Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.7 optimization fix #934

Open
wants to merge 88 commits into
base: main
Choose a base branch
from
Open

2.7 optimization fix #934

wants to merge 88 commits into from

Conversation

eirsep
Copy link
Member

@eirsep eirsep commented Mar 15, 2024

Description

[Describe what this change achieves]

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-trigger-bot bot and others added 30 commits November 1, 2022 15:32
@opensearch-trigger-bot
[Backport 2.x] add backport github workflow for security-analytics (o…
84e00b7 
…pensearch-project#95)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot @eirsep
add findings enabled flag in datasources (opensearch-project#99) (ope…
f6e66d5 
…nsearch-project#104)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
(cherry picked from commit d1f62cc)

Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep
update index monitor method to include namedWriteableRegistry for com…
dc558fb 
…mon utils interface (opensearch-project#101) (opensearch-project#105)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@opensearch-trigger-bot @petardz
Rule field validation during IndexRule Action (opensearch-project#80) (
9d6e1c5 
…opensearch-project#106)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bfb2b23)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @petardz
Rollover for alerts/findings history indices (opensearch-project#82) (o…
c415338 
…pensearch-project#108)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit 95f8d9a)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @eirsep
add owner field in monitor (opensearch-project#110) (opensearch-proje…
ad18056 
…ct#111)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
(cherry picked from commit 269be07)

Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
@opensearch-trigger-bot
automate delete backport branch (opensearch-project#113) (opensearch-…
efcd59f 
…project#115)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
Add 2.4.0.0 releases notes (opensearch-project#114) (opensearch-proje…
81a9124 
…ct#118)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
security implementation for security-analytics (opensearch-project#78) (
ee4ab74 
opensearch-project#120)

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot @phaseshiftg
add mappings and test case (opensearch-project#89) (opensearch-projec…
1211ad2 
…t#125)

* dns and cloudtrail mappings

Signed-off-by: Grant Haywood <grant@phaseshift.studio>

* add s3 mappings

Signed-off-by: Grant Haywood <grant@phaseshift.studio>

Signed-off-by: Grant Haywood <grant@phaseshift.studio>
(cherry picked from commit ee7f6fb)

Co-authored-by: phaseshiftg <115187865+phaseshiftg@users.noreply.github.com>
@opensearch-trigger-bot @petardz
removed grouped listener when fetching findings (opensearch-project#124
4091ced 
…) (opensearch-project#128)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bb7ffb5)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @stevanbz
Creates bucket level monitors for rules containing aggregations (open…
e11c00e 
…search-project#92) (opensearch-project#130)

Signed-off-by: Stevan Buzejic <stevan.buzejic@htecgroup.com>
(cherry picked from commit 2f0abe6)

Co-authored-by: Stevan Buzejic <30922513+stevanbz@users.noreply.github.com>
@opensearch-trigger-bot @eirsep
enabled findings in bucket level monitor creation (opensearch-project…
2f9a513 
…#131) (opensearch-project#132)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
(cherry picked from commit 1b36aa1)

Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
@opensearch-trigger-bot
add loopback mappings (opensearch-project#134) (opensearch-project#137)
1e1cb9b 
Signed-off-by: Grant Haywood <grant@phaseshift.studio>
@opensearch-trigger-bot @petardz
fixed GetFindings not searching all indices; fixed proper deletion of… (
1a2a5f8 
opensearch-project#122) (opensearch-project#135)

* fixed GetFindings not searching all indices; fixed proper deletion of old history indices

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit 8dd1c9f)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @petardz
mapper topics fix; Index Rule category validation (opensearch-project…
71ffbd5 
…#123) (opensearch-project#140)

* conflict resolve

Signed-off-by: Petar Dzepina <petar.dzepina@vroom.com>

* IT fixes

Signed-off-by: Petar Dzepina <petar.dzepina@vroom.com>

Signed-off-by: Petar Dzepina <petar.dzepina@vroom.com>
Co-authored-by: Petar Dzepina <petar.dzepina@vroom.com>
(cherry picked from commit 4fba8fc)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @stevanbz
Enabled creation detector without rules (opensearch-project#143) (ope…
22c06b0 
…nsearch-project#144)

Signed-off-by: Stevan Buzejic <stevan.buzejic@htecgroup.com>

Signed-off-by: Stevan Buzejic <stevan.buzejic@htecgroup.com>
Co-authored-by: Stevan Buzejic <stevan.buzejic@htecgroup.com>
(cherry picked from commit 68231e9)

