Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Threat Intel Feed Config Model #1028

Merged
merged 15 commits into from
May 22, 2024
Merged

Threat Intel Feed Config Model #1028

merged 15 commits into from
May 22, 2024

Conversation

jowg-amazon
Copy link
Collaborator

@jowg-amazon jowg-amazon commented May 15, 2024
edited
Loading

Description

  1. Refactors threat intel folder to include transport, resthandler, service, util, and model folders.
  2. Adds the threat intel feed config model and threat intel feed dto config model
  3. Adds interfaces that will be used for sa commons

Files changed outside of refactoring:
threat_intel_job_mapping.json
TIFConfig
TIFConfigDto
SATIFConfig
SATIFConfigDto
TIFJobState

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

eirsep
eirsep reviewed May 20, 2024
View reviewed changes
src/main/java/org/opensearch/securityanalytics/threatIntel/model/SATIFConfig.java Outdated
import java.util.Locale;
import java.util.Map;

public class SATIFConfig implements TIFConfig, Writeable, ScheduledJobParameter {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Javadocs

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added javadocs

eirsep
eirsep reviewed May 20, 2024
View reviewed changes
src/main/java/org/opensearch/securityanalytics/threatIntel/model/SATIFConfig.java Outdated
public Instant lastRefreshedTime;
public String lastRefreshedUser;
private Boolean isEnabled;
private Map<String, Object> iocMapStore;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the map that shows where we are storing the IOCs per feed. For opensearch it would be something like Map: Ip: , DNS:

eirsep
eirsep requested changes May 21, 2024
View reviewed changes
src/main/java/org/opensearch/securityanalytics/threatIntel/model/SATIFConfig.java Outdated
);
}

public static TIFJobState toState(String stateName) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use enum inbuilt function

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The states are an enum, changed the function to use switch case

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not scalable

use valueOf(String name) which returns enum and wrap with try catch where catch returns null and logs error that couldnt parse enum

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed it to use valueOf

src/main/java/org/opensearch/securityanalytics/threatIntel/sacommons/TIFConfig.java Outdated
import java.util.Map;

/**
* Threat intel config interface
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we rename entity to TIFSource Config

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

renamed to TIFSourceConfig

jowg-amazon added 12 commits May 21, 2024 13:36
@jowg-amazon
update job mapping
df14414 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
updated TIFConfig
6d060f4 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
fix mapping types and add id and version
7d11276 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
edited tif config model, added Dto and sa commons interfaces
f819b27 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
added javadocs
d292cf1 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
update job mapping
7802b5d 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
updated TIFConfig
02f9258 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
fix mapping types and add id and version
998b8a5 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
edited tif config model, added Dto and sa commons interfaces
c76c3bd 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
added javadocs
53a6310 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
changed tifconfig to tifSourceConfig
b258da0 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
remove dto
3fd7f89 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon jowg-amazon force-pushed the threat_intel_TIFConfig branch from e4e78e0 to 3fd7f89 Compare May 21, 2024 21:04
eirsep
eirsep reviewed May 22, 2024
View reviewed changes
src/main/java/org/opensearch/securityanalytics/threatIntel/model/SATIFSourceConfig.java Outdated
private Long version;
private String feedName;
private String feedFormat;
private Boolean prepackaged;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's have feed type instead of this

LICENSED
OPEN-SOURCED
CUSTOM
INTERNAL

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added enum class for these fields

eirsep
eirsep reviewed May 22, 2024
View reviewed changes
src/main/java/org/opensearch/securityanalytics/threatIntel/common/TIFJobState.java
@@ -33,5 +33,10 @@ public enum TIFJobState {
/**
* tif job is being deleted
*/
DELETING
DELETING,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REFRESHING?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added REFRESHING as a state

@jowg-amazon
added feed type
26bb060 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon
minor fixes
a269548 
Signed-off-by: Joanne Wang <[email protected]>
@jowg-amazon jowg-amazon merged commit a99ca4d into opensearch-project:feature/threat_intel May 22, 2024
2 checks passed
eirsep pushed a commit that referenced this pull request Jun 3, 2024
@jowg-amazon @eirsep
Threat Intel Feed Config Model (#1028)
9cca517
jowg-amazon added a commit to jowg-amazon/security-analytics that referenced this pull request Jun 4, 2024
@jowg-amazon
Threat Intel Feed Config Model (opensearch-project#1028)
78f696e
eirsep pushed a commit to eirsep/security-analytics that referenced this pull request Jun 6, 2024
@jowg-amazon @eirsep
Threat Intel Feed Config Model (opensearch-project#1028)
e00075e
eirsep pushed a commit that referenced this pull request Jun 6, 2024
@jowg-amazon @eirsep
Threat Intel Feed Config Model (#1028)
dbebcb5
AWSHurneyt pushed a commit to AWSHurneyt/security-analytics that referenced this pull request Jun 25, 2024
@jowg-amazon @AWSHurneyt
Threat Intel Feed Config Model (opensearch-project#1028)
29d468a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eirsep eirsep eirsep approved these changes

@sbcd90 sbcd90 sbcd90 approved these changes

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jowg-amazon @sbcd90 @eirsep