New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix otx threat names ids not populating #99

Merged
merged 3 commits into from Mar 16, 2018

Conversation

Projects
None yet
2 participants
@pbr0ck3r
Contributor

pbr0ck3r commented Mar 15, 2018

When using the otx_lookup_ip and otx_lookup_domain in a pipeline rule. All that was being passed back was otx_threat_indicated. If a threat was indicated otx_threat_ids and otx_threat_names are currently not being returned. Just otx_threat_indicated: true. This PR fixes that.

@pbr0ck3r pbr0ck3r changed the base branch from master to 2.4 Mar 15, 2018

@@ -39,9 +40,10 @@ private OTXLookupResult lookupIntel(final String key, final LookupTableService.F
if (pulseCount > 0) {
result.put("otx_threat_indicated", true);
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof List) {
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof LinkedHashMap) {

This comment has been minimized.

@joschi

joschi Mar 16, 2018

Contributor

Why did you decide to use a LinkedHashMap instead of the List interface?

This comment has been minimized.

@pbr0ck3r

pbr0ck3r Mar 16, 2018

Contributor

The lookupResult.multiValue() is a instance of LinkedHashMap not List which was causing this check in the if statement to fail.

This comment has been minimized.

@joschi

joschi Mar 16, 2018

Contributor

Ah, it's a map and not a list! 🤦‍♂️

In this case, please use the Map interface and not List or LinkedHashMap.

This comment has been minimized.

@pbr0ck3r

pbr0ck3r Mar 16, 2018

Contributor

Wiil do! Original reason I choose LindkedHashMap was because I checked the class of lookupResult.mulitValue() using getClass() and it returned LinkdedHashMap.

@joschi joschi added the bug label Mar 16, 2018

@joschi joschi self-assigned this Mar 16, 2018

@joschi joschi added this to the 2.4.4 milestone Mar 16, 2018

@joschi

joschi approved these changes Mar 16, 2018

LGTM. 👍

@joschi joschi merged commit f771037 into Graylog2:2.4 Mar 16, 2018

2 checks passed

graylog-project/pr Jenkins build graylog-project-pr-snapshot 1188 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

joschi added a commit that referenced this pull request Mar 16, 2018

Fix otx threat names ids not populating (#99)
Fix otx_threat_names and otx_threat_ids not populating in lookupIntel when they exist

(cherry picked from commit f771037)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment