Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix otx threat names ids not populating #99

Merged
merged 3 commits into from Mar 16, 2018

Conversation

@pbr0ck3r
Copy link
Contributor

@pbr0ck3r pbr0ck3r commented Mar 15, 2018

When using the otx_lookup_ip and otx_lookup_domain in a pipeline rule. All that was being passed back was otx_threat_indicated. If a threat was indicated otx_threat_ids and otx_threat_names are currently not being returned. Just otx_threat_indicated: true. This PR fixes that.

@pbr0ck3r pbr0ck3r changed the base branch from master to 2.4 Mar 15, 2018
@@ -39,9 +40,10 @@ private OTXLookupResult lookupIntel(final String key, final LookupTableService.F

if (pulseCount > 0) {
result.put("otx_threat_indicated", true);
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof List) {
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof LinkedHashMap) {

This comment has been minimized.

@joschi

joschi Mar 16, 2018
Contributor

Why did you decide to use a LinkedHashMap instead of the List interface?

This comment has been minimized.

@pbr0ck3r

pbr0ck3r Mar 16, 2018
Author Contributor

The lookupResult.multiValue() is a instance of LinkedHashMap not List which was causing this check in the if statement to fail.

This comment has been minimized.

@joschi

joschi Mar 16, 2018
Contributor

Ah, it's a map and not a list! 🤦‍♂️

In this case, please use the Map interface and not List or LinkedHashMap.

This comment has been minimized.

@pbr0ck3r

pbr0ck3r Mar 16, 2018
Author Contributor

Wiil do! Original reason I choose LindkedHashMap was because I checked the class of lookupResult.mulitValue() using getClass() and it returned LinkdedHashMap.

@joschi joschi added the bug label Mar 16, 2018
@joschi joschi self-assigned this Mar 16, 2018
@joschi joschi added this to the 2.4.4 milestone Mar 16, 2018
@joschi
joschi approved these changes Mar 16, 2018
Copy link
Contributor

@joschi joschi left a comment

LGTM. 👍

@joschi joschi merged commit f771037 into Graylog2:2.4 Mar 16, 2018
2 checks passed
2 checks passed
graylog-project/pr Jenkins build graylog-project-pr-snapshot 1188 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details
joschi pushed a commit that referenced this pull request Mar 16, 2018
Fix otx_threat_names and otx_threat_ids not populating in lookupIntel when they exist

(cherry picked from commit f771037)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants