval setting, removed rest action Signed-off-by: Joanne Wang <[email protected]> * removed policy file and updated name for job scheduler Signed-off-by: Joanne Wang <[email protected]> * responded to comments about parameter validator and TIFMetadata Signed-off-by: Joanne Wang <[email protected]> * refactored ThreatIntelFeedDataService and changed variables to public static final where possible Signed-off-by: Joanne Wang <[email protected]> * changed opensearch-sap-threatintel to opensearch-sap-threat-intel Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * fix TIFJobParameter class Signed-off-by: Surya Sashank Nistala <[email protected]> * test detector updation when feed updation job runs Signed-off-by: Surya Sashank Nistala <[email protected]> * removed delete job scheduler code and cleaned up (opensearch-project#678) Signed-off-by: Joanne Wang <[email protected]> * working integ test (opensearch-project#680) Signed-off-by: Joanne Wang <[email protected]> * fix timeout of tif job creation Signed-off-by: Surya Sashank Nistala <[email protected]> * remove unncessary thread forking in put tif job action Signed-off-by: Surya Sashank Nistala <[email protected]> * refactoring code to address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * detector trigger detection types Signed-off-by: Surya Sashank Nistala <[email protected]> * pull out threat intel rest tests into separate test class Signed-off-by: Surya Sashank Nistala <[email protected]> * add detection types testing in detector trigger for rules and threat intel detection scenarios Signed-off-by: Surya Sashank Nistala <[email protected]> * add license header Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel field aliases in mapping view response Signed-off-by: Surya Sashank Nistala <[email protected]> * fix threat intel feed parser Signed-off-by: Surya Sashank Nistala <[email protected]> * fix workflow failing test Signed-off-by: Surya Sashank Nistala <[email protected]> * spotless check failures fixed Signed-off-by: Surya Sashank Nistala <[email protected]> * remove dockerfile (opensearch-project#689) Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * converge job scheduler and detector threat intel code * add feed metadata config files in src and test * adds ioc fields list in log type config files and ioc fields object in LogType POJO * fix compilation issues in tests * test udpate detector disabling threat intel * add tests for detector creation and updation with threat intel * Threat intel test (#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * refactored out unecessary * added headers and cleaned up * converge job scheduler and detector threat intel code * working on testing * fixed the parser and build.gradle * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * converge job scheduler and detector threat intel code * add feed metadata config files in src and test * clean up some tests * fixed merge conflicts * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field * fixed job scheduler interval settings * add tests for ioc to fields for each log type * removed wildcards --------- * fix threat intel integ tests and add update detector logic * JS for Threat intel feeds - changed extension (#675) * merge conflicts * fixed java wildcards and changed update key name * integ test failing * fix job scheduler params * changed extension and has debug messages * clean up * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name --------- * TIF Job Runner Cleanup (#676) * merge conflicts * fixed java wildcards and changed update key name * integ test failing * fix job scheduler params * changed extension and has debug messages * clean up * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name * removed google commons unused import, updated interval setting, removed rest action * removed policy file and updated name for job scheduler * responded to comments about parameter validator and TIFMetadata * refactored ThreatIntelFeedDataService and changed variables to public static final where possible * changed opensearch-sap-threatintel to opensearch-sap-threat-intel --------- * fix TIFJobParameter class * test detector updation when feed updation job runs * removed delete job scheduler code and cleaned up (#678) * working integ test (#680) * fix timeout of tif job creation * remove unncessary thread forking in put tif job action * refactoring code to address review comments * detector trigger detection types * pull out threat intel rest tests into separate test class * add detection types testing in detector trigger for rules and threat intel detection scenarios * add license header * add threat intel field aliases in mapping view response * fix threat intel feed parser * fix workflow failing test * spotless check failures fixed * remove dockerfile (#689) --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * converge job scheduler and detector threat intel code * add feed metadata config files in src and test * adds ioc fields list in log type config files and ioc fields object in LogType POJO * fix compilation issues in tests * test udpate detector disabling threat intel * add tests for detector creation and updation with threat intel * Threat intel test (#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * refactored out unecessary * added headers and cleaned up * converge job scheduler and detector threat intel code * working on testing * fixed the parser and build.gradle * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * create doc level query from threat intel feed data index docs" * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao * add threatIntelEnabled field in detector. * add threat intel feed service and searching feeds * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation * Preliminary framework for jobscheduler and datasource (#626) * with listener and processor * removed actions * clean up * added parser * add unit tests * refactored class names * before moving db * after moving db * added actions to plugin and removed user schedule * unit tests * fix build error * changed transport naming --------- * converge job scheduler code with threat intel feed integration in detectors * converge job scheduler and detector threat intel code * add feed metadata config files in src and test * clean up some tests * fixed merge conflicts * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field * fixed job scheduler interval settings * add tests for ioc to fields for each log type * removed wildcards --------- * fix threat intel integ tests and add update detector logic * JS for Threat intel feeds - changed extension (#675) * merge conflicts * fixed java wildcards and changed update key name * integ test failing * fix job scheduler params * changed extension and has debug messages * clean up * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name --------- * TIF Job Runner Cleanup (#676) * merge conflicts * fixed java wildcards and changed update key name * integ test failing * fix job scheduler params * changed extension and has debug messages * clean up * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name * removed google commons unused import, updated interval setting, removed rest action * removed policy file and updated name for job scheduler * responded to comments about parameter validator and TIFMetadata * refactored ThreatIntelFeedDataService and changed variables to public static final where possible * changed opensearch-sap-threatintel to opensearch-sap-threat-intel --------- * fix TIFJobParameter class * test detector updation when feed updation job runs * removed delete job scheduler code and cleaned up (#678) * working integ test (#680) * fix timeout of tif job creation * remove unncessary thread forking in put tif job action * refactoring code to address review comments * detector trigger detection types * pull out threat intel rest tests into separate test class * add detection types testing in detector trigger for rules and threat intel detection scenarios * add license header * add threat intel field aliases in mapping view response * fix threat intel feed parser * fix workflow failing test * spotless check failures fixed * remove dockerfile (#689) --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
…nsearch-project#682)" This reverts commit 282046d. Signed-off-by: Surya Sashank Nistala <[email protected]>
This reverts commit 282046d. Signed-off-by: Surya Sashank Nistala <[email protected]>
…earch-project#651) * bucket level monitor findings Signed-off-by: Surya Sashank Nistala <[email protected]> * add test to verify bucket level monitor findings Signed-off-by: Surya Sashank Nistala <[email protected]> * added tests. fixed document ids in bucket level monitor findings Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 5b451b988b7cad0b5a1076daa8908c2fd68db154) Co-authored-by: Surya Sashank Nistala <[email protected]>
The backport to
To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.9 2.9
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.9
# Create a new branch
git switch --create backport-651-to-2.9
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 58a3a83619010b2c4059eaa8731d1df6d4628640
# Push it to GitHub
git push --set-upstream origin backport-651-to-2.9
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.9 Then, create a pull request where the |
Description
Add
fields
param in doc level constructor. defaults to empty listBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.