Skip to content

Commit

Permalink
add filter to list ioc api to fetch only from available and refreshin…
Browse files Browse the repository at this point in the history 
…g apis. null check for alias (#1131) (#1153)

(cherry picked from commit 23ab84a)

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@opensearch-trigger-bot @github-actions
opensearch-trigger-bot[bot] and github-actions[bot] authored Jul 9, 2024
1 parent a6a159c commit 40c1d23
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
6 changes: 5 additions & 1 deletion ...n/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@ public void checkAndEnsureThreatIntelMonitorsDeleted(
public void getIocTypeToIndices(ActionListener<Map<String, List<String>>> listener) {
SearchRequest searchRequest = new SearchRequest(SecurityAnalyticsPlugin.JOB_INDEX_NAME);

String stateFieldName = String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD);
String stateFieldName = getStateFieldName();
BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery(stateFieldName, AVAILABLE.toString()));
queryBuilder.should(QueryBuilders.matchQuery(stateFieldName, REFRESHING));
Expand Down Expand Up @@ -523,4 +523,8 @@ public void getIocTypeToIndices(ActionListener<Map<String, List<String>>> listen
}
));
}

public static String getStateFieldName() {
return String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD);
}
}
15 changes: 12 additions & 3 deletions src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
import java.util.concurrent.atomic.AtomicReference;

import static org.opensearch.securityanalytics.services.STIX2IOCFeedStore.getIocIndexAlias;
import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.AVAILABLE;
import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.REFRESHING;
import static org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService.getStateFieldName;

public class TransportListIOCsAction extends HandledTransportAction<ListIOCsActionRequest, ListIOCsActionResponse> implements SecureTransportAction {
private static final Logger log = LogManager.getLogger(TransportListIOCsAction.class);
Expand Down Expand Up @@ -116,8 +119,11 @@ void start() {
List<String> iocIndices = new ArrayList<>();
for (SearchHit hit : searchResponse.getHits().getHits()) {
String iocIndexAlias = getIocIndexAlias(hit.getId());
String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state());
iocIndices.add(writeIndex);
if (IndexUtils.isAlias(iocIndexAlias, clusterService.state())) {
String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state());
if (writeIndex != null)
iocIndices.add(writeIndex);
}
}
if (iocIndices.isEmpty()) {
log.info("No ioc indices found to query for given threat intel source filtering criteria {}", String.join(",", configIds));
Expand Down Expand Up @@ -263,7 +269,10 @@ private SearchSourceBuilder getFeedsSearchSourceBuilder(List<String> configIds)
}
return new SearchSourceBuilder().query(queryBuilder).size(9999);
} else {
return new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(9999);
BoolQueryBuilder stateQueryBuilder = QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery(getStateFieldName(), REFRESHING.toString()))
.should(QueryBuilders.matchQuery(getStateFieldName(), AVAILABLE.toString()));
return new SearchSourceBuilder().query(stateQueryBuilder).size(9999);
}
}
}

0 comments on commit 40c1d23

Please sign in to comment.