Working integ test for threat intel feeds #679
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
…ject#626) Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
* fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
…ectors Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
…n LogType POJO Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
* merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
* merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> * removed google commons unused import, updated interval setting, removed rest action Signed-off-by: Joanne Wang <[email protected]> * removed policy file and updated name for job scheduler Signed-off-by: Joanne Wang <[email protected]> * responded to comments about parameter validator and TIFMetadata Signed-off-by: Joanne Wang <[email protected]> * refactored ThreatIntelFeedDataService and changed variables to public static final where possible Signed-off-by: Joanne Wang <[email protected]> * changed opensearch-sap-threatintel to opensearch-sap-threat-intel Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
) Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
jowg-amazon
requested review from
amsiglan,
AWSHurneyt and
getsaurabh02
as code owners
jowg-amazon
requested review from
lezzago,
praveensameneni,
sbcd90 and
eirsep
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
[Describe what this change achieves]
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.