Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix for doc level query constructor change #651

Merged
merged 1 commit into from
Oct 9, 2023

Conversation

eirsep
Copy link
Member

@eirsep eirsep commented Oct 9, 2023

Description

Add fields param in doc level constructor. defaults to empty list

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Surya Sashank Nistala <[email protected]>
@AWSHurneyt AWSHurneyt self-requested a review October 9, 2023 18:32
Copy link
Collaborator

@AWSHurneyt AWSHurneyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revoking approval while test failures are investigated.

@codecov
Copy link

codecov bot commented Oct 9, 2023

Codecov Report

Merging #651 (f85a949) into main (115ae95) will increase coverage by 0.00%.
The diff coverage is 0.00%.

@@            Coverage Diff            @@
##               main     #651   +/-   ##
=========================================
  Coverage     25.05%   25.05%           
- Complexity      946      947    +1     
=========================================
  Files           255      255           
  Lines         11155    11158    +3     
  Branches       1250     1250           
=========================================
+ Hits           2795     2796    +1     
- Misses         8107     8110    +3     
+ Partials        253      252    -1     
Files Coverage Δ
...ch/securityanalytics/findings/FindingsService.java 35.89% <0.00%> (ø)
...lytics/transport/TransportIndexDetectorAction.java 0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

@eirsep eirsep merged commit 58a3a83 into opensearch-project:main Oct 9, 2023
14 of 15 checks passed
eirsep added a commit that referenced this pull request Oct 10, 2023
* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit that referenced this pull request Oct 12, 2023
* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit that referenced this pull request Oct 16, 2023
* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit that referenced this pull request Oct 17, 2023
* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactored out unecessary

Signed-off-by: Joanne Wang <[email protected]>

* added headers and cleaned up

Signed-off-by: Joanne Wang <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* working on testing

Signed-off-by: Joanne Wang <[email protected]>

* fixed the parser and build.gradle

Signed-off-by: Joanne Wang <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* clean up some tests

Signed-off-by: Joanne Wang <[email protected]>

* fixed merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler interval settings

Signed-off-by: Joanne Wang <[email protected]>

* add tests for ioc to fields for each log type

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed wildcards

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit that referenced this pull request Oct 17, 2023
* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactored out unecessary

Signed-off-by: Joanne Wang <[email protected]>

* added headers and cleaned up

Signed-off-by: Joanne Wang <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* working on testing

Signed-off-by: Joanne Wang <[email protected]>

* fixed the parser and build.gradle

Signed-off-by: Joanne Wang <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* clean up some tests

Signed-off-by: Joanne Wang <[email protected]>

* fixed merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler interval settings

Signed-off-by: Joanne Wang <[email protected]>

* add tests for ioc to fields for each log type

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed wildcards

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 23, 2023
Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 58a3a83)
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 23, 2023
Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 58a3a83)
AWSHurneyt pushed a commit that referenced this pull request Oct 24, 2023
Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 58a3a83)

Co-authored-by: Surya Sashank Nistala <[email protected]>
AWSHurneyt pushed a commit that referenced this pull request Oct 24, 2023
Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 58a3a83)

Co-authored-by: Surya Sashank Nistala <[email protected]>
amsiglan pushed a commit that referenced this pull request Oct 25, 2023
* add mapping for indices storing threat intel feed data

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix feed indices mapping

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

Signed-off-by: Surya Sashank Nistala <[email protected]>

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix compilation issues in tests

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test udpate detector disabling threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for detector creation and updation with threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel test (#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactored out unecessary

Signed-off-by: Joanne Wang <[email protected]>

* added headers and cleaned up

Signed-off-by: Joanne Wang <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* working on testing

Signed-off-by: Joanne Wang <[email protected]>

* fixed the parser and build.gradle

Signed-off-by: Joanne Wang <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (#626)


Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* clean up some tests

Signed-off-by: Joanne Wang <[email protected]>

* fixed merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler interval settings

Signed-off-by: Joanne Wang <[email protected]>

* add tests for ioc to fields for each log type

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed wildcards

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>

* fix threat intel integ tests and add update detector logic

Signed-off-by: Surya Sashank Nistala <[email protected]>

* JS for Threat intel feeds - changed extension (#675)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* TIF Job Runner Cleanup (#676)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

* removed google commons unused import, updated interval setting, removed rest action

Signed-off-by: Joanne Wang <[email protected]>

* removed policy file and updated name for job scheduler

Signed-off-by: Joanne Wang <[email protected]>

* responded to comments about parameter validator and TIFMetadata

Signed-off-by: Joanne Wang <[email protected]>

* refactored ThreatIntelFeedDataService and changed variables to public static final where possible

