Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Threat Intel Feed Job Scheduler with unit and integ test #664

Merged
merged 46 commits into from
Oct 17, 2023
Merged

Threat Intel Feed Job Scheduler with unit and integ test #664

merged 46 commits into from
Oct 17, 2023

Conversation

jowg-amazon
Copy link
Collaborator

Description

[Describe what this change achieves]

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

eirsep and others added 30 commits October 7, 2023 13:43
@eirsep
add mapping for indices storing threat intel feed data
00da38d
@eirsep
fix feed indices mapping
49a2981
@eirsep
add threat intel feed data dao
9487746 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
add threatIntelEnabled field in detector.
5378532 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
add threat intel feed service and searching feeds
805ca58 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
ti feed data to doc level query convertor logic added
add8987
@eirsep
plug threat intel feed into detector creation
540837b 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon @eirsep
Preliminary framework for jobscheduler and datasource (opensearch-pro…
1980f26 
…ject#626)


Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep
create doc level query from threat intel feed data index docs"
8415d9f 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
handle threat intel enabled check during detector updation
adbfdd5
@eirsep
add tests for testing threat intel feed integration with detectors
cfd1bf0 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon @eirsep
Threat intel feeds job runner and unit tests (opensearch-project#654)
55d332d 
* fix doc level query constructor (opensearch-project#651)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add threatIntelEnabled field in detector.

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add threat intel feed service and searching feeds

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* Preliminary framework for jobscheduler and datasource (opensearch-project#626)


Signed-off-by: Joanne Wang <jowg@amazon.com>

* with listener and processor

Signed-off-by: Joanne Wang <jowg@amazon.com>

* removed actions

Signed-off-by: Joanne Wang <jowg@amazon.com>

* clean up

Signed-off-by: Joanne Wang <jowg@amazon.com>

* added parser

Signed-off-by: Joanne Wang <jowg@amazon.com>

* add unit tests

Signed-off-by: Joanne Wang <jowg@amazon.com>

* refactored class names

Signed-off-by: Joanne Wang <jowg@amazon.com>

* before moving db

Signed-off-by: Joanne Wang <jowg@amazon.com>

* after moving db

Signed-off-by: Joanne Wang <jowg@amazon.com>

* added actions to plugin and removed user schedule

Signed-off-by: Joanne Wang <jowg@amazon.com>

* unit tests

Signed-off-by: Joanne Wang <jowg@amazon.com>

* fix build error

Signed-off-by: Joanne Wang <jowg@amazon.com>

* changed transport naming

Signed-off-by: Joanne Wang <jowg@amazon.com>

---------

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Signed-off-by: Joanne Wang <jowg@amazon.com>
Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
converge job scheduler code with threat intel feed integration in det…
13b513b 
…ectors

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon
refactored out unecessary
61a60b4 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
added headers and cleaned up
1cd9875 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep
converge job scheduler and detector threat intel code
d0e2511 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon
working on testing
768cc2c 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
merge from branch
e01a70b 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
fixed the parser and build.gradle
b8aa66d 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep
add mapping for indices storing threat intel feed data
63325ef
@eirsep
fix feed indices mapping
99cb74e
@eirsep
add threat intel feed data dao
5aa9720 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
add threatIntelEnabled field in detector.
41ae481 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
add threat intel feed service and searching feeds
a5306f4 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
ti feed data to doc level query convertor logic added
c7d595b
@eirsep
plug threat intel feed into detector creation
d84fa71 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon @eirsep
Preliminary framework for jobscheduler and datasource (opensearch-pro…
0887d91 
…ject#626)


Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep
create doc level query from threat intel feed data index docs"
6dabe61 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
handle threat intel enabled check during detector updation
528b978
@eirsep
add tests for testing threat intel feed integration with detectors
375b231 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
eirsep and others added 9 commits October 12, 2023 12:49
@eirsep
converge job scheduler and detector threat intel code
c186b21 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
add feed metadata config files in src and test
9c73abf 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@jowg-amazon
clean up some tests
0a3a01c 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
merge
bc86671 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
fixed merge conflicts
6a687c0 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep
adds ioc fields list in log type config files and ioc fields object i…
6b0dfbf 
…n LogType POJO
@jowg-amazon
update csv parser and new metadata field
3afc5b6 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
Merge branch 'feature/threat_intel_feeds' of https://github.com/opens…
baaccfb 
…earch-project/security-analytics into threatIntelTest
@jowg-amazon
fixed job scheduler interval settings
0221dc0 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon jowg-amazon marked this pull request as draft October 13, 2023 02:50
@eirsep
add tests for ioc to fields for each log type
590af7e 
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
Copy link
Member

eirsep commented Oct 16, 2023

Plz make sure this index .opendistro-job-scheduler-lock is not open.

@eirsep eirsep marked this pull request as ready for review October 16, 2023 18:15
@jowg-amazon
Merge branch 'feature/threat_intel_feeds' into threatIntelTest
e65ac85 
Signed-off-by: Joanne Wang <109310487+jowg-amazon@users.noreply.github.com>
@eirsep eirsep force-pushed the feature/threat_intel_feeds branch 2 times, most recently from 89984cb to 98bbd42 Compare October 16, 2023 22:23
@eirsep
Copy link
Member

eirsep commented Oct 16, 2023

plz remove wildcard import statements

@jowg-amazon
merge conflicts
7a2ab27 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@jowg-amazon
more merge confligts
6a44876
@jowg-amazon
removed wildcards
4ce27b2 
Signed-off-by: Joanne Wang <jowg@amazon.com>
@eirsep eirsep merged commit 8d27781 into opensearch-project:feature/threat_intel_feeds Oct 17, 2023
1 of 3 checks passed
@jowg-amazon jowg-amazon deleted the threatIntelTest branch October 20, 2023 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eirsep eirsep eirsep left review comments

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jowg-amazon @eirsep