adds new tif source config type - url download #1142
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eirsep
requested review from
amsiglan,
AWSHurneyt,
getsaurabh02,
lezzago,
praveensameneni,
sbcd90,
jowg-amazon,
engechas,
goyamegh and
riysaxen-amzn
as code owners
eirsep
force-pushed
the
url
branch
2 times, most recently
from
024bd22
to
bbe005d
Compare
AWSHurneyt
reviewed
Jul 9, 2024
src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
Outdated
Show resolved
Hide resolved
| UUID.randomUUID().toString(), | ||
| iocType == null ? IOCType.ipv4_addr : IOCType.valueOf(iocType), | ||
| iocValue, | ||
| "high", |
There was a problem hiding this comment.
Nitpick: Did @amsiglan mention trying to keep the severities as number-based values?
There was a problem hiding this comment.
severity is non-nullable. I didn't know what to set. I think severity should be optional.
src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java
Show resolved
Hide resolved
...rg/opensearch/securityanalytics/threatIntel/service/DefaultTifSourceConfigLoaderService.java
Outdated
Show resolved
Hide resolved
jowg-amazon
reviewed
Jul 9, 2024
| } | ||
| break; | ||
| default: | ||
| // if the feed type doesn't match any of the supporting feed types, throw an exception |
| )); | ||
| StepListener<Void> defaultTifConfigsLoadedListener; | ||
| try { | ||
| defaultTifConfigsLoadedListener = new StepListener<>(); |
There was a problem hiding this comment.
For clarification, a user is not able to create a url download source config from the index tif source config rest api but it's created when user calls search/list iocs?
There was a problem hiding this comment.
What gets created is system driven. We need triggers for deciding when to create default tif source configs.- search apis imply we have user engagement on the feature
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
AWSHurneyt
previously approved these changes
Jul 9, 2024
There was a problem hiding this comment.
Approved. We discussed offline making severity nullable to address this comment; but that can be handled as a follow-up item.
https://github.com/opensearch-project/security-analytics/pull/1142/files#r1670977945
…source configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
jowg-amazon
reviewed
Jul 9, 2024
| @@ -94,6 +97,11 @@ private void retrieveLockAndCreateTIFConfig(SAIndexTIFSourceConfigRequest reques | |||
| } | |||
| try { | |||
| SATIFSourceConfigDto saTifSourceConfigDto = request.getTIFConfigDto(); | |||
| if (SourceConfigType.URL_DOWNLOAD.equals(saTifSourceConfigDto.getType()) || saTifSourceConfigDto.getSource() instanceof UrlDownloadSource | |||
| && request.getMethod().equals(RestRequest.Method.POST)) { | |||
There was a problem hiding this comment.
Is there any logic to block users from updating this source config? I think there could still be a case if the user has the url download source already created but then tries to update it through the api.
jowg-amazon
approved these changes
Jul 9, 2024
AWSHurneyt
approved these changes
Jul 9, 2024
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.x
# Create a new branch
git switch --create backport-1142-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 16bcef3b398f7c20d73d34d03bde80bc4ce1b421
# Push it to GitHub
git push --set-upstream origin backport-1142-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.xThen, create a pull request where the |
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jul 9, 2024
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> (cherry picked from commit 16bcef3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep
pushed a commit
that referenced
this pull request
Jul 10, 2024
* adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep
pushed a commit
to eirsep/security-analytics
that referenced
this pull request
Jul 10, 2024
…) (opensearch-project#1155) * adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
eirsep
pushed a commit
to eirsep/security-analytics
that referenced
this pull request
Jul 10, 2024
…) (opensearch-project#1155) * adds new tif source config type - url download * set up create default tif configs * address review comments * add check to block create and delete operation url download type tif source configs --------- (cherry picked from commit 16bcef3) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AWSHurneyt
pushed a commit
to AWSHurneyt/security-analytics
that referenced
this pull request
Jul 10, 2024
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
AWSHurneyt
pushed a commit
to AWSHurneyt/security-analytics
that referenced
this pull request
Jul 12, 2024
* adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
5 tasks
AWSHurneyt
added a commit
that referenced
this pull request
Jul 12, 2024
* adds new tif source config type - url download (#1142) * adds new tif source config type - url download Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * set up create default tif configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add check to block create and delete operation url download type tif source configs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Adjusted IOCTypes usage. (#1156) * Removed TODOs. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Refactored how STIX2IOCGenerator creates IOCs of specific types. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Added additional integration tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Changed IOCType usage as it's no longer an enum in SA commons. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Updated jar file. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed unit tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Refactored build.gradle to exclude redundant dependencies from SA commons, instead of the SA commons jar being generated withhout those dependencies. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Updated jar. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Reverted changes to build.gradle. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Updated jar. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed IOCType usage. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed log message. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed tests. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Addressed PR feedback. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> --------- Signed-off-by: AWSHurneyt <hurneyt@amazon.com> * Fixed jar. Signed-off-by: AWSHurneyt <hurneyt@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: AWSHurneyt <hurneyt@amazon.com> Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
adds new tif source config type - url download
Downloads Iocs from a url of a given format and makes it available for scans and viewing Iocs
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.