Signed-off-by: Joanne Wang <[email protected]>

* changed opensearch-sap-threatintel to opensearch-sap-threat-intel

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* fix TIFJobParameter class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test detector updation when feed updation job runs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed delete job scheduler code and cleaned up (#678)

Signed-off-by: Joanne Wang <[email protected]>

* working integ test (#680)

Signed-off-by: Joanne Wang <[email protected]>

* fix timeout of tif job creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove unncessary thread forking in put tif job action

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactoring code to address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* detector trigger detection types
Signed-off-by: Surya Sashank Nistala <[email protected]>

* pull out threat intel rest tests into separate test class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add detection types testing in detector trigger for rules and threat intel detection scenarios

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add license header

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel field aliases in mapping view response

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix threat intel feed parser

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix workflow failing test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* spotless check failures fixed

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove dockerfile (#689)

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
jowg-amazon added a commit to jowg-amazon/security-analytics that referenced this pull request Oct 26, 2023
* add mapping for indices storing threat intel feed data

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix feed indices mapping

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

Signed-off-by: Surya Sashank Nistala <[email protected]>

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix compilation issues in tests

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test udpate detector disabling threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for detector creation and updation with threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel test (opensearch-project#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactored out unecessary

Signed-off-by: Joanne Wang <[email protected]>

* added headers and cleaned up

Signed-off-by: Joanne Wang <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* working on testing

Signed-off-by: Joanne Wang <[email protected]>

* fixed the parser and build.gradle

Signed-off-by: Joanne Wang <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* clean up some tests

Signed-off-by: Joanne Wang <[email protected]>

* fixed merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler interval settings

Signed-off-by: Joanne Wang <[email protected]>

* add tests for ioc to fields for each log type

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed wildcards

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>

* fix threat intel integ tests and add update detector logic

Signed-off-by: Surya Sashank Nistala <[email protected]>

* JS for Threat intel feeds - changed extension (opensearch-project#675)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* TIF Job Runner Cleanup (opensearch-project#676)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

* removed google commons unused import, updated interval setting, removed rest action

Signed-off-by: Joanne Wang <[email protected]>

* removed policy file and updated name for job scheduler

Signed-off-by: Joanne Wang <[email protected]>

* responded to comments about parameter validator and TIFMetadata

Signed-off-by: Joanne Wang <[email protected]>

* refactored ThreatIntelFeedDataService and changed variables to public static final where possible

Signed-off-by: Joanne Wang <[email protected]>

* changed opensearch-sap-threatintel to opensearch-sap-threat-intel

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* fix TIFJobParameter class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test detector updation when feed updation job runs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed delete job scheduler code and cleaned up (opensearch-project#678)

Signed-off-by: Joanne Wang <[email protected]>

* working integ test (opensearch-project#680)

Signed-off-by: Joanne Wang <[email protected]>

* fix timeout of tif job creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove unncessary thread forking in put tif job action

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactoring code to address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* detector trigger detection types
Signed-off-by: Surya Sashank Nistala <[email protected]>

* pull out threat intel rest tests into separate test class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add detection types testing in detector trigger for rules and threat intel detection scenarios

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add license header

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel field aliases in mapping view response

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix threat intel feed parser

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix workflow failing test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* spotless check failures fixed

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove dockerfile (opensearch-project#689)

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
jowg-amazon added a commit to jowg-amazon/security-analytics that referenced this pull request Oct 26, 2023
* add mapping for indices storing threat intel feed data

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix feed indices mapping

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

Signed-off-by: Surya Sashank Nistala <[email protected]>

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix compilation issues in tests

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test udpate detector disabling threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add tests for detector creation and updation with threat intel

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel test (opensearch-project#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactored out unecessary

Signed-off-by: Joanne Wang <[email protected]>

* added headers and cleaned up

Signed-off-by: Joanne Wang <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* working on testing

Signed-off-by: Joanne Wang <[email protected]>

* fixed the parser and build.gradle

Signed-off-by: Joanne Wang <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* create doc level query from threat intel feed data index docs"

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Threat intel feeds job runner and unit tests (opensearch-project#654)

* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <[email protected]>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)

Signed-off-by: Joanne Wang <[email protected]>

* with listener and processor

Signed-off-by: Joanne Wang <[email protected]>

* removed actions

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* added parser

Signed-off-by: Joanne Wang <[email protected]>

* add unit tests

Signed-off-by: Joanne Wang <[email protected]>

* refactored class names

Signed-off-by: Joanne Wang <[email protected]>

* before moving db

Signed-off-by: Joanne Wang <[email protected]>

* after moving db

Signed-off-by: Joanne Wang <[email protected]>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <[email protected]>

* unit tests

Signed-off-by: Joanne Wang <[email protected]>

* fix build error

Signed-off-by: Joanne Wang <[email protected]>

* changed transport naming

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler code with threat intel feed integration in detectors

Signed-off-by: Surya Sashank Nistala <[email protected]>

* converge job scheduler and detector threat intel code

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add feed metadata config files in src and test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* clean up some tests

Signed-off-by: Joanne Wang <[email protected]>

* fixed merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler interval settings

Signed-off-by: Joanne Wang <[email protected]>

* add tests for ioc to fields for each log type

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed wildcards

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>

* fix threat intel integ tests and add update detector logic

Signed-off-by: Surya Sashank Nistala <[email protected]>

* JS for Threat intel feeds - changed extension (opensearch-project#675)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* TIF Job Runner Cleanup (opensearch-project#676)

* merge conflicts

Signed-off-by: Joanne Wang <[email protected]>

* fixed java wildcards and changed update key name

Signed-off-by: Joanne Wang <[email protected]>

* integ test failing

Signed-off-by: Joanne Wang <[email protected]>

* fix job scheduler params

Signed-off-by: Joanne Wang <[email protected]>

* changed extension and has debug messages

Signed-off-by: Joanne Wang <[email protected]>

* clean up

Signed-off-by: Joanne Wang <[email protected]>

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

Signed-off-by: Joanne Wang <[email protected]>

* removed google commons unused import, updated interval setting, removed rest action

Signed-off-by: Joanne Wang <[email protected]>

* removed policy file and updated name for job scheduler

Signed-off-by: Joanne Wang <[email protected]>

* responded to comments about parameter validator and TIFMetadata

Signed-off-by: Joanne Wang <[email protected]>

* refactored ThreatIntelFeedDataService and changed variables to public static final where possible

Signed-off-by: Joanne Wang <[email protected]>

* changed opensearch-sap-threatintel to opensearch-sap-threat-intel

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>

* fix TIFJobParameter class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* test detector updation when feed updation job runs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* removed delete job scheduler code and cleaned up (opensearch-project#678)

Signed-off-by: Joanne Wang <[email protected]>

* working integ test (opensearch-project#680)

Signed-off-by: Joanne Wang <[email protected]>

* fix timeout of tif job creation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove unncessary thread forking in put tif job action

Signed-off-by: Surya Sashank Nistala <[email protected]>

* refactoring code to address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* detector trigger detection types
Signed-off-by: Surya Sashank Nistala <[email protected]>

* pull out threat intel rest tests into separate test class

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add detection types testing in detector trigger for rules and threat intel detection scenarios

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add license header

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add threat intel field aliases in mapping view response

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix threat intel feed parser

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix workflow failing test

Signed-off-by: Surya Sashank Nistala <[email protected]>

* spotless check failures fixed

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove dockerfile (opensearch-project#689)

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
AWSHurneyt pushed a commit that referenced this pull request Oct 26, 2023
* add mapping for indices storing threat intel feed data



* fix feed indices mapping



* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added



* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation



* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* converge job scheduler and detector threat intel code



* add feed metadata config files in src and test



* adds ioc fields list in log type config files and ioc fields object in LogType POJO



* fix compilation issues in tests



* test udpate detector disabling threat intel



* add tests for detector creation and updation with threat intel



* Threat intel test (#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* refactored out unecessary



* added headers and cleaned up



* converge job scheduler and detector threat intel code



* working on testing



* fixed the parser and build.gradle



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* converge job scheduler and detector threat intel code



* add feed metadata config files in src and test



* clean up some tests



* fixed merge conflicts



* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field



* fixed job scheduler interval settings



* add tests for ioc to fields for each log type



* removed wildcards



---------







* fix threat intel integ tests and add update detector logic



* JS for Threat intel feeds - changed extension (#675)

* merge conflicts



* fixed java wildcards and changed update key name



* integ test failing



* fix job scheduler params



* changed extension and has debug messages



* clean up



* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name



---------




* TIF Job Runner Cleanup (#676)

* merge conflicts



* fixed java wildcards and changed update key name



* integ test failing



* fix job scheduler params



* changed extension and has debug messages



* clean up



* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name



* removed google commons unused import, updated interval setting, removed rest action



* removed policy file and updated name for job scheduler



* responded to comments about parameter validator and TIFMetadata



* refactored ThreatIntelFeedDataService and changed variables to public static final where possible



* changed opensearch-sap-threatintel to opensearch-sap-threat-intel



---------





* fix TIFJobParameter class



* test detector updation when feed updation job runs



* removed delete job scheduler code and cleaned up (#678)



* working integ test (#680)



* fix timeout of tif job creation



* remove unncessary thread forking in put tif job action



* refactoring code to address review comments



* detector trigger detection types


* pull out threat intel rest tests into separate test class



* add detection types testing in detector trigger for rules and threat intel detection scenarios



* add license header



* add threat intel field aliases in mapping view response



* fix threat intel feed parser



* fix workflow failing test



* spotless check failures fixed



* remove dockerfile (#689)



---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit that referenced this pull request Oct 26, 2023
* add mapping for indices storing threat intel feed data



* fix feed indices mapping



* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added



* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation



* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* converge job scheduler and detector threat intel code



* add feed metadata config files in src and test



* adds ioc fields list in log type config files and ioc fields object in LogType POJO



* fix compilation issues in tests



* test udpate detector disabling threat intel



* add tests for detector creation and updation with threat intel



* Threat intel test (#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* refactored out unecessary



* added headers and cleaned up



* converge job scheduler and detector threat intel code



* working on testing



* fixed the parser and build.gradle



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* create doc level query from threat intel feed data index docs"



* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors



* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)



* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao



* add threatIntelEnabled field in detector.



* add threat intel feed service and searching feeds



* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation



* Preliminary framework for jobscheduler and datasource (#626)



* with listener and processor



* removed actions



* clean up



* added parser



* add unit tests



* refactored class names



* before moving db



* after moving db



* added actions to plugin and removed user schedule



* unit tests



* fix build error



* changed transport naming



---------





* converge job scheduler code with threat intel feed integration in detectors



* converge job scheduler and detector threat intel code



* add feed metadata config files in src and test



* clean up some tests



* fixed merge conflicts



* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field



* fixed job scheduler interval settings



* add tests for ioc to fields for each log type



* removed wildcards



---------







* fix threat intel integ tests and add update detector logic



* JS for Threat intel feeds - changed extension (#675)

* merge conflicts



* fixed java wildcards and changed update key name



* integ test failing



* fix job scheduler params



* changed extension and has debug messages



* clean up



* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name



---------




* TIF Job Runner Cleanup (#676)

* merge conflicts



* fixed java wildcards and changed update key name



* integ test failing



* fix job scheduler params



* changed extension and has debug messages



* clean up



* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name



* removed google commons unused import, updated interval setting, removed rest action



* removed policy file and updated name for job scheduler



* responded to comments about parameter validator and TIFMetadata



* refactored ThreatIntelFeedDataService and changed variables to public static final where possible



* changed opensearch-sap-threatintel to opensearch-sap-threat-intel



---------





* fix TIFJobParameter class



* test detector updation when feed updation job runs



* removed delete job scheduler code and cleaned up (#678)



* working integ test (#680)



* fix timeout of tif job creation



* remove unncessary thread forking in put tif job action



* refactoring code to address review comments



* detector trigger detection types


* pull out threat intel rest tests into separate test class



* add detection types testing in detector trigger for rules and threat intel detection scenarios



* add license header



* add threat intel field aliases in mapping view response



* fix threat intel feed parser



* fix workflow failing test



* spotless check failures fixed



* remove dockerfile (#689)



---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
eirsep added a commit to eirsep/security-analytics that referenced this pull request Nov 28, 2023
eirsep added a commit that referenced this pull request Nov 28, 2023
This reverts commit 282046d.

Signed-off-by: Surya Sashank Nistala <[email protected]>
riysaxen-amzn pushed a commit to riysaxen-amzn/security-analytics that referenced this pull request Mar 25, 2024
…earch-project#651)

* bucket level monitor findings

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add test to verify bucket level monitor findings

Signed-off-by: Surya Sashank Nistala <[email protected]>

* added tests. fixed document ids in bucket level monitor findings

Signed-off-by: Surya Sashank Nistala <[email protected]>

Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 5b451b988b7cad0b5a1076daa8908c2fd68db154)

Co-authored-by: Surya Sashank Nistala <[email protected]>
@AWSHurneyt AWSHurneyt added the backport 2.9 backports to 2.9 label Aug 7, 2024
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.9 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.9 2.9
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.9
# Create a new branch
git switch --create backport-651-to-2.9
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 58a3a83619010b2c4059eaa8731d1df6d4628640
# Push it to GitHub
git push --set-upstream origin backport-651-to-2.9
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.9

Then, create a pull request where the base branch is 2.9 and the compare/head branch is backport-651-to-2.9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants