From ad6a7c17ceca6f1d574c2a5fe7e0056df62b3f3f Mon Sep 17 00:00:00 2001 From: Surya Sashank Nistala Date: Mon, 9 Oct 2023 12:36:35 -0700 Subject: [PATCH 1/3] Copied changes from PR651. Signed-off-by: AWSHurneyt --- .../securityanalytics/findings/FindingsService.java | 2 +- .../transport/TransportIndexDetectorAction.java | 7 +++++-- .../securityanalytics/findings/FindingDtoTests.java | 5 +++-- .../securityanalytics/findings/FindingServiceTests.java | 4 ++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java index 5047c0268..39b84087a 100644 --- a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java +++ b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java @@ -209,7 +209,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor for (Map.Entry entry : detector.getRuleIdMonitorIdMap().entrySet()) { if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) { - docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList())); + docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList())); } } } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java index 663ead35d..241bc73e8 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java @@ -290,7 +290,10 @@ public void onFailure(Exception e) { } } }, - listener::onFailure + e1 -> { + log.error("Failed to index doc level monitor in detector creation", e1); + listener.onFailure(e1); + } ); }, listener::onFailure); } else { @@ -560,7 +563,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List tags.add(rule.getCategory()); tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList())); - DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, tags); + DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags); docLevelQueries.add(docLevelQuery); } DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries); diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java index 7877410be..ffcb75644 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java @@ -5,6 +5,7 @@ package org.opensearch.securityanalytics.findings; import java.time.Instant; +import java.util.Collections; import java.util.List; import org.opensearch.commons.alerting.model.DocLevelQuery; import org.opensearch.commons.alerting.model.FindingDocument; @@ -27,7 +28,7 @@ public void testFindingDTO_creation() { "findingId", List.of("doc1", "doc2", "doc3"), "my_index", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), now, List.of(findingDocument1, findingDocument2, findingDocument3) ); @@ -36,7 +37,7 @@ public void testFindingDTO_creation() { assertEquals("findingId", findingDto.getId()); assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds()); assertEquals("my_index", findingDto.getIndex()); - assertEquals(List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); + assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); assertEquals(now, findingDto.getTimestamp()); assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments()); } diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java index 13231e732..c121233e2 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java @@ -83,7 +83,7 @@ public void testGetFindings_success() { "monitor_id1", "monitor_name1", "test_index1", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" ); @@ -99,7 +99,7 @@ public void testGetFindings_success() { "monitor_id2", "monitor_name2", "test_index2", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" ); From 476c72b99a43dbe3c10ba7dbb683d543f48bc7bf Mon Sep 17 00:00:00 2001 From: AWSHurneyt Date: Tue, 13 Aug 2024 16:28:42 -0700 Subject: [PATCH 2/3] Fixed constructors. Signed-off-by: AWSHurneyt --- .../opensearch/securityanalytics/findings/FindingsService.java | 2 +- .../transport/TransportIndexDetectorAction.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java index 39b84087a..d43ebfcc6 100644 --- a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java +++ b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java @@ -209,7 +209,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor for (Map.Entry entry : detector.getRuleIdMonitorIdMap().entrySet()) { if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) { - docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList())); + docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", "", Collections.emptyList(), Collections.emptyList())); } } } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java index 241bc73e8..80d1d506c 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java @@ -563,7 +563,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List tags.add(rule.getCategory()); tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList())); - DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags); + DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, Collections.emptyList(), tags); docLevelQueries.add(docLevelQuery); } DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries); From 4b344157b9b4055aaaac8b050e35dc7ce91cbaec Mon Sep 17 00:00:00 2001 From: AWSHurneyt Date: Tue, 13 Aug 2024 16:39:39 -0700 Subject: [PATCH 3/3] Fixed constructors. Signed-off-by: AWSHurneyt --- .../securityanalytics/findings/FindingDtoTests.java | 4 ++-- .../securityanalytics/findings/FindingServiceTests.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java index ffcb75644..1c78104b7 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java @@ -28,7 +28,7 @@ public void testFindingDTO_creation() { "findingId", List.of("doc1", "doc2", "doc3"), "my_index", - List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", "fieldA:valABC", Collections.emptyList(), List.of())), now, List.of(findingDocument1, findingDocument2, findingDocument3) ); @@ -37,7 +37,7 @@ public void testFindingDTO_creation() { assertEquals("findingId", findingDto.getId()); assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds()); assertEquals("my_index", findingDto.getIndex()); - assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); + assertEquals(List.of(new DocLevelQuery("1", "myQuery", "fieldA:valABC", Collections.emptyList(), List.of())), findingDto.getDocLevelQueries()); assertEquals(now, findingDto.getTimestamp()); assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments()); } diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java index c121233e2..0f92fe038 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java @@ -83,7 +83,7 @@ public void testGetFindings_success() { "monitor_id1", "monitor_name1", "test_index1", - List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", "fieldA:valABC", Collections.emptyList(), List.of())), Instant.now(), "1234" ); @@ -99,7 +99,7 @@ public void testGetFindings_success() { "monitor_id2", "monitor_name2", "test_index2", - List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", "fieldA:valABC", Collections.emptyList(), List.of())), Instant.now(), "1234" );