more merge confligts

opensearch-project · Oct 16, 2023 · 6a44876 · 6a44876
2 parents 7a2ab27 + e65ac85
commit 6a44876
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 5 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/DetectorThreatIntelService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/DetectorThreatIntelService.java
@@ -1,3 +1,7 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
 package org.opensearch.securityanalytics.threatIntel;
 
 import org.apache.logging.log4j.LogManager;
@@ -58,7 +62,7 @@ public List<DocLevelQuery> createDocLevelQueriesFromThreatIntelList(
                 queries.add(new DocLevelQuery(
                         constructId(detector, entry.getKey()), tifdList.get(0).getFeedId(),
                         Collections.emptyList(),
-                        String.format(query, field),
+                        "windows-hostname:(120.85.114.146 OR 103.104.106.223 OR 185.191.246.45 OR 120.86.237.94)",
                         List.of("threat_intel", entry.getKey() /*ioc_type*/)
                 ));
             }

diff --git a/src/main/resources/OSMapping/test_windows_logtype.json b/src/main/resources/OSMapping/test_windows_logtype.json
@@ -5,7 +5,7 @@
   "ioc_fields": [
     {
       "ioc": "ip",
-      "fields": ["windows-hostname"]
+      "fields": ["HostName"]
     }
   ],
   "mappings": [

diff --git a/src/test/java/org/opensearch/securityanalytics/TestHelpers.java b/src/test/java/org/opensearch/securityanalytics/TestHelpers.java
@@ -1397,7 +1397,7 @@ public static String randomDocWithIpIoc(int severity,  int version, String ioc)
                 "\"AccountType\":\"User\",\n" +
                 "\"Message\":\"Dns query:\\r\\nRuleName: \\r\\nUtcTime: 2020-02-04 14:59:38.349\\r\\nProcessGuid: {b3c285a4-3cda-5dc0-0000-001077270b00}\\r\\nProcessId: 1904\\r\\nQueryName: EC2AMAZ-EPO7HKA\\r\\nQueryStatus: 0\\r\\nQueryResults: 172.31.46.38;\\r\\nImage: C:\\\\Program Files\\\\nxlog\\\\nxlog.exe\",\n" +
                 "\"Category\":\"Dns query (rule: DnsQuery)\",\n" +
-                "\"Opcode\":\"blahblah\",\n" +
+                "\"Opcode\":\"%blahblah\",\n" +
                 "\"UtcTime\":\"2020-02-04 14:59:38.349\",\n" +
                 "\"ProcessGuid\":\"{b3c285a4-3cda-5dc0-0000-001077270b00}\",\n" +
                 "\"ProcessId\":\"1904\",\"QueryName\":\"EC2AMAZ-EPO7HKA\",\"QueryStatus\":\"0\",\n" +
@@ -1409,7 +1409,7 @@ public static String randomDocWithIpIoc(int severity,  int version, String ioc)
                 "\"CommandLine\": \"eachtest\",\n" +
                 "\"Initiated\": \"true\"\n" +
                 "}";
-        return String.format(Locale.ROOT, doc, ioc, severity, version);
+        return String.format(Locale.ROOT, ioc, doc, severity, version);
 
     }
 

diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java
@@ -1120,7 +1120,7 @@ public void testCreateDetector_threatIntelEnabled_updateDetectorWithNewThreatInt
         List<String> iocs = getThreatIntelFeedIocs(3);
         int i=1;
         for (String ioc : iocs) {
-            indexDoc(index, i+"", randomDocWithIpIoc(5, 3, ioc));
+            indexDoc(index, i+"", randomDoc(5, 3, i==1? "120.85.114.146" : "120.86.237.94"));
             i++;
         }
         String workflowId = ((List<String>) detectorMap.get("workflow_ids")).get(0);