-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adds new tif source config type - url download #1142
Conversation
024bd22
to
bbe005d
Compare
src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
Outdated
Show resolved
Hide resolved
UUID.randomUUID().toString(), | ||
iocType == null ? IOCType.ipv4_addr : IOCType.valueOf(iocType), | ||
iocValue, | ||
"high", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: Did @amsiglan mention trying to keep the severities as number-based values?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
severity is non-nullable. I didn't know what to set. I think severity should be optional.
src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java
Show resolved
Hide resolved
...rg/opensearch/securityanalytics/threatIntel/service/DefaultTifSourceConfigLoaderService.java
Outdated
Show resolved
Hide resolved
} | ||
break; | ||
default: | ||
// if the feed type doesn't match any of the supporting feed types, throw an exception |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add error log
)); | ||
StepListener<Void> defaultTifConfigsLoadedListener; | ||
try { | ||
defaultTifConfigsLoadedListener = new StepListener<>(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For clarification, a user is not able to create a url download source config from the index tif source config rest api but it's created when user calls search/list iocs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What gets created is system driven. We need triggers for deciding when to create default tif source configs.- search apis imply we have user engagement on the feature
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. We discussed offline making severity
nullable to address this comment; but that can be handled as a follow-up item.
https://github.com/opensearch-project/security-analytics/pull/1142/files#r1670977945
…source configs Signed-off-by: Surya Sashank Nistala <[email protected]>
@@ -94,6 +97,11 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques | |||
} | |||
try { | |||
SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto(); | |||
if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource | |||
&& request.getMethod().equals(RestRequest.Method.POST)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any logic to block users from updating this source config? I think there could still be a case if the user has the url download source already created but then tries to update it through the api.
The backport to
To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.x
# Create a new branch
git switch --create backport-1142-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 16bcef3b398f7c20d73d34d03bde80bc4ce1b421
# Push it to GitHub
git push --set-upstream origin backport-1142-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.x Then, create a pull request where the |
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <[email protected]> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <[email protected]> * address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 16bcef3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…) (opensearch-project#1155) * adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…) (opensearch-project#1155) * adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <[email protected]> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <[email protected]> * address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <[email protected]> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <[email protected]> * address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
* adds new tif source config type - url download (#1142) * adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <[email protected]> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <[email protected]> * address review comments Signed-off-by: Surya Sashank Nistala <[email protected]> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> * Adjusted IOCTypes usage. (#1156) * Removed TODOs. Signed-off-by: AWSHurneyt <[email protected]> * Refactored how STIX2IOCGenerator creates IOCs of specific types. Signed-off-by: AWSHurneyt <[email protected]> * Added additional integration tests. Signed-off-by: AWSHurneyt <[email protected]> * Changed IOCType usage as it's no longer an enum in SA commons. Signed-off-by: AWSHurneyt <[email protected]> * Updated jar file. Signed-off-by: AWSHurneyt <[email protected]> * Fixed unit tests. Signed-off-by: AWSHurneyt <[email protected]> * Fixed tests. Signed-off-by: AWSHurneyt <[email protected]> * Refactored build.gradle to exclude redundant dependencies from SA commons, instead of the SA commons jar being generated withhout those dependencies. Signed-off-by: AWSHurneyt <[email protected]> * Updated jar. Signed-off-by: AWSHurneyt <[email protected]> * Reverted changes to build.gradle. Signed-off-by: AWSHurneyt <[email protected]> * Updated jar. Signed-off-by: AWSHurneyt <[email protected]> * Fixed tests. Signed-off-by: AWSHurneyt <[email protected]> * Fixed tests. Signed-off-by: AWSHurneyt <[email protected]> * Fixed tests. Signed-off-by: AWSHurneyt <[email protected]> * Fixed IOCType usage. Signed-off-by: AWSHurneyt <[email protected]> * Fixed log message. Signed-off-by: AWSHurneyt <[email protected]> * Fixed tests. Signed-off-by: AWSHurneyt <[email protected]> * Addressed PR feedback. Signed-off-by: AWSHurneyt <[email protected]> --------- Signed-off-by: AWSHurneyt <[email protected]> * Fixed jar. Signed-off-by: AWSHurneyt <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: AWSHurneyt <[email protected]> Co-authored-by: Surya Sashank Nistala <[email protected]>
Description
adds new tif source config type - url download
Downloads Iocs from a url of a given format and makes it available for scans and viewing Iocs
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.