Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix otx threat names ids not populating #99

Merged
merged 3 commits into from Mar 16, 2018

Conversation

pbr0ck3r
Copy link
Contributor

When using the otx_lookup_ip and otx_lookup_domain in a pipeline rule. All that was being passed back was otx_threat_indicated. If a threat was indicated otx_threat_ids and otx_threat_names are currently not being returned. Just otx_threat_indicated: true. This PR fixes that.

@pbr0ck3r pbr0ck3r changed the base branch from master to 2.4 March 15, 2018 20:47
@@ -39,9 +40,10 @@ private OTXLookupResult lookupIntel(final String key, final LookupTableService.F

if (pulseCount > 0) {
result.put("otx_threat_indicated", true);
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof List) {
if (lookupResult.multiValue() != null && lookupResult.multiValue() instanceof LinkedHashMap) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you decide to use a LinkedHashMap instead of the List interface?

Copy link
Contributor Author

@pbr0ck3r pbr0ck3r Mar 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The lookupResult.multiValue() is a instance of LinkedHashMap not List which was causing this check in the if statement to fail.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, it's a map and not a list! 🤦‍♂️

In this case, please use the Map interface and not List or LinkedHashMap.

Copy link
Contributor Author

@pbr0ck3r pbr0ck3r Mar 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wiil do! Original reason I choose LindkedHashMap was because I checked the class of lookupResult.mulitValue() using getClass() and it returned LinkdedHashMap.

@joschi joschi added the bug label Mar 16, 2018
@joschi joschi self-assigned this Mar 16, 2018
@joschi joschi added this to the 2.4.4 milestone Mar 16, 2018
Copy link
Contributor

@joschi joschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

@joschi joschi merged commit f771037 into Graylog2:2.4 Mar 16, 2018
joschi pushed a commit that referenced this pull request Mar 16, 2018
Fix otx_threat_names and otx_threat_ids not populating in lookupIntel when they exist

(cherry picked from commit f771037)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants