Merge branch 'main' into bug-fix

Signed-off-by: Riya <69919272+riysaxen-amzn@users.noreply.github.com>

src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java

@@ -35,7 +35,6 @@
 import org.opensearch.commons.alerting.model.action.Action;
 import org.opensearch.core.common.Strings;
 import org.opensearch.common.UUIDs;
-
 import org.opensearch.common.io.PathUtils;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.common.xcontent.XContentFactory;
@@ -64,11 +63,18 @@
 import org.opensearch.securityanalytics.correlation.CorrelationEngineRestApiIT;
 import org.opensearch.securityanalytics.correlation.index.query.CorrelationQueryBuilder;
 import org.opensearch.securityanalytics.mapper.MappingsTraverser;
-import org.opensearch.securityanalytics.model.*;
+import org.opensearch.securityanalytics.model.CorrelationQuery;
+import org.opensearch.securityanalytics.model.CorrelationRule;
+import org.opensearch.securityanalytics.model.CorrelationRuleTrigger;
+import org.opensearch.securityanalytics.model.CustomLogType;
+import org.opensearch.securityanalytics.model.Detector;
+import org.opensearch.securityanalytics.model.DetectorInput;
+import org.opensearch.securityanalytics.model.DetectorTrigger;
+import org.opensearch.securityanalytics.model.DetectorRule;
+import org.opensearch.securityanalytics.model.Rule;
+import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
 import org.opensearch.securityanalytics.util.CorrelationIndices;
 import org.opensearch.test.rest.OpenSearchRestTestCase;
-
-
 import javax.management.MBeanServerInvocationHandler;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
@@ -85,10 +91,19 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.stream.Collectors;
-
 import static org.opensearch.action.admin.indices.create.CreateIndexRequest.MAPPINGS;
 import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.MAPPER_BASE_URI;
-import static org.opensearch.securityanalytics.TestHelpers.*;
+import static org.opensearch.securityanalytics.TestHelpers.adLdapLogMappings;
+import static org.opensearch.securityanalytics.TestHelpers.appLogMappings;
+import static org.opensearch.securityanalytics.TestHelpers.productIndexAvgAggRule;
+import static org.opensearch.securityanalytics.TestHelpers.randomIndex;
+import static org.opensearch.securityanalytics.TestHelpers.randomDetectorWithInputsAndTriggers;
+import static org.opensearch.securityanalytics.TestHelpers.randomDetectorWithInputsAndTriggersAndType;
+import static org.opensearch.securityanalytics.TestHelpers.randomDetectorType;
+import static org.opensearch.securityanalytics.TestHelpers.sumAggregationTestRule;
+import static org.opensearch.securityanalytics.TestHelpers.s3AccessLogMappings;
+import static org.opensearch.securityanalytics.TestHelpers.vpcFlowMappings;
+import static org.opensearch.securityanalytics.TestHelpers.windowsIndexMapping;
 import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_INDEX_MAX_AGE;
 import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_MAX_DOCS;
 import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_RETENTION_PERIOD;
@@ -1571,8 +1586,8 @@ protected void createNetflowLogIndex(String indexName) throws IOException {
         Response response = client().performRequest(indexRequest);
         assertEquals(HttpStatus.SC_CREATED, response.getStatusLine().getStatusCode());
         // Refresh everything
-        response = client().performRequest(new Request("POST", "_refresh"));
-        assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
+        //response = client().performRequest(new Request("POST", "_refresh"));
+        //assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
     }
 
 

src/test/java/org/opensearch/securityanalytics/TestHelpers.java

@@ -22,7 +22,15 @@
 import org.opensearch.commons.authuser.User;
 import org.opensearch.script.Script;
 import org.opensearch.script.ScriptType;
-import org.opensearch.securityanalytics.model.*;
+import org.opensearch.securityanalytics.model.CorrelationQuery;
+import org.opensearch.securityanalytics.model.CorrelationRule;
+import org.opensearch.securityanalytics.model.CorrelationRuleTrigger;
+import org.opensearch.securityanalytics.model.CustomLogType;
+import org.opensearch.securityanalytics.model.Detector;
+import org.opensearch.securityanalytics.model.DetectorInput;
+import org.opensearch.securityanalytics.model.DetectorRule;
+import org.opensearch.securityanalytics.model.DetectorTrigger;
+import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
 import org.opensearch.test.OpenSearchTestCase;
 import org.opensearch.test.rest.OpenSearchRestTestCase;
 

src/test/java/org/opensearch/securityanalytics/alerts/AlertsIT.java

@@ -358,7 +358,7 @@ public void testAckAlerts_WithInvalidDetectorAlertsCombination() throws IOExcept
 
         indexDoc(index, "1", randomDoc());
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         Response executeResponse = null;
 
