Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rough draft of IOC data model. #1029

Merged
merged 6 commits into from
May 28, 2024
Merged

Rough draft of IOC data model. #1029

merged 6 commits into from
May 28, 2024

Conversation

AWSHurneyt
Copy link
Collaborator

@AWSHurneyt AWSHurneyt commented May 17, 2024
edited
Loading

Description

These are the references I'm using.

Domain documentation
Section "6.4 Domain Name Object" of https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_k017w16zutw

Hash documentation
https://stix2.readthedocs.io/en/latest/guide/serializing.html

IP documentation
"6.8 IPv4 Address Object" section of https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_wh296fiwpklp

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@eirsep eirsep changed the base branch from main to feature/threat_intel May 17, 2024 16:35
eirsep
eirsep requested changes May 17, 2024
View reviewed changes
Copy link
Member

@eirsep eirsep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add a validate function to verify feed id, values, type and value are non-null

@AWSHurneyt
Copy link
Collaborator Author

can we add a validate function to verify feed id, values, type and value are non-null

@eirsep Added some basic validation.

@AWSHurneyt AWSHurneyt marked this pull request as ready for review May 20, 2024 22:07
@AWSHurneyt
Rough draft of IOC data model.
c0ba41b 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Changed IOC value from a list to a string.
b18a1c0 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Added validation for IOC type, value, and feedId fields.
1d8beea 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Refactored IocType to for ipv4, and ipv6.
187f34c 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Refactored IocType.
8727d3c 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
eirsep
eirsep reviewed May 24, 2024
View reviewed changes
Copy link
Member

@eirsep eirsep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
plz add serialization tests

@AWSHurneyt
Added unit tests.
09eeb55 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
@AWSHurneyt
Copy link
Collaborator Author

AWSHurneyt commented May 28, 2024
edited
Loading

LGTM plz add serialization tests

@eirsep Added some unit tests. Will add more once we're more confident that this is the final structure of the data model.

@eirsep eirsep merged commit 26f9b0c into opensearch-project:feature/threat_intel May 28, 2024
2 checks passed
@AWSHurneyt AWSHurneyt deleted the 3.0-threat-intel branch May 28, 2024 21:48
eirsep pushed a commit that referenced this pull request Jun 3, 2024
@AWSHurneyt @eirsep
IOC data model and DTO. (#1029)
d8faa57 
* Rough draft of IOC data model.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Changed IOC value from a list to a string.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added validation for IOC type, value, and feedId fields.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType to for ipv4, and ipv6.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added unit tests.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

---------

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
jowg-amazon pushed a commit to jowg-amazon/security-analytics that referenced this pull request Jun 4, 2024
@AWSHurneyt @jowg-amazon
IOC data model and DTO. (opensearch-project#1029)
0c8e5d3 
* Rough draft of IOC data model.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Changed IOC value from a list to a string.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added validation for IOC type, value, and feedId fields.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType to for ipv4, and ipv6.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added unit tests.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

---------

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
eirsep pushed a commit to eirsep/security-analytics that referenced this pull request Jun 6, 2024
@AWSHurneyt @eirsep
IOC data model and DTO. (opensearch-project#1029)
22b84c6 
* Rough draft of IOC data model.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Changed IOC value from a list to a string.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added validation for IOC type, value, and feedId fields.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType to for ipv4, and ipv6.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added unit tests.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

---------

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
eirsep pushed a commit that referenced this pull request Jun 6, 2024
@AWSHurneyt @eirsep
IOC data model and DTO. (#1029)
1669953 
* Rough draft of IOC data model.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Changed IOC value from a list to a string.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added validation for IOC type, value, and feedId fields.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType to for ipv4, and ipv6.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added unit tests.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

---------

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
AWSHurneyt added a commit to AWSHurneyt/security-analytics that referenced this pull request Jun 25, 2024
@AWSHurneyt
IOC data model and DTO. (opensearch-project#1029)
9d18e41 
* Rough draft of IOC data model.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Changed IOC value from a list to a string.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added validation for IOC type, value, and feedId fields.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType to for ipv4, and ipv6.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Refactored IocType.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* Added unit tests.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

---------

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jowg-amazon jowg-amazon jowg-amazon left review comments

@eirsep eirsep eirsep approved these changes

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@AWSHurneyt @eirsep @jowg-amazon