New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix otx threat names ids not populating #99
Fix otx threat names ids not populating #99
Conversation
@@ -39,9 +40,10 @@ private OTXLookupResult lookupIntel(final String key, final LookupTableService.F | |||
|
|||
if (pulseCount > 0) { | |||
result.put("otx_threat_indicated", true); | |||
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof List) { | |||
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof LinkedHashMap) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you decide to use a LinkedHashMap
instead of the List
interface?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The lookupResult.multiValue()
is a instance of LinkedHashMap
not List
which was causing this check in the if statement
to fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, it's a map and not a list! 🤦♂️
In this case, please use the Map
interface and not List
or LinkedHashMap
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wiil do! Original reason I choose LindkedHashMap
was because I checked the class of lookupResult.mulitValue()
using getClass()
and it returned LinkdedHashMap
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. 👍
Fix otx_threat_names and otx_threat_ids not populating in lookupIntel when they exist (cherry picked from commit f771037)
When using the
otx_lookup_ip
andotx_lookup_domain
in a pipeline rule. All that was being passed back wasotx_threat_indicated
. If a threat was indicatedotx_threat_ids
andotx_threat_names
are currently not being returned. Justotx_threat_indicated: true
. This PR fixes that.