Change ruleId if it exists

Signed-off-by: Ashish Agrawal <[email protected]>
opensearch-project · Oct 3, 2023 · abdb6a6 · abdb6a6
1 parent 3c9b23a
commit abdb6a6
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
@@ -4,6 +4,7 @@
  */
 package org.opensearch.securityanalytics.util;
 
+import java.util.HashSet;
 import java.util.Set;
 
 import com.google.common.collect.ImmutableMap;
@@ -70,6 +71,7 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
+import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -272,10 +274,13 @@ private String getRuleCategory(Path folderPath) {
     private void ingestQueries(Map<String, List<String>> logIndexToRules, WriteRequest.RefreshPolicy refreshPolicy, TimeValue indexTimeout, ActionListener<BulkResponse> listener) throws SigmaError, IOException {
         List<Rule> queries = new ArrayList<>();
 
+        Set<String> ruleIds = new HashSet<>();
         for (Map.Entry<String, List<String>> logIndexToRule: logIndexToRules.entrySet()) {
             Map<String, String> fieldMappings = logTypeService.getRuleFieldMappingsForBuiltinLogType(logIndexToRule.getKey());
             final QueryBackend backend = new OSQueryBackend(fieldMappings, true, true);
-            queries.addAll(getQueries(backend, logIndexToRule.getKey(), logIndexToRule.getValue()));
+            List<Rule> rules = getQueries(backend, logIndexToRule.getKey(), logIndexToRule.getValue(), ruleIds);
+            rules.forEach(rule -> ruleIds.add(rule.getId()));
+            queries.addAll(rules);
         }
         loadRules(queries, refreshPolicy, indexTimeout, listener, true);
     }
@@ -285,16 +290,18 @@ private void loadQueries(String[] paths, WriteRequest.RefreshPolicy refreshPolic
         loadQueries(path, refreshPolicy, indexTimeout, listener);
     }
 
-    private List<Rule> getQueries(QueryBackend backend, String category, List<String> rules) throws SigmaError {
+    private List<Rule> getQueries(QueryBackend backend, String category, List<String> rules, Set<String> ruleIds) throws SigmaError {
         List<Rule> queries = new ArrayList<>();
         for (String ruleStr: rules) {
             SigmaRule rule = SigmaRule.fromYaml(ruleStr, true);
             backend.resetQueryFields();
             List<Object> ruleQueries = backend.convertRule(rule);
             Set<String> queryFieldNames = backend.getQueryFields().keySet();
+            String ruleId = ruleIds.contains(rule.getId().toString()) ?
+                    UUID.randomUUID().toString() : rule.getId().toString();
 
             Rule ruleModel = new Rule(
-                    rule.getId().toString(), NO_VERSION, rule, category,
+                    ruleId, NO_VERSION, rule, category,
                     ruleQueries,
                     new ArrayList<>(queryFieldNames),
                     ruleStr