Merge branch 'main' into detector-with-same-name

MAINTAINERS.md

@@ -1,9 +1,11 @@
-## Maintainers
-| Maintainer             | GitHub ID                                       | Affiliation |
-|------------------------|-------------------------------------------------| ----------- |
-| Saurabh Singh          | [getsaurabh02](https://github.com/getsaurabh02) | Amazon |
-| Subhobrata Dey         | [sbcd90](https://github.com/sbcd90)             | Amazon |
-| Surya Sashank Nistalai | [eirsep](https://github.com/eirsep)             | Amazon |
+## Overview
+
+This document contains a list of maintainers in this repo. See [opensearch-project/.github/RESPONSIBILITIES.md](https://github.com/opensearch-project/.github/blob/main/RESPONSIBILITIES.md#maintainer-responsibilities) that explains what the role of maintainer means, what maintainers do in this and other repos, and how they should be doing it. If you're interested in contributing, and becoming a maintainer, see [CONTRIBUTING](CONTRIBUTING.md).
 
+## Current Maintainers
 
-[This document](https://github.com/opensearch-project/.github/blob/main/MAINTAINERS.md) explains what maintainers do in this repo, and how they should be doing it. If you're interested in contributing, see [CONTRIBUTING](CONTRIBUTING.md).
+| Maintainer             | GitHub ID                                       | Affiliation |
+| ---------------------- | ----------------------------------------------- | ----------- |
+| Saurabh Singh          | [getsaurabh02](https://github.com/getsaurabh02) | Amazon      |
+| Subhobrata Dey         | [sbcd90](https://github.com/sbcd90)             | Amazon      |
+| Surya Sashank Nistalai | [eirsep](https://github.com/eirsep)             | Amazon      |

build.gradle

@@ -6,7 +6,7 @@ import org.opensearch.gradle.test.RestIntegTestTask
 
 buildscript {
     ext {
-        opensearch_version = System.getProperty("opensearch.version", "2.4.0-SNAPSHOT")
+        opensearch_version = System.getProperty("opensearch.version", "2.5.0-SNAPSHOT")
         isSnapshot = "true" == System.getProperty("build.snapshot", "true")
         buildVersionQualifier = System.getProperty("build.version_qualifier", "")
         version_tokens = opensearch_version.tokenize('-')

release-notes/opensearch-security-analytics.release-notes-2.5.0.0.md

@@ -0,0 +1,32 @@
+## Version 2.5.0.0 Release Notes
+Compatible with OpenSearch 2.5.0
+
+### Maintenance
+* Bumped version to 2.5. ([#215](https://github.com/opensearch-project/security-analytics/pull/215))
+* Updated MAINTAINERS.md format. ([#240](https://github.com/opensearch-project/security-analytics/pull/240))
+
+### Features
+* Implement secure transport action for get alerts and ack alerts. ([#161](https://github.com/opensearch-project/security-analytics/pull/161))
+* GetMappingsView API - index pattern/alias/datastream support. ([#245](https://github.com/opensearch-project/security-analytics/pull/245))
+* Createmappings api index pattern support. ([#260](https://github.com/opensearch-project/security-analytics/pull/260))
+
+### Bug Fixes
+* Fixed aliases being returned in unmapped_index_fields. ([#147](https://github.com/opensearch-project/security-analytics/pull/147))
+* Fix vulnerability in yaml constructor. ([#198](https://github.com/opensearch-project/security-analytics/pull/198))
+* Fix flaky integration tests for security analytics. ([#241](https://github.com/opensearch-project/security-analytics/pull/241))
+* Fixed SecureFindingRestApiIT. Removed uppercasing of the detector type. ([#247](https://github.com/opensearch-project/security-analytics/pull/247))
+* Fix ci builds for security-analytics. ([#253](https://github.com/opensearch-project/security-analytics/pull/253))
+
+### Refactoring
+* Search returns detector type in CAPS fix and integration tests. ([#174](https://github.com/opensearch-project/security-analytics/pull/174))
+* Added dummy search when creating detector on the given indices. ([#197](https://github.com/opensearch-project/security-analytics/pull/197))
+* Updated network mappings. ([#211](https://github.com/opensearch-project/security-analytics/pull/211))
+* Updated windows mappings. ([#212](https://github.com/opensearch-project/security-analytics/pull/212))
+* Updated ad_ldap mappings. ([#213](https://github.com/opensearch-project/security-analytics/pull/213))
+* Removed create/delete queryIndex. ([#215](https://github.com/opensearch-project/security-analytics/pull/215))
+* Update Linux mappings. ([#223](https://github.com/opensearch-project/security-analytics/pull/223))
+* Changes to return empty search response for custom rules. ([#231](https://github.com/opensearch-project/security-analytics/pull/231))
+* Service Returns Unhandled Error Response. ([#248](https://github.com/opensearch-project/security-analytics/pull/248))
+
+### Documentation
+* Added 2.5 release notes. ([#268](https://github.com/opensearch-project/security-analytics/pull/268))

src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java

@@ -121,7 +121,7 @@ public Collection<Object> createComponents(Client client,
                                                Supplier<RepositoriesService> repositoriesServiceSupplier) {
         detectorIndices = new DetectorIndices(client.admin(), clusterService, threadPool);
         ruleTopicIndices = new RuleTopicIndices(client, clusterService);
-        mapperService = new MapperService(client.admin().indices());
+        mapperService = new MapperService(client.admin().indices(), clusterService, indexNameExpressionResolver);
         ruleIndices = new RuleIndices(client, clusterService, threadPool);
         return List.of(detectorIndices, ruleTopicIndices, ruleIndices, mapperService);
     }

src/main/java/org/opensearch/securityanalytics/action/AckAlertsAction.java

@@ -6,6 +6,9 @@
 
 import org.opensearch.action.ActionType;
 
+/**
+ * Acknowledge Alert Action
+ */
 public class AckAlertsAction extends ActionType<AckAlertsResponse> {
     public static final String NAME = "cluster:admin/opensearch/securityanalytics/alerts/ack";
     public static final AckAlertsAction INSTANCE = new AckAlertsAction();

src/main/java/org/opensearch/securityanalytics/alerts/AlertsService.java

@@ -57,6 +57,8 @@ public AlertsService(Client client) {
      *
      * @param detectorId id of Detector
      * @param table      group of search related parameters
+     * @param severityLevel alert severity level
+     * @param alertState current alert state
      * @param listener   ActionListener to get notified on response or error
      */
     public void getAlertsByDetectorId(
@@ -112,8 +114,12 @@ public void onFailure(Exception e) {
     /**
      * Searches alerts generated by specific Monitor
      *
-     * @param monitorIds id of Monitor
+     * @param monitorToDetectorMapping monitorId to detectorId mapping
+     * @param monitorIds list of monitor ids
+     * @param alertIndex alert index to search alerts on
      * @param table      group of search related parameters
+     * @param severityLevel alert severity level
+     * @param alertState current alert state     *
      * @param listener   ActionListener to get notified on response or error
      */
     public void getAlertsByMonitorIds(
@@ -255,9 +261,9 @@ public void getAlerts(List<String> alertIds,
     }
 
     /**
-     * @param getAlertsResponse
-     * @param getDetectorResponse
-     * @param actionListener
+     * @param getAlertsResponse GetAlerts API response
+     * @param getDetectorResponse GetDetector API response
+     * @param actionListener Action Listener
      */
     public void ackknowledgeAlerts(org.opensearch.commons.alerting.action.GetAlertsResponse getAlertsResponse,
                                    GetDetectorResponse getDetectorResponse,

src/main/java/org/opensearch/securityanalytics/config/monitors/DetectorMonitorConfig.java

@@ -25,6 +25,8 @@ public class DetectorMonitorConfig {
     public static final String OPENSEARCH_DEFAULT_ALL_FINDINGS_INDICES_PATTERN = ".opensearch-sap-findings-default*";
     public static final String OPENSEARCH_DEFAULT_FINDINGS_INDEX_PATTERN = "<.opensearch-sap-findings-default-{now/d}-1>";
 
+    public static final String OPENSEARCH_SAP_RULE_INDEX_TEMPLATE = ".opensearch-sap-detectors-queries-index-template";
+
     private static Map<String, MonitorConfig> detectorTypeToIndicesMapping;
 
     static {
@@ -113,6 +115,13 @@ public static List<String> getAllFindingsIndicesPatternForAllTypes() {
                 .collect(Collectors.toList());
     }
 
+    public static List<String> getAllRuleIndices() {
+        return detectorTypeToIndicesMapping.entrySet()
+                .stream()
+                .map(e -> e.getValue().getRuleIndex())
+                .collect(Collectors.toList());
+    }
+
     public static String getFindingsIndexPattern(String detectorType) {
         return detectorTypeToIndicesMapping.containsKey(detectorType.toLowerCase(Locale.ROOT)) ?
                 detectorTypeToIndicesMapping.get(detectorType.toLowerCase(Locale.ROOT)).getFindingsIndexPattern() :
@@ -145,8 +154,7 @@ private MonitorConfig(
                 String findingsIndex,
                 String findingsIndexPattern,
                 String allFindingsIndicesPattern,
-                String ruleIndex
-        ) {
+                String ruleIndex) {
             this.alertsIndex = alertsIndex;
             this.alertsHistoryIndex = alertsHistoryIndex;
             this.alertsHistoryIndexPattern = alertsHistoryIndexPattern;

src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java

@@ -110,6 +110,7 @@ public void onFailure(Exception e) {
      * Searches findings generated by specific Monitor
      * @param monitorToDetectorMapping monitorId --> detectorId mapper
      * @param monitorIds id of Monitor
+     * @param findingIndexName Finding index name to search findings on
      * @param table group of search related parameters
      * @param listener ActionListener to get notified on response or error
      */