forked from opensearch-project/security-analytics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> add search ioc findings api Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> add search ioc findings api Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
- Loading branch information
Showing
16 changed files
with
940 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
src/main/java/org/opensearch/securityanalytics/model/IocWithFeeds.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
package org.opensearch.securityanalytics.model; | ||
|
||
import org.opensearch.core.common.io.stream.StreamInput; | ||
import org.opensearch.core.common.io.stream.StreamOutput; | ||
import org.opensearch.core.common.io.stream.Writeable; | ||
import org.opensearch.core.xcontent.ToXContent; | ||
import org.opensearch.core.xcontent.XContentBuilder; | ||
import org.opensearch.core.xcontent.XContentParser; | ||
|
||
import java.io.IOException; | ||
|
||
import static org.opensearch.core.xcontent.XContentParserUtils.ensureExpectedToken; | ||
|
||
public class IocWithFeeds implements Writeable, ToXContent { | ||
|
||
private static final String FEED_ID_FIELD = "feed_id"; | ||
|
||
private static final String IOC_ID_FIELD = "ioc_id"; | ||
|
||
private static final String INDEX_FIELD = "index"; | ||
|
||
private final String feedId; | ||
|
||
private final String iocId; | ||
|
||
private final String index; | ||
|
||
public IocWithFeeds(String iocId, String feedId, String index) { | ||
this.iocId = iocId; | ||
this.feedId = feedId; | ||
this.index = index; | ||
} | ||
|
||
public IocWithFeeds(StreamInput sin) throws IOException { | ||
this.iocId = sin.readString(); | ||
this.feedId = sin.readString(); | ||
this.index = sin.readString(); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeString(iocId); | ||
out.writeString(feedId); | ||
out.writeString(index); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { | ||
builder.startObject() | ||
.field(IOC_ID_FIELD, iocId) | ||
.field(FEED_ID_FIELD, feedId) | ||
.field(INDEX_FIELD, index) | ||
.endObject(); | ||
return builder; | ||
} | ||
|
||
public String getIocId() { | ||
return iocId; | ||
} | ||
|
||
public String getFeedId() { | ||
return feedId; | ||
} | ||
|
||
public String getIndex() { | ||
return index; | ||
} | ||
|
||
public static IocWithFeeds parse(XContentParser xcp) throws IOException { | ||
String iocId = null; | ||
String feedId = null; | ||
String index = null; | ||
|
||
ensureExpectedToken(XContentParser.Token.START_OBJECT, xcp.currentToken(), xcp); | ||
while (xcp.nextToken() != XContentParser.Token.END_OBJECT) { | ||
String fieldName = xcp.currentName(); | ||
xcp.nextToken(); | ||
|
||
switch (fieldName) { | ||
case IOC_ID_FIELD: | ||
iocId = xcp.text(); | ||
break; | ||
case FEED_ID_FIELD: | ||
feedId = xcp.text(); | ||
break; | ||
case INDEX_FIELD: | ||
index = xcp.text(); | ||
break; | ||
default: | ||
xcp.skipChildren(); | ||
} | ||
} | ||
return new IocWithFeeds(iocId, feedId, index); | ||
} | ||
|
||
public static IocWithFeeds readFrom(StreamInput sin) throws IOException { | ||
return new IocWithFeeds(sin); | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
src/main/java/org/opensearch/securityanalytics/threatIntel/action/GetIocFindingsAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.opensearch.securityanalytics.threatIntel.action; | ||
|
||
import org.opensearch.action.ActionType; | ||
|
||
public class GetIocFindingsAction extends ActionType<GetIocFindingsResponse> { | ||
|
||
public static final GetIocFindingsAction INSTANCE = new GetIocFindingsAction(); | ||
public static final String NAME = "cluster:admin/opensearch/securityanalytics/ioc/findings/get"; | ||
|
||
public GetIocFindingsAction() { | ||
super(NAME, GetIocFindingsResponse::new); | ||
} | ||
} |
Oops, something went wrong.