optimize sigma aggregation rule based detectors execution workflow #1418
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Subhobrata Dey <[email protected]>
sbcd90
requested review from
amsiglan,
AWSHurneyt,
getsaurabh02,
lezzago,
praveensameneni,
eirsep,
jowg-amazon,
engechas,
goyamegh and
riysaxen-amzn
as code owners
Signed-off-by: Subhobrata Dey <[email protected]>
|
the description seems to not be related to the change in the PR am unable to understand the change made and the significance of it |
eirsep
reviewed
Dec 11, 2024
| @@ -84,12 +86,21 @@ public void onResponse(GetDetectorResponse getDetectorResponse) { | |||
| // monitor --> detectorId mapping | |||
| Map<String, String> monitorToDetectorMapping = new HashMap<>(); | |||
| detector.getMonitorIds().forEach( | |||
| monitorId -> monitorToDetectorMapping.put(monitorId, detector.getId()) | |||
| monitorId -> { | |||
| if (detector.getRuleIdMonitorIdMap().containsKey(CHAINED_FINDINGS_MONITOR_STRING)) { | |||
eirsep
previously approved these changes
Dec 12, 2024
Signed-off-by: Subhobrata Dey <[email protected]>
AWSHurneyt
approved these changes
Dec 12, 2024
eirsep
approved these changes
Dec 12, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Dec 17, 2024
…1418) * optimize sigma aggregation rule based detectors execution workflow Signed-off-by: Subhobrata Dey <[email protected]> * update fixes Signed-off-by: Subhobrata Dey <[email protected]> * update ci to v4 Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Subhobrata Dey <[email protected]> (cherry picked from commit 2a9646e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Dec 17, 2024
…1418) * optimize sigma aggregation rule based detectors execution workflow Signed-off-by: Subhobrata Dey <[email protected]> * update fixes Signed-off-by: Subhobrata Dey <[email protected]> * update ci to v4 Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Subhobrata Dey <[email protected]> (cherry picked from commit 2a9646e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Dec 17, 2024
…1418) * optimize sigma aggregation rule based detectors execution workflow Signed-off-by: Subhobrata Dey <[email protected]> * update fixes Signed-off-by: Subhobrata Dey <[email protected]> * update ci to v4 Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Subhobrata Dey <[email protected]> (cherry picked from commit 2a9646e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This was referenced Dec 17, 2024
sbcd90
pushed a commit
that referenced
this pull request
Dec 18, 2024
…1418) (#1433) * optimize sigma aggregation rule based detectors execution workflow Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
sbcd90
pushed a commit
that referenced
this pull request
Dec 18, 2024
…1418) (#1432) (cherry picked from commit 2a9646e) Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
sbcd90
pushed a commit
that referenced
this pull request
Dec 18, 2024
