diff --git a/security-analytics-commons-1.0.0.jar b/security-analytics-commons-1.0.0.jar index 9c5da5206..de4bc73c5 100644 Binary files a/security-analytics-commons-1.0.0.jar and b/security-analytics-commons-1.0.0.jar differ diff --git a/src/main/java/org/opensearch/securityanalytics/model/DetailedSTIX2IOCDto.java b/src/main/java/org/opensearch/securityanalytics/model/DetailedSTIX2IOCDto.java index b25558797..cdcca8368 100644 --- a/src/main/java/org/opensearch/securityanalytics/model/DetailedSTIX2IOCDto.java +++ b/src/main/java/org/opensearch/securityanalytics/model/DetailedSTIX2IOCDto.java @@ -176,7 +176,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws return builder.startObject() .field(STIX2IOC.ID_FIELD, ioc.getId()) .field(STIX2IOC.NAME_FIELD, ioc.getName()) - .field(STIX2IOC.TYPE_FIELD, ioc.getType().getType()) + .field(STIX2IOC.TYPE_FIELD, ioc.getType().toString()) .field(STIX2IOC.VALUE_FIELD, ioc.getValue()) .field(STIX2IOC.SEVERITY_FIELD, ioc.getSeverity()) .timeField(STIX2IOC.CREATED_FIELD, ioc.getCreated()) diff --git a/src/main/java/org/opensearch/securityanalytics/model/STIX2IOC.java b/src/main/java/org/opensearch/securityanalytics/model/STIX2IOC.java index d531c56be..7769203b2 100644 --- a/src/main/java/org/opensearch/securityanalytics/model/STIX2IOC.java +++ b/src/main/java/org/opensearch/securityanalytics/model/STIX2IOC.java @@ -142,7 +142,7 @@ public static STIX2IOC readFrom(StreamInput sin) throws IOException { public void writeTo(StreamOutput out) throws IOException { out.writeString(super.getId()); out.writeString(super.getName()); - out.writeString(super.getType().getType()); + out.writeString(super.getType().toString()); out.writeString(super.getValue()); out.writeString(super.getSeverity()); out.writeInstant(super.getCreated()); @@ -160,7 +160,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws builder.startObject() .field(ID_FIELD, super.getId()) .field(NAME_FIELD, super.getName()) - .field(TYPE_FIELD, super.getType().getType()) + .field(TYPE_FIELD, super.getType().toString()) .field(VALUE_FIELD, super.getValue()) .field(SEVERITY_FIELD, super.getSeverity()); XContentUtils.buildInstantAsField(builder, super.getCreated(), CREATED_FIELD); @@ -292,8 +292,8 @@ public static STIX2IOC parse(XContentParser xcp, String id, Long version) throws public void validate() throws IllegalArgumentException { if (super.getType() == null) { throw new IllegalArgumentException(String.format("[%s] is required.", TYPE_FIELD)); - } else if (!IOCType.supportedType(super.getType().getType())) { - logger.debug("Unsupported IOCType: {}", super.getType().getType()); + } else if (!IOCType.supportedType(super.getType().toString())) { + logger.debug("Unsupported IOCType: {}", super.getType().toString()); throw new IllegalArgumentException(String.format("[%s] is not supported.", TYPE_FIELD)); } diff --git a/src/main/java/org/opensearch/securityanalytics/model/STIX2IOCDto.java b/src/main/java/org/opensearch/securityanalytics/model/STIX2IOCDto.java index 5ef5ac76c..2145c55cb 100644 --- a/src/main/java/org/opensearch/securityanalytics/model/STIX2IOCDto.java +++ b/src/main/java/org/opensearch/securityanalytics/model/STIX2IOCDto.java @@ -102,7 +102,7 @@ public static STIX2IOCDto readFrom(StreamInput sin) throws IOException { public void writeTo(StreamOutput out) throws IOException { out.writeString(id); out.writeString(name); - out.writeString(type.getType()); + out.writeString(type.toString()); out.writeString(value); out.writeString(severity); out.writeInstant(created); @@ -120,7 +120,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws return builder.startObject() .field(STIX2IOC.ID_FIELD, id) .field(STIX2IOC.NAME_FIELD, name) - .field(STIX2IOC.TYPE_FIELD, type.getType()) + .field(STIX2IOC.TYPE_FIELD, type.toString()) .field(STIX2IOC.VALUE_FIELD, value) .field(STIX2IOC.SEVERITY_FIELD, severity) .timeField(STIX2IOC.CREATED_FIELD, created) diff --git a/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCConsumer.java b/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCConsumer.java index 9109f7f04..9808b4387 100644 --- a/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCConsumer.java +++ b/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCConsumer.java @@ -43,9 +43,9 @@ public void accept(final STIX2 ioc) { ); // If the IOC received is not a type listed for the config, do not add it to the queue - if (!feedStore.getSaTifSourceConfig().getIocTypes().contains(stix2IOC.getType().getType())) { + if (!feedStore.getSaTifSourceConfig().getIocTypes().contains(stix2IOC.getType().toString())) { log.error("{} is not a supported Ioc type for tif source config {}. Skipping IOC {}: of type {} value {}", - stix2IOC.getType().getType(), feedStore.getSaTifSourceConfig().getId(), + stix2IOC.getType().toString(), feedStore.getSaTifSourceConfig().getId(), stix2IOC.getId(), stix2IOC.getType(), stix2IOC.getValue() ); return; diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java index ff47ef638..7578699e0 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java @@ -164,7 +164,7 @@ private void createIocFindings(List iocs, for (STIX2IOC ioc : iocs) { String iocValue = ioc.getValue(); if (false == iocValueToType.containsKey(iocValue)) - iocValueToType.put(iocValue, ioc.getType().getType()); + iocValueToType.put(iocValue, ioc.getType().toString()); iocValueToFeedIds .computeIfAbsent(iocValue, k -> new HashSet<>()) .add(new IocWithFeeds(ioc.getId(), ioc.getFeedId(), ioc.getFeedName(), "")); //todo figure how to store index diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/DefaultIocStoreConfig.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/DefaultIocStoreConfig.java index e3b2422e8..a63bc99d3 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/model/DefaultIocStoreConfig.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/model/DefaultIocStoreConfig.java @@ -109,7 +109,7 @@ public IocToIndexDetails(StreamInput sin) throws IOException { } @Override public void writeTo(StreamOutput out) throws IOException { - out.writeString(iocType.getType()); + out.writeString(iocType.toString()); out.writeString(indexPattern); out.writeString(activeIndex); } @@ -117,7 +117,7 @@ public void writeTo(StreamOutput out) throws IOException { @Override public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { return builder.startObject() - .field(IOC_TYPE_FIELD, iocType.getType()) + .field(IOC_TYPE_FIELD, iocType.toString()) .field(INDEX_PATTERN_FIELD, indexPattern) .field(ACTIVE_INDEX_FIELD, activeIndex) .endObject(); diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java index 80eec8895..65514f459 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java @@ -201,12 +201,12 @@ public void downloadAndSaveIOCs(SATIFSourceConfig saTifSourceConfig, List validStix2IocList = new ArrayList<>(); // If the IOC received is not a type listed for the config, do not add it to the queue for (STIX2IOC stix2IOC : stix2IOCList) { - if (saTifSourceConfig.getIocTypes().contains(stix2IOC.getType().getType())) { + if (saTifSourceConfig.getIocTypes().contains(stix2IOC.getType().toString())) { validStix2IocList.add(stix2IOC); } else { log.error("{} is not a supported Ioc type for tif source config {}. Skipping IOC {}: of type {} value {}", - stix2IOC.getType().getType(), saTifSourceConfig.getId(), - stix2IOC.getId(), stix2IOC.getType().getType(), stix2IOC.getValue() + stix2IOC.getType().toString(), saTifSourceConfig.getId(), + stix2IOC.getId(), stix2IOC.getType().toString(), stix2IOC.getValue() ); } } @@ -355,7 +355,7 @@ private void storeAndDeleteIocIndices(List stix2IOCList, ActionListene Set concreteIndices = SATIFSourceConfigService.getConcreteIndices(clusterStateResponse); // remove ioc types not specified in list - defaultIocStoreConfig.getIocToIndexDetails().removeIf(iocToIndexDetails -> !IOCType.supportedType(iocToIndexDetails.getIocType().getType())); + defaultIocStoreConfig.getIocToIndexDetails().removeIf(iocToIndexDetails -> !IOCType.supportedType(iocToIndexDetails.getIocType().toString())); // get the active indices defaultIocStoreConfig.getIocToIndexDetails().forEach(e -> activeIndices.add(e.getActiveIndex())); @@ -468,7 +468,7 @@ private void downloadAndSaveIocsToRefresh(ActionListener l if (newIocStoreConfig instanceof DefaultIocStoreConfig) { DefaultIocStoreConfig defaultIocStoreConfig = (DefaultIocStoreConfig) newIocStoreConfig; // remove ioc types not specified in list - defaultIocStoreConfig.getIocToIndexDetails().removeIf(iocToIndexDetails -> !IOCType.supportedType(iocToIndexDetails.getIocType().getType())); + defaultIocStoreConfig.getIocToIndexDetails().removeIf(iocToIndexDetails -> !IOCType.supportedType(iocToIndexDetails.getIocType().toString())); updatedSourceConfig.setIocStoreConfig(defaultIocStoreConfig); } // Update source config as succeeded, change state back to available diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java index 47d5a1074..14aa45bb1 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java @@ -551,7 +551,7 @@ public void getIocTypeToIndices(ActionListener>> listen for (DefaultIocStoreConfig.IocToIndexDetails iocToindexDetails : iocStoreConfig.getIocToIndexDetails()) { String activeIndex = iocToindexDetails.getActiveIndex(); IOCType iocType = iocToindexDetails.getIocType(); - List strings = cumulativeIocTypeToIndices.computeIfAbsent(iocType.getType(), k -> new ArrayList<>()); + List strings = cumulativeIocTypeToIndices.computeIfAbsent(iocType.toString(), k -> new ArrayList<>()); strings.add(activeIndex); } } diff --git a/src/test/java/org/opensearch/securityanalytics/model/SATIFSourceConfigTests.java b/src/test/java/org/opensearch/securityanalytics/model/SATIFSourceConfigTests.java index 924722670..2687907d1 100644 --- a/src/test/java/org/opensearch/securityanalytics/model/SATIFSourceConfigTests.java +++ b/src/test/java/org/opensearch/securityanalytics/model/SATIFSourceConfigTests.java @@ -75,7 +75,7 @@ private void assertEqualsSaTifSourceConfigs(SATIFSourceConfig saTifSourceConfig, assertEquals(saTifSourceConfig.isEnabled(), newSaTifSourceConfig.isEnabled()); DefaultIocStoreConfig iocStoreConfig = (DefaultIocStoreConfig) saTifSourceConfig.getIocStoreConfig(); DefaultIocStoreConfig newIocStoreConfig = (DefaultIocStoreConfig) newSaTifSourceConfig.getIocStoreConfig(); - assertEquals(iocStoreConfig.getIocToIndexDetails().get(0).getIocType().getType(), newIocStoreConfig.getIocToIndexDetails().get(0).getIocType().getType()); + assertEquals(iocStoreConfig.getIocToIndexDetails().get(0).getIocType().toString(), newIocStoreConfig.getIocToIndexDetails().get(0).getIocType().toString()); assertEquals(iocStoreConfig.getIocToIndexDetails().get(0).getIndexPattern(), newIocStoreConfig.getIocToIndexDetails().get(0).getIndexPattern()); assertEquals(iocStoreConfig.getIocToIndexDetails().get(0).getActiveIndex(), newIocStoreConfig.getIocToIndexDetails().get(0).getActiveIndex()); assertEquals(saTifSourceConfig.getIocTypes(), newSaTifSourceConfig.getIocTypes()); diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java index 629362117..2725d71ee 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java @@ -379,7 +379,7 @@ public void testRetrieveIOCsSuccessfully() throws IOException, InterruptedExcept if (!canRunTests) return; // Execute test for each IOCType - for (String type : IOCType.types()) { + for (String type : IOCType.types) { // Generate test IOCs, and upload them to S3 int numOfIOCs = 5; stix2IOCGenerator = new STIX2IOCGenerator(List.of(new IOCType(type))); @@ -457,7 +457,7 @@ public void testRetrieveIOCsSuccessfully() throws IOException, InterruptedExcept // Confirm expected IOCs have been ingested for (int i = 0; i < numOfIOCs; i++) { assertEquals(stix2IOCGenerator.getIocs().get(i).getName(), iocs.get(i).get(STIX2IOC.NAME_FIELD)); - assertEquals(stix2IOCGenerator.getIocs().get(i).getType().getType(), IOCType.fromString((String) iocs.get(i).get(STIX2IOC.TYPE_FIELD))); + assertEquals(stix2IOCGenerator.getIocs().get(i).getType().toString(), IOCType.fromString((String) iocs.get(i).get(STIX2IOC.TYPE_FIELD))); assertEquals(stix2IOCGenerator.getIocs().get(i).getValue(), iocs.get(i).get(STIX2IOC.VALUE_FIELD)); assertEquals(stix2IOCGenerator.getIocs().get(i).getSeverity(), iocs.get(i).get(STIX2IOC.SEVERITY_FIELD)); @@ -482,7 +482,7 @@ public void testRetrieveMultipleIOCTypesSuccessfully() throws IOException, Inter stix2IOCGenerator = new STIX2IOCGenerator(); s3ObjectGenerator.write(numOfIOCs, objectKey, stix2IOCGenerator); List allIocs = stix2IOCGenerator.getIocs(); - assertEquals("Incorrect total number of test IOCs generated.", IOCType.types().size() * numOfIOCs, allIocs.size()); + assertEquals("Incorrect total number of test IOCs generated.", IOCType.types.size() * numOfIOCs, allIocs.size()); // Create test feed String feedName = "download_test_feed_name"; @@ -508,7 +508,7 @@ public void testRetrieveMultipleIOCTypesSuccessfully() throws IOException, Inter Instant.now(), null, true, - IOCType.types(), + IOCType.types, true ); @@ -556,7 +556,7 @@ public void testRetrieveMultipleIOCTypesSuccessfully() throws IOException, Inter // Confirm expected IOCs have been ingested for (int i = 0; i < allIocs.size(); i++) { assertEquals(stix2IOCGenerator.getIocs().get(i).getName(), iocHits.get(i).get(STIX2IOC.NAME_FIELD)); - assertEquals(stix2IOCGenerator.getIocs().get(i).getType(), IOCType.fromString((String) iocHits.get(i).get(STIX2IOC.TYPE_FIELD))); + assertEquals(stix2IOCGenerator.getIocs().get(i).getType().toString(), IOCType.fromString((String) iocHits.get(i).get(STIX2IOC.TYPE_FIELD))); assertEquals(stix2IOCGenerator.getIocs().get(i).getValue(), iocHits.get(i).get(STIX2IOC.VALUE_FIELD)); assertEquals(stix2IOCGenerator.getIocs().get(i).getSeverity(), iocHits.get(i).get(STIX2IOC.SEVERITY_FIELD)); @@ -582,7 +582,7 @@ public void testWithValidAndInvalidIOCTypes() throws IOException { assertEquals("Incorrect number of test IOCs generated.", numOfIOCs, stix2IOCGenerator.getIocs().size()); List types = new ArrayList<>(invalidTypes); - types.addAll(IOCType.types()); + types.addAll(IOCType.types); // Execute the test for each invalid type for (String type : invalidTypes) { @@ -689,7 +689,7 @@ public void testWithNoIOCsToDownload() { assertTrue("Failed to create empty bucket object for type.", putObjectResponse.sdkHttpResponse().isSuccessful()); // Execute the test case for each IOC type - for (String type : IOCType.types()) { + for (String type : IOCType.types) { // Create test feed String feedName = "download_test_feed_name"; String feedFormat = "STIX2"; @@ -743,7 +743,7 @@ public void testWhenBucketObjectDoesNotExist() { ); // Execute the test case for each IOC type - for (String type : IOCType.types()) { + for (String type : IOCType.types) { // Create test feed String feedName = "download_test_feed_name"; String feedFormat = "STIX2"; diff --git a/src/test/java/org/opensearch/securityanalytics/util/STIX2IOCGenerator.java b/src/test/java/org/opensearch/securityanalytics/util/STIX2IOCGenerator.java index 2f8f731c5..59302beac 100644 --- a/src/test/java/org/opensearch/securityanalytics/util/STIX2IOCGenerator.java +++ b/src/test/java/org/opensearch/securityanalytics/util/STIX2IOCGenerator.java @@ -36,7 +36,7 @@ public class STIX2IOCGenerator implements PojoGenerator { private List iocs; - private List types = IOCType.types().stream().map(IOCType::new).collect(Collectors.toList()); + private List types = IOCType.types.stream().map(IOCType::new).collect(Collectors.toList()); private final ObjectMapper objectMapper; @@ -137,7 +137,7 @@ public static STIX2IOC randomIOC( name = randomLowerCaseString(); } if (type == null) { - type = new IOCType(IOCType.types().get(randomInt(IOCType.types().size() - 1))); + type = new IOCType(IOCType.types.get(randomInt(IOCType.types.size() - 1))); } if (value == null) { value = randomLowerCaseString(); @@ -251,7 +251,7 @@ public static void assertIOCEqualsDTO(STIX2IOC ioc, STIX2IOCDto iocDto) { public static void assertEqualIOCs(STIX2IOC ioc, STIX2IOC newIoc) { assertNotNull(newIoc.getId()); assertEquals(ioc.getName(), newIoc.getName()); - assertEquals(ioc.getType().getType(), newIoc.getType().getType()); + assertEquals(ioc.getType().toString(), newIoc.getType().toString()); assertEquals(ioc.getValue(), newIoc.getValue()); assertEquals(ioc.getSeverity(), newIoc.getSeverity()); // assertEquals(ioc.getCreated(), newIoc.getCreated()); @@ -266,7 +266,7 @@ public static void assertEqualIOCs(STIX2IOC ioc, STIX2IOC newIoc) { public static void assertEqualIocDtos(STIX2IOCDto ioc, STIX2IOCDto newIoc) { assertNotNull(newIoc.getId()); assertEquals(ioc.getName(), newIoc.getName()); - assertEquals(ioc.getType().getType(), newIoc.getType().getType()); + assertEquals(ioc.getType().toString(), newIoc.getType().toString()); assertEquals(ioc.getValue(), newIoc.getValue()); assertEquals(ioc.getSeverity(), newIoc.getSeverity()); // assertEquals(ioc.getCreated(), newIoc.getCreated());