@@ -566,7 +566,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt
 
         indexDoc(index, "1", randomDoc());
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
         Map<String, Object> executeResults = entityAsMap(executeResponse);
@@ -682,7 +682,7 @@ public void testGetAlerts_byDetectorType_multipleDetectors_success() throws IOEx
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         request = "{\n" +
                 "   \"query\" : {\n" +
@@ -700,7 +700,7 @@ public void testGetAlerts_byDetectorType_multipleDetectors_success() throws IOEx
             hits = executeSearch(DetectorMonitorConfig.getAlertsIndex("network"), request);
         }
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         // Call GetAlerts API for WINDOWS detector
         Map<String, String> params = new HashMap<>();
@@ -1081,7 +1081,7 @@ public void testAlertHistoryRollover_maxDocs() throws IOException, InterruptedEx
 
         indexDoc(index, "1", randomDoc());
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
         Map<String, Object> executeResults = entityAsMap(executeResponse);

src/test/java/org/opensearch/securityanalytics/alerts/SecureAlertsRestApiIT.java

@@ -258,7 +258,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt
 
             indexDoc(index, "1", randomDoc());
 
-            client().performRequest(new Request("POST", "_refresh"));
+            // client().performRequest(new Request("POST", "_refresh"));
 
             Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
             Map<String, Object> executeResults = entityAsMap(executeResponse);

src/test/java/org/opensearch/securityanalytics/correlation/alerts/CorrelationAlertServiceTests.java

@@ -1,3 +1,8 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
 package org.opensearch.securityanalytics.correlation.alerts;
 
 import org.opensearch.client.Client;

src/test/java/org/opensearch/securityanalytics/correlation/alerts/CorrelationAlertsRestApiIT.java

@@ -1,3 +1,8 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
 package org.opensearch.securityanalytics.correlation.alerts;
 
 import org.apache.hc.core5.http.io.entity.StringEntity;

src/test/java/org/opensearch/securityanalytics/findings/FindingIT.java

@@ -257,7 +257,7 @@ public void testGetFindings_byDetectorType_success() throws IOException {
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         // Call GetFindings API for first detector
         Map<String, String> params = new HashMap<>();
@@ -367,7 +367,7 @@ public void testGetAllFindings_success() throws IOException {
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         // Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         // Call GetFindings API for all the detectors
         Map<String, String> params = new HashMap<>();
@@ -586,7 +586,7 @@ public void testGetFindings_bySeverity_success() throws IOException {
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         // Call GetFindings API for first detector by severity
         Map<String, String> params = new HashMap<>();
@@ -707,7 +707,7 @@ public void testGetFindings_bySearchString_success() throws IOException {
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
 
         // Call GetFindings API for first detector by searchString 'high'
         Map<String, String> params = new HashMap<>();
@@ -823,7 +823,7 @@ public void testGetFindings_byStartTimeAndEndTime_success() throws IOException {
         int noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(1, noOfSigmaRuleMatches);
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
         // Call GetFindings API for first detector by startTime and endTime
         Map<String, String> params = new HashMap<>();
         params.put("startTime", String.valueOf(startTime1.toEpochMilli()));
@@ -834,7 +834,7 @@ public void testGetFindings_byStartTimeAndEndTime_success() throws IOException {
         Map<String, Object> getFindingsBody = entityAsMap(getFindingsResponse);
         Assert.assertEquals(1, getFindingsBody.get("total_findings"));
 
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
         Instant startTime2 = Instant.now();
         // execute monitor 2
         executeResponse = executeAlertingMonitor(monitorId2, Collections.emptyMap());
@@ -1335,7 +1335,7 @@ public void testGetFindings_rolloverByMaxDoc_short_retention_success() throws IO
         // Call GetFindings API
         Map<String, String> params = new HashMap<>();
         params.put("detector_id", detectorId);
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
         Response getFindingsResponse = makeRequest(client(), "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
         Map<String, Object> getFindingsBody = entityAsMap(getFindingsResponse);
         Assert.assertEquals(1, getFindingsBody.get("total_findings"));
@@ -1364,7 +1364,7 @@ public void testGetFindings_rolloverByMaxDoc_short_retention_success() throws IO
 
         noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
         Assert.assertEquals(5, noOfSigmaRuleMatches);
-        client().performRequest(new Request("POST", "_refresh"));
+        // client().performRequest(new Request("POST", "_refresh"));
         getFindingsResponse = makeRequest(client(), "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
         getFindingsBody = entityAsMap(getFindingsResponse);
         Assert.assertEquals(1, getFindingsBody.get("total_findings"));

src/test/java/org/opensearch/securityanalytics/findings/SecureFindingRestApiIT.java

@@ -263,7 +263,7 @@ public void testGetFindings_byDetectorType_success() throws IOException {
             noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
             Assert.assertEquals(5, noOfSigmaRuleMatches);
 
-            client().performRequest(new Request("POST", "_refresh"));
+            // client().performRequest(new Request("POST", "_refresh"));
 
 
             // try to do get finding as a user with read access