Co-authored-by: Stevan Buzejic <30922513+stevanbz@users.noreply.github.com>
@opensearch-trigger-bot
added 404s (opensearch-project#146) (opensearch-project#149)
134539e 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot @eirsep
populate queries field in FindingDTO in case of bucket level monitor …
a8249c8 
…findings (opensearch-project#148) (opensearch-project#151)

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
(cherry picked from commit 2e44ff4)

Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
@opensearch-trigger-bot
fix to support https as param for security integ tests (opensearch-pr…
eda3cef 
…oject#156) (opensearch-project#157)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
Monitor execution and finding integration tests (opensearch-project#139
ce396ba 
…) (opensearch-project#168)

Signed-off-by: Stevan Buzejic <stevan.buzejic@htecgroup.com>
@opensearch-trigger-bot @sbcd90
fix for running windows integration tests (opensearch-project#176) (o…
7aa7e36 
…pensearch-project#177)

* fix for running windows integration tests

(cherry picked from commit b91c1f6)

Co-authored-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
fix for flaky integration tests (opensearch-project#167) (opensearch-…
a7f1d62 
…project#180)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
Add release notes for 2.4.1 (opensearch-project#183) (opensearch-proj…
b315523 
…ect#184)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
add failure logs to github workflows (opensearch-project#186) (opense…
af7f6cc 
…arch-project#193)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
fixed findingsDto bug (opensearch-project#102) (opensearch-project#200)
e91f2a2 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot
fix vulnerabiity in yaml constructor (opensearch-project#198) (opense…
276d4bb 
…arch-project#202)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
fixed aliases being returned in unmapped_index_fields (opensearch-pro…
7df9be8 
…ject#147) (opensearch-project#209)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot
implement securetransportaction for get alerts and ack alerts and edg…
3b490a1 
…e case secure IT tests (opensearch-project#161) (opensearch-project#210)

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
@opensearch-trigger-bot
search returns detector type in CAPS fix and integration tests (opens…
ee411e5 
…earch-project#174) (opensearch-project#214)

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
AWSHurneyt and others added 18 commits April 17, 2023 23:02
@AWSHurneyt @github-actions
Added 2.7 release notes. (opensearch-project#401)
2d84a6f 
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
(cherry picked from commit 2daf1d4)
@bowenlan-amzn
Merge pull request opensearch-project#402 from opensearch-project/bac…
147d784 
…kport/backport-401-to-2.7

[Backport 2.7] Added 2.7 release notes.
@opensearch-trigger-bot
add correlation engine for security-analytics (opensearch-project#405) (
303f202 
opensearch-project#407)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
Findings index mappings fix (opensearch-project#409) (opensearch-proj…
cac3b25 
…ect#416)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot
enabled source filtering when searching rules (opensearch-project#374) (
4d1525f 
opensearch-project#420)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot
Alias and dataStream end-to-end ITs (opensearch-project#373) (opensea…
bf9c3b8 
…rch-project#422)

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@opensearch-trigger-bot
add rules to correlations for correlation engine (opensearch-project#423
4e360ef 
) (opensearch-project#427)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
fix for input validation of correlation rule names (opensearch-projec…
075970a 
…t#428) (opensearch-project#431)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@opensearch-trigger-bot
[Backport 2.7] Auto expand replicas (opensearch-project#551)
cd23067 
* auto expand replicas (opensearch-project#539)

Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
@goyamegh
* opensearch-project#709 Return empty response for empty mappings and…
830a3b9 
… no applied aliases (opensearch-project#765)

* Adding integ tests for empty mappings/aliases use-cases



* Fix unit tests for MappingsTraverser



---------

Signed-off-by: Megha Goyal <goyamegh@amazon.com>
@jowg-amazon
* changed windows sample rule and query construction (opensearch-proj…
0c32858 
…ect#745)

* remove wildcard



* changed wildcardtest



* fixed wildcards



* fixed wildcard query test



* fixed correlation engine tests



* fixed query backend tests



* clean up



* added two integration tests



---------

Signed-off-by: Joanne Wang <jowg@amazon.com>
@opensearch-trigger-bot @goyamegh
[BUG] ArrayIndexOutOfBoundsException for inconsistent detector index …
044d6fb 
…behavior (opensearch-project#843) (opensearch-project#908)

* Catch ArrayIndexOutOfBoundsException when detector is missing

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

* Add a check on SearchHits.getHits() length

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

* Remove index out of bounds exception

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

---------

Signed-off-by: Megha Goyal <goyamegh@amazon.com>
(cherry picked from commit 0ef8543)

Co-authored-by: Megha Goyal <56077967+goyamegh@users.noreply.github.com>
@opensearch-trigger-bot @jowg-amazon
Add throw for empty strings in rules with modifier contains, startwit…
58c33a9 
…h, and endswith (opensearch-project#860) (opensearch-project#911)

* add validation for empty strings with contains, startswith and endswith modifiers

Signed-off-by: Joanne Wang <jowg@amazon.com>

* throw exception if empty string with contains, startswith, or endswith

Signed-off-by: Joanne Wang <jowg@amazon.com>

* change var name

Signed-off-by: Joanne Wang <jowg@amazon.com>

* add modifiers to log

Signed-off-by: Joanne Wang <jowg@amazon.com>

---------

Signed-off-by: Joanne Wang <jowg@amazon.com>
(cherry picked from commit f4ee7bb)

Co-authored-by: Joanne Wang <jowg@amazon.com>
@goyamegh
Version bump to 2.7.1
a94d9c4 
Signed-off-by: Megha Goyal <goyamegh@amazon.com>
@eirsep @goyamegh
fix detector writeTo() method missing fields (opensearch-project#695)
c9bb3fd 
* fix detector writeTo() method missing fields

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix test

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

---------

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@eirsep @goyamegh
fix null query filter conversion from sigma to query string query (op…
8dbd4f6 
…ensearch-project#722)

* fix null query filter conversion from sigma to query string query

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix rule to query conversion tests for null filter

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* enhance test to verify non null doc doesnt match null query

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

---------

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
@goyamegh
* opensearch-project#709 Return empty response for empty mappings and…
f2ab3e8 
… no applied aliases

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

* Adding integ tests for empty mappings/aliases use-cases

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

* Fix unit tests for MappingsTraverser

Signed-off-by: Megha Goyal <goyamegh@amazon.com>

---------

Signed-off-by: Megha Goyal <goyamegh@amazon.com>
@eirsep
Pass rule field names in doc level queries during monitor/creation. R…
5fd677a 
…emove blocking actionGet() calls (opensearch-project#873)

* pass query field names in doc level queries during monitor creation/updation

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove actionGet() and change get index mapping call to event driven flow

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix chained findings monitor

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add finding mappings

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove test messages from logs

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* revert build.gradle change

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

---------

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
riysaxen-amzn pushed a commit to riysaxen-amzn/security-analytics that referenced this pull request Mar 25, 2024
@eirsep @stevanbz
@opensearch-trigger-bot @petardz @lezzago
Adds transport layer actions for CRUD workflows (opensearch-project#934
171cd2e 
…) (opensearch-project#938)

(cherry picked from commit e0b7a5a7905b977e58d80e3b9134b14893d122b0)

* remove unneeded import

---------






* Stashed user together with it's roles



---------







* Added workflow execution logic (opensearch-project#850)

* Added workflow execution logic



* Adjusted code according to comments



* Updated version of the findings json



* Updating the workflow metadata in the case of updating flag set to false while the metadata alerady exist



* Added logging for workflow metadata update



* Added Rest Execute Workflow action



* Extended workflow context with workflowMetadataId. Adjusted the doc level monitor findings



* Updated conditions for unstashing the context when indexing and deleting the workflow



---------



* Added fix when executing the workflow and when chained findings index… (opensearch-project#890)



* Fixed deleting monitor workflow metadata (#882)

* Fixed deleting monitor metadata and workflow metadata.




* fix monitor metadata error from conflict resolution



* remove unused import



* remove rest execute workflow action



* increment schema version for findings mapping json



---------

Signed-off-by: Stevan Buzejic <buzejic.stevan@gmail.com>
Signed-off-by: Angie Zhang <langelzh@amazon.com>
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Co-authored-by: Stevan Buzejic <buzejic.stevan@gmail.com>
Co-authored-by: Angie Zhang <langelzh@amazon.com>
Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
Co-authored-by: Ashish Agrawal <ashisagr@amazon.com>
@praveensameneni
Copy link
Member

@eirsep , can you please update/close the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@jowg-amazon jowg-amazon Awaiting requested review from jowg-amazon jowg-amazon is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@eirsep @praveensameneni @sbcd90 @AWSHurneyt @lezzago @stevanbz @bowenlan-amzn @goyamegh @jowg-amazon