Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java

@@ -7,6 +7,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.function.Supplier;
 import java.util.Optional;
@@ -61,6 +62,7 @@
 import org.opensearch.securityanalytics.mapper.IndexTemplateManager;
 import org.opensearch.securityanalytics.mapper.MapperService;
 import org.opensearch.securityanalytics.model.CustomLogType;
+import org.opensearch.securityanalytics.model.IocDao;
 import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
 import org.opensearch.securityanalytics.resthandler.*;
 import org.opensearch.securityanalytics.threatIntel.service.DetectorThreatIntelService;
@@ -103,10 +105,17 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map
     public static final String FINDINGS_CORRELATE_URI = FINDINGS_BASE_URI + "/correlate";
     public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations";
     public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules";
+    public static final String IOC_BASE_URI = PLUGINS_BASE_URI + "/ioc";
+    public static final String IOC_FETCH_BASE_URI = IOC_BASE_URI + "/fetch";
 
     public static final String CUSTOM_LOG_TYPE_URI = PLUGINS_BASE_URI + "/logtype";
     public static final String JOB_INDEX_NAME = ".opensearch-sap--job";
     public static final Map<String, Object> TIF_JOB_INDEX_SETTING = Map.of(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1, IndexMetadata.SETTING_AUTO_EXPAND_REPLICAS, "0-all", IndexMetadata.SETTING_INDEX_HIDDEN, true);
+    public static final String IOC_INDEX_NAME_BASE = ".opensearch-sap-ioc";
+    public static final String IOC_ALL_INDEX_PATTERN = IOC_INDEX_NAME_BASE + "-*";
+    public static final String IOC_DOMAIN_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.DOMAIN.name().toLowerCase(Locale.ROOT);
+    public static final String IOC_HASH_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.HASH.name().toLowerCase(Locale.ROOT);
+    public static final String IOC_IP_INDEX_NAME = IOC_INDEX_NAME_BASE + IocDao.IocType.IP.name().toLowerCase(Locale.ROOT);
 
     private CorrelationRuleIndices correlationRuleIndices;
 

src/main/java/org/opensearch/securityanalytics/model/IocDao.java

@@ -14,18 +14,23 @@
 import org.opensearch.core.xcontent.XContentBuilder;
 import org.opensearch.core.xcontent.XContentParser;
 import org.opensearch.core.xcontent.XContentParserUtils;
+
 import java.io.IOException;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 
-import static org.opensearch.securityanalytics.model.Detector.NO_ID;
+import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_DOMAIN_INDEX_NAME;
+import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_HASH_INDEX_NAME;
+import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.IOC_IP_INDEX_NAME;
 
 public class IocDao implements Writeable, ToXContentObject {
     private static final Logger logger = LogManager.getLogger(IocDao.class);
 
+    public static final String NO_ID = "";
+
     static final String ID_FIELD = "id";
     static final String NAME_FIELD = "name";
     static final String TYPE_FIELD = "type";
@@ -93,6 +98,26 @@ public IocDao(StreamInput sin) throws IOException {
         );
     }
 
+    public IocDao(IocDto iocDto) {
+        this(
+                iocDto.getId(),
+                iocDto.getName(),
+                iocDto.getType(),
+                iocDto.getValue(),
+                iocDto.getSeverity(),
+                iocDto.getSpecVersion(),
+                iocDto.getCreated(),
+                iocDto.getModified(),
+                iocDto.getDescription(),
+                iocDto.getLabels(),
+                iocDto.getFeedId()
+        );
+    }
+
+    public static IocDao readFrom(StreamInput sin) throws IOException {
+        return new IocDao(sin);
+    }
+
     @Override
     public void writeTo(StreamOutput out) throws IOException {
         out.writeString(id);
@@ -283,30 +308,27 @@ public String getFeedId() {
     }
 
     public enum IocType {
-        DOMAIN("domain-name"),
-        HASH("hash"), // TODO placeholder
-        IP("ipv4-addr", "ipv6-addr");
-
-        private final String[] types;
-
-        IocType(String... types) {
-            this.types = types;
-        }
+        DOMAIN("domain") {
+            @Override
+            public String getSystemIndexName() {
+                return IOC_DOMAIN_INDEX_NAME;
+            }
+        },
+        HASH("hash") { // TODO placeholder
+            @Override
+            public String getSystemIndexName() {
+                return IOC_HASH_INDEX_NAME;
+            }
+        },
+        IP("ip") {
+            @Override
+            public String getSystemIndexName() {
+                return IOC_IP_INDEX_NAME;
+            }
+        };
 
-        public String[] getTypes() {
-            return types;
-        }
+        IocType(String type) {}
 
-        public IocType fromString(String type) {
-            for (IocType enumValue : values()) {
-                for (String enumType : enumValue.getTypes()) {
-                    if (enumType.equals(type.toLowerCase(Locale.ROOT))) {
-                        return enumValue;
-                    }
-                }
-            }
-            logger.debug("Unsupported IocType: {}", type);
-            throw new IllegalArgumentException(String.format("[%s] is not supported.", TYPE_FIELD));
-        }
+        public abstract String getSystemIndexName();
     }
 }

src/main/java/org/opensearch/securityanalytics/model/IocDto.java

@@ -12,9 +12,14 @@
 import org.opensearch.core.common.io.stream.Writeable;
 import org.opensearch.core.xcontent.ToXContentObject;
 import org.opensearch.core.xcontent.XContentBuilder;
+import org.opensearch.core.xcontent.XContentParser;
+import org.opensearch.core.xcontent.XContentParserUtils;
+
 import java.io.IOException;
 import java.time.Instant;
+import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 
 public class IocDto implements Writeable, ToXContentObject {
     private static final Logger logger = LogManager.getLogger(IocDto.class);
@@ -49,6 +54,10 @@ public IocDto(StreamInput sin) throws IOException {
         this(new IocDao(sin));
     }
 
+    public static IocDto readFrom(StreamInput sin) throws IOException {
+        return new IocDto(sin);
+    }
+
     @Override
     public void writeTo(StreamOutput out) throws IOException {
         out.writeString(id);
@@ -80,4 +89,52 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
                 .field(IocDao.FEED_ID_FIELD, feedId)
                 .endObject();
     }
+
+    public static IocDto parse(XContentParser xcp, String id) throws IOException {
+            return new IocDto(IocDao.parse(xcp, id));
+        }
+
+    public String getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public IocDao.IocType getType() {
+        return type;
+    }
+
+    public String getValue() {
+        return value;
+    }
+
+    public String getSeverity() {
+        return severity;
+    }
+
+    public String getSpecVersion() {
+        return specVersion;
+    }
+
+    public Instant getCreated() {
+        return created;
+    }
+
+    public Instant getModified() {
+        return modified;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public List<String> getLabels() {
+        return labels;
+    }
+
+    public String getFeedId() {
+        return feedId;
+    }
 }