Skip to content

/ graylog-plugin-threatintel

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix otx threat names ids not populating #99

Merged
merged 3 commits into from Mar 16, 2018
Merged

Fix otx threat names ids not populating #99

merged 3 commits into from Mar 16, 2018

Conversation

@pbr0ck3r
Copy link
Contributor

@pbr0ck3r pbr0ck3r commented Mar 15, 2018

When using the otx_lookup_ip and otx_lookup_domain in a pipeline rule. All that was being passed back was otx_threat_indicated. If a threat was indicated otx_threat_ids and otx_threat_names are currently not being returned. Just otx_threat_indicated: true. This PR fixes that.
@pbr0ck3r
fix otx_threat_names and otx_threat_ids not populating in lookupIntel…
Loading status checks…
072f23c 
… when they exist
@pbr0ck3r pbr0ck3r changed the base branch from master to 2.4 Mar 15, 2018
@pbr0ck3r
removed unused import
Loading status checks…
5b1a9d5
@pbr0ck3r pbr0ck3r mentioned this pull request Mar 16, 2018
Closed
@joschi
joschi reviewed Mar 16, 2018
View changes
src/main/java/org/graylog/plugins/threatintel/functions/otx/AbstractOTXLookupFunction.java Outdated
@@ -39,9 +40,10 @@ private OTXLookupResult lookupIntel(final String key, final LookupTableService.F

if (pulseCount > 0) {
result.put("otx_threat_indicated", true);
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof List) {
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof LinkedHashMap) {

This comment has been minimized.

Sign in to view
@joschi

joschi Mar 16, 2018
Contributor

Why did you decide to use a LinkedHashMap instead of the List interface?

This comment has been minimized.

Sign in to view
@pbr0ck3r

pbr0ck3r Mar 16, 2018
edited
Author Contributor

The lookupResult.multiValue() is a instance of LinkedHashMap not List which was causing this check in the if statement to fail.

This comment has been minimized.

Sign in to view
@joschi

joschi Mar 16, 2018
Contributor

Ah, it's a map and not a list! 🤦‍♂️

In this case, please use the Map interface and not List or LinkedHashMap.

This comment has been minimized.

Sign in to view
@pbr0ck3r

pbr0ck3r Mar 16, 2018
edited
Author Contributor

Wiil do! Original reason I choose LindkedHashMap was because I checked the class of lookupResult.mulitValue() using getClass() and it returned LinkdedHashMap.
@pbr0ck3r
use Map instead of LinkedHashMap
Loading status checks…
a8d0078
@joschi joschi added the bug label Mar 16, 2018
@joschi joschi self-assigned this Mar 16, 2018
@joschi joschi added this to the 2.4.4 milestone Mar 16, 2018
@joschi
joschi approved these changes Mar 16, 2018
View changes
Copy link
Contributor

@joschi joschi left a comment

LGTM. 👍
@joschi joschi merged commit f771037 into Graylog2:2.4 Mar 16, 2018
2 checks passed
2 checks passed
graylog-project/pr Jenkins build graylog-project-pr-snapshot 1188 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details
joschi pushed a commit that referenced this pull request Mar 16, 2018
@pbr0ck3r Jochen Schalanda
Fix otx threat names ids not populating (#99)
Unverified
No user is associated with the committer email.
Learn about signing commits
11b3bfa 
Fix otx_threat_names and otx_threat_ids not populating in lookupIntel when they exist

(cherry picked from commit f771037)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joschi joschi

Assignees

@joschi joschi

Labels
bug
Projects
None yet
Milestone
2.4.4
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@pbr0ck3r @joschi