-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Petar Dzepina <[email protected]>
- Loading branch information
Showing
9 changed files
with
327 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
src/main/java/org/opensearch/securityanalytics/action/GetAllRuleCategoriesAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.action; | ||
|
||
import org.opensearch.action.ActionType; | ||
|
||
public class GetAllRuleCategoriesAction extends ActionType<GetAllRuleCategoriesResponse> { | ||
|
||
public static final GetAllRuleCategoriesAction INSTANCE = new GetAllRuleCategoriesAction(); | ||
public static final String NAME = "cluster:admin/opensearch/securityanalytics/rules/categories"; | ||
|
||
public GetAllRuleCategoriesAction() { | ||
super(NAME, GetAllRuleCategoriesResponse::new); | ||
} | ||
} |
32 changes: 32 additions & 0 deletions
32
src/main/java/org/opensearch/securityanalytics/action/GetAllRuleCategoriesRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.action; | ||
|
||
import java.io.IOException; | ||
import org.opensearch.action.ActionRequest; | ||
import org.opensearch.action.ActionRequestValidationException; | ||
import org.opensearch.common.io.stream.StreamInput; | ||
import org.opensearch.common.io.stream.StreamOutput; | ||
|
||
public class GetAllRuleCategoriesRequest extends ActionRequest { | ||
|
||
public GetAllRuleCategoriesRequest() { | ||
super(); | ||
} | ||
public GetAllRuleCategoriesRequest(StreamInput sin) throws IOException { | ||
this(); | ||
} | ||
|
||
@Override | ||
public ActionRequestValidationException validate() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
|
||
} | ||
|
||
} |
46 changes: 46 additions & 0 deletions
46
src/main/java/org/opensearch/securityanalytics/action/GetAllRuleCategoriesResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.action; | ||
|
||
import java.io.IOException; | ||
import java.util.List; | ||
import org.opensearch.action.ActionResponse; | ||
import org.opensearch.common.io.stream.StreamInput; | ||
import org.opensearch.common.io.stream.StreamOutput; | ||
import org.opensearch.common.xcontent.ToXContentObject; | ||
import org.opensearch.common.xcontent.XContentBuilder; | ||
import org.opensearch.securityanalytics.model.RuleCategory; | ||
|
||
public class GetAllRuleCategoriesResponse extends ActionResponse implements ToXContentObject { | ||
|
||
private static final String RULE_CATEGORIES = "rule_categories"; | ||
|
||
private List<RuleCategory> ruleCategories; | ||
|
||
public GetAllRuleCategoriesResponse(List<RuleCategory> ruleCategories) { | ||
super(); | ||
this.ruleCategories = ruleCategories; | ||
} | ||
|
||
public GetAllRuleCategoriesResponse(StreamInput sin) throws IOException { | ||
this(sin.readList(RuleCategory::new)); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeList(ruleCategories); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { | ||
builder.startObject(); | ||
builder.startArray(RULE_CATEGORIES); | ||
for (RuleCategory c : ruleCategories) { | ||
c.toXContent(builder, null); | ||
} | ||
builder.endArray(); | ||
return builder.endObject(); | ||
} | ||
} |
94 changes: 94 additions & 0 deletions
94
src/main/java/org/opensearch/securityanalytics/model/RuleCategory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package org.opensearch.securityanalytics.model; | ||
|
||
import java.io.IOException; | ||
import java.io.InputStream; | ||
import java.nio.charset.StandardCharsets; | ||
import java.util.ArrayList; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.Objects; | ||
import org.opensearch.OpenSearchParseException; | ||
import org.opensearch.common.io.stream.StreamInput; | ||
import org.opensearch.common.io.stream.StreamOutput; | ||
import org.opensearch.common.io.stream.Writeable; | ||
import org.opensearch.common.settings.SettingsException; | ||
import org.opensearch.common.xcontent.ToXContentObject; | ||
import org.opensearch.common.xcontent.XContentBuilder; | ||
import org.opensearch.common.xcontent.XContentHelper; | ||
import org.opensearch.common.xcontent.json.JsonXContent; | ||
|
||
public class RuleCategory implements Writeable, ToXContentObject { | ||
|
||
public static final String KEY = "key"; | ||
public static final String DISPLAY_NAME = "display_name"; | ||
|
||
private String name; | ||
private String displayName; | ||
|
||
public RuleCategory(StreamInput sin) throws IOException { | ||
this(sin.readString(), sin.readString()); | ||
} | ||
|
||
public RuleCategory(String name, String displayName) { | ||
this.name = name; | ||
this.displayName = displayName; | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeString(name); | ||
out.writeString(displayName); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { | ||
return builder.startObject() | ||
.field(KEY, name) | ||
.field(DISPLAY_NAME, displayName) | ||
.endObject(); | ||
} | ||
|
||
public String getName() { | ||
return name; | ||
} | ||
|
||
|
||
private static final String RULE_CATEGORIES_CONFIG_FILE = "rules/rule_categories.json"; | ||
|
||
// Rule category is the same as detector type | ||
public static final List<RuleCategory> ALL_RULE_CATEGORIES; | ||
|
||
static { | ||
List<RuleCategory> ruleCategories = new ArrayList<>(); | ||
String ruleCategoriesJson; | ||
try ( | ||
InputStream is = RuleCategory.class.getClassLoader().getResourceAsStream(RULE_CATEGORIES_CONFIG_FILE) | ||
) { | ||
ruleCategoriesJson = new String(Objects.requireNonNull(is).readAllBytes(), StandardCharsets.UTF_8); | ||
|
||
if (ruleCategoriesJson != null) { | ||
Map<String, Object> configMap = | ||
XContentHelper.convertToMap(JsonXContent.jsonXContent, ruleCategoriesJson, false); | ||
List<Map<String, Object>> categories = (List<Map<String, Object>>) configMap.get("rule_categories"); | ||
for (Map<String, Object> c : categories) { | ||
ruleCategories.add(new RuleCategory( | ||
(String) c.get(KEY), | ||
(String) c.get(DISPLAY_NAME) | ||
)); | ||
} | ||
} | ||
} catch (OpenSearchParseException e) { | ||
throw e; | ||
} catch (Exception e) { | ||
throw new SettingsException("Failed to load settings from [" + RULE_CATEGORIES_CONFIG_FILE + "]", e); | ||
} | ||
ALL_RULE_CATEGORIES = Collections.unmodifiableList(ruleCategories); | ||
} | ||
} | ||
|
41 changes: 41 additions & 0 deletions
41
...ain/java/org/opensearch/securityanalytics/resthandler/RestGetAllRuleCategoriesAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.resthandler; | ||
|
||
import java.io.IOException; | ||
import java.util.List; | ||
import org.opensearch.client.node.NodeClient; | ||
import org.opensearch.rest.BaseRestHandler; | ||
import org.opensearch.rest.RestRequest; | ||
import org.opensearch.rest.action.RestToXContentListener; | ||
import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; | ||
import org.opensearch.securityanalytics.action.GetAllRuleCategoriesAction; | ||
import org.opensearch.securityanalytics.action.GetAllRuleCategoriesRequest; | ||
|
||
|
||
import static org.opensearch.rest.RestRequest.Method.GET; | ||
|
||
public class RestGetAllRuleCategoriesAction extends BaseRestHandler { | ||
|
||
@Override | ||
public String getName() { | ||
return "get_all_rule_categories_action"; | ||
} | ||
|
||
@Override | ||
public List<Route> routes() { | ||
return List.of(new Route(GET, SecurityAnalyticsPlugin.RULE_BASE_URI + "/categories")); | ||
} | ||
|
||
@Override | ||
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException { | ||
|
||
return channel -> client.execute( | ||
GetAllRuleCategoriesAction.INSTANCE, | ||
new GetAllRuleCategoriesRequest(), | ||
new RestToXContentListener<>(channel) | ||
); | ||
} | ||
} |
41 changes: 41 additions & 0 deletions
41
.../java/org/opensearch/securityanalytics/transport/TransportGetAllRuleCategoriesAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.transport; | ||
|
||
import org.opensearch.action.ActionListener; | ||
import org.opensearch.action.support.ActionFilters; | ||
import org.opensearch.action.support.HandledTransportAction; | ||
import org.opensearch.cluster.service.ClusterService; | ||
import org.opensearch.common.inject.Inject; | ||
import org.opensearch.securityanalytics.action.GetAllRuleCategoriesAction; | ||
import org.opensearch.securityanalytics.action.GetAllRuleCategoriesRequest; | ||
import org.opensearch.securityanalytics.action.GetAllRuleCategoriesResponse; | ||
import org.opensearch.securityanalytics.model.RuleCategory; | ||
import org.opensearch.tasks.Task; | ||
import org.opensearch.threadpool.ThreadPool; | ||
import org.opensearch.transport.TransportService; | ||
|
||
public class TransportGetAllRuleCategoriesAction extends HandledTransportAction<GetAllRuleCategoriesRequest, GetAllRuleCategoriesResponse> { | ||
|
||
private final ThreadPool threadPool; | ||
|
||
@Inject | ||
public TransportGetAllRuleCategoriesAction( | ||
TransportService transportService, | ||
ActionFilters actionFilters, | ||
GetAllRuleCategoriesAction getAllRuleCategoriesAction, | ||
ClusterService clusterService, | ||
ThreadPool threadPool | ||
) { | ||
super(getAllRuleCategoriesAction.NAME, transportService, actionFilters, GetAllRuleCategoriesRequest::new); | ||
this.threadPool = threadPool; | ||
} | ||
|
||
@Override | ||
protected void doExecute(Task task, GetAllRuleCategoriesRequest request, ActionListener<GetAllRuleCategoriesResponse> actionListener) { | ||
this.threadPool.getThreadContext().stashContext(); | ||
actionListener.onResponse(new GetAllRuleCategoriesResponse(RuleCategory.ALL_RULE_CATEGORIES)); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"rule_categories": [ | ||
{ | ||
"key": "ad_ldap", | ||
"display_name": "AD/LDAP" | ||
}, | ||
{ | ||
"key": "dns", | ||
"display_name": "DNS logs" | ||
}, | ||
{ | ||
"key": "network", | ||
"display_name": "Network" | ||
}, | ||
{ | ||
"key": "apache_access", | ||
"display_name": "Apache access logs" | ||
}, | ||
{ | ||
"key": "cloudtrail", | ||
"display_name": "Cloud Trail logs" | ||
}, | ||
{ | ||
"key": "s3", | ||
"display_name": "S3 access logs" | ||
}, | ||
{ | ||
"key": "windows", | ||
"display_name": "Windows logs" | ||
}, | ||
{ | ||
"key": "linux", | ||
"display_name": "System logs" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters