Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adds new tif source config type - url download #1142

Merged
merged 4 commits into from
Jul 9, 2024

Conversation

eirsep
Copy link
Member

@eirsep eirsep commented Jul 6, 2024

Description

adds new tif source config type - url download
Downloads Iocs from a url of a given format and makes it available for scans and viewing Iocs

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

UUID.randomUUID().toString(),
iocType == null ? IOCType.ipv4_addr : IOCType.valueOf(iocType),
iocValue,
"high",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: Did @amsiglan mention trying to keep the severities as number-based values?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

severity is non-nullable. I didn't know what to set. I think severity should be optional.

}
break;
default:
// if the feed type doesn't match any of the supporting feed types, throw an exception
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add error log

));
StepListener<Void> defaultTifConfigsLoadedListener;
try {
defaultTifConfigsLoadedListener = new StepListener<>();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For clarification, a user is not able to create a url download source config from the index tif source config rest api but it's created when user calls search/list iocs?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What gets created is system driven. We need triggers for deciding when to create default tif source configs.- search apis imply we have user engagement on the feature

eirsep added 2 commits July 9, 2024 12:14
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
AWSHurneyt
AWSHurneyt previously approved these changes Jul 9, 2024
Copy link
Collaborator

@AWSHurneyt AWSHurneyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. We discussed offline making severity nullable to address this comment; but that can be handled as a follow-up item.
https://github.com/opensearch-project/security-analytics/pull/1142/files#r1670977945

@@ -94,6 +97,11 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques
}
try {
SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto();
if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource
&& request.getMethod().equals(RestRequest.Method.POST)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any logic to block users from updating this source config? I think there could still be a case if the user has the url download source already created but then tries to update it through the api.

@eirsep eirsep merged commit 16bcef3 into opensearch-project:main Jul 9, 2024
10 of 16 checks passed
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.x
# Create a new branch
git switch --create backport-1142-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 16bcef3b398f7c20d73d34d03bde80bc4ce1b421
# Push it to GitHub
git push --set-upstream origin backport-1142-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport-1142-to-2.x.

opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 9, 2024
* adds new tif source config type - url download

Signed-off-by: Surya Sashank Nistala <[email protected]>

* set up create default tif configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add check to block create and delete operation url download type tif source configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 16bcef3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep pushed a commit that referenced this pull request Jul 10, 2024
* adds new tif source config type - url download



* set up create default tif configs



* address review comments



* add check to block create and delete operation url download type tif source configs



---------


(cherry picked from commit 16bcef3)

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep pushed a commit to eirsep/security-analytics that referenced this pull request Jul 10, 2024
…) (opensearch-project#1155)

* adds new tif source config type - url download



* set up create default tif configs



* address review comments



* add check to block create and delete operation url download type tif source configs



---------


(cherry picked from commit 16bcef3)

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep pushed a commit to eirsep/security-analytics that referenced this pull request Jul 10, 2024
…) (opensearch-project#1155)

* adds new tif source config type - url download

* set up create default tif configs

* address review comments

* add check to block create and delete operation url download type tif source configs

---------

(cherry picked from commit 16bcef3)

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AWSHurneyt pushed a commit to AWSHurneyt/security-analytics that referenced this pull request Jul 10, 2024
* adds new tif source config type - url download

Signed-off-by: Surya Sashank Nistala <[email protected]>

* set up create default tif configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add check to block create and delete operation url download type tif source configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
AWSHurneyt pushed a commit to AWSHurneyt/security-analytics that referenced this pull request Jul 12, 2024
* adds new tif source config type - url download

Signed-off-by: Surya Sashank Nistala <[email protected]>

* set up create default tif configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add check to block create and delete operation url download type tif source configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
@AWSHurneyt AWSHurneyt mentioned this pull request Jul 12, 2024
5 tasks
AWSHurneyt added a commit that referenced this pull request Jul 12, 2024
* adds new tif source config type - url download (#1142)

* adds new tif source config type - url download

Signed-off-by: Surya Sashank Nistala <[email protected]>

* set up create default tif configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* address review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add check to block create and delete operation url download type tif source configs

Signed-off-by: Surya Sashank Nistala <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>

* Adjusted IOCTypes usage. (#1156)

* Removed TODOs.

Signed-off-by: AWSHurneyt <[email protected]>

* Refactored how STIX2IOCGenerator creates IOCs of specific types.

Signed-off-by: AWSHurneyt <[email protected]>

* Added additional integration tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Changed IOCType usage as it's no longer an enum in SA commons.

Signed-off-by: AWSHurneyt <[email protected]>

* Updated jar file.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed unit tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Refactored build.gradle to exclude redundant dependencies from SA commons, instead of the SA commons jar being generated withhout those dependencies.

Signed-off-by: AWSHurneyt <[email protected]>

* Updated jar.

Signed-off-by: AWSHurneyt <[email protected]>

* Reverted changes to build.gradle.

Signed-off-by: AWSHurneyt <[email protected]>

* Updated jar.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed IOCType usage.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed log message.

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed tests.

Signed-off-by: AWSHurneyt <[email protected]>

* Addressed PR feedback.

Signed-off-by: AWSHurneyt <[email protected]>

---------

Signed-off-by: AWSHurneyt <[email protected]>

* Fixed jar.

Signed-off-by: AWSHurneyt <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants