Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Integrate threat intel feeds (opensearch-project#669)
* add mapping for indices storing threat intel feed data Signed-off-by: Surya Sashank Nistala <[email protected]> * fix feed indices mapping Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added Signed-off-by: Surya Sashank Nistala <[email protected]> * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO Signed-off-by: Surya Sashank Nistala <[email protected]> * fix compilation issues in tests Signed-off-by: Surya Sashank Nistala <[email protected]> * test udpate detector disabling threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * add tests for detector creation and updation with threat intel Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel test (opensearch-project#673) * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * refactored out unecessary Signed-off-by: Joanne Wang <[email protected]> * added headers and cleaned up Signed-off-by: Joanne Wang <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * working on testing Signed-off-by: Joanne Wang <[email protected]> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <[email protected]> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * Threat intel feeds job runner and unit tests (opensearch-project#654) * fix doc level query constructor (opensearch-project#651) Signed-off-by: Surya Sashank Nistala <[email protected]> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <[email protected]> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <[email protected]> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <[email protected]> * Preliminary framework for jobscheduler and datasource (opensearch-project#626) Signed-off-by: Joanne Wang <[email protected]> * with listener and processor Signed-off-by: Joanne Wang <[email protected]> * removed actions Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * added parser Signed-off-by: Joanne Wang <[email protected]> * add unit tests Signed-off-by: Joanne Wang <[email protected]> * refactored class names Signed-off-by: Joanne Wang <[email protected]> * before moving db Signed-off-by: Joanne Wang <[email protected]> * after moving db Signed-off-by: Joanne Wang <[email protected]> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <[email protected]> * unit tests Signed-off-by: Joanne Wang <[email protected]> * fix build error Signed-off-by: Joanne Wang <[email protected]> * changed transport naming Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <[email protected]> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <[email protected]> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <[email protected]> * clean up some tests Signed-off-by: Joanne Wang <[email protected]> * fixed merge conflicts Signed-off-by: Joanne Wang <[email protected]> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <[email protected]> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <[email protected]> * removed wildcards Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> * fix threat intel integ tests and add update detector logic Signed-off-by: Surya Sashank Nistala <[email protected]> * JS for Threat intel feeds - changed extension (opensearch-project#675) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * TIF Job Runner Cleanup (opensearch-project#676) * merge conflicts Signed-off-by: Joanne Wang <[email protected]> * fixed java wildcards and changed update key name Signed-off-by: Joanne Wang <[email protected]> * integ test failing Signed-off-by: Joanne Wang <[email protected]> * fix job scheduler params Signed-off-by: Joanne Wang <[email protected]> * changed extension and has debug messages Signed-off-by: Joanne Wang <[email protected]> * clean up Signed-off-by: Joanne Wang <[email protected]> * fixed job scheduler plugin spi jar resolution * cleaned up TODOs and changed job scheduler name Signed-off-by: Joanne Wang <[email protected]> * removed google commons unused import, updated interval setting, removed rest action Signed-off-by: Joanne Wang <[email protected]> * removed policy file and updated name for job scheduler Signed-off-by: Joanne Wang <[email protected]> * responded to comments about parameter validator and TIFMetadata Signed-off-by: Joanne Wang <[email protected]> * refactored ThreatIntelFeedDataService and changed variables to public static final where possible Signed-off-by: Joanne Wang <[email protected]> * changed opensearch-sap-threatintel to opensearch-sap-threat-intel Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]> * fix TIFJobParameter class Signed-off-by: Surya Sashank Nistala <[email protected]> * test detector updation when feed updation job runs Signed-off-by: Surya Sashank Nistala <[email protected]> * removed delete job scheduler code and cleaned up (opensearch-project#678) Signed-off-by: Joanne Wang <[email protected]> * working integ test (opensearch-project#680) Signed-off-by: Joanne Wang <[email protected]> * fix timeout of tif job creation Signed-off-by: Surya Sashank Nistala <[email protected]> * remove unncessary thread forking in put tif job action Signed-off-by: Surya Sashank Nistala <[email protected]> * refactoring code to address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * detector trigger detection types Signed-off-by: Surya Sashank Nistala <[email protected]> * pull out threat intel rest tests into separate test class Signed-off-by: Surya Sashank Nistala <[email protected]> * add detection types testing in detector trigger for rules and threat intel detection scenarios Signed-off-by: Surya Sashank Nistala <[email protected]> * add license header Signed-off-by: Surya Sashank Nistala <[email protected]> * add threat intel field aliases in mapping view response Signed-off-by: Surya Sashank Nistala <[email protected]> * fix threat intel feed parser Signed-off-by: Surya Sashank Nistala <[email protected]> * fix workflow failing test Signed-off-by: Surya Sashank Nistala <[email protected]> * spotless check failures fixed Signed-off-by: Surya Sashank Nistala <[email protected]> * remove dockerfile (opensearch-project#689) Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: Joanne Wang <[email protected]>
- Loading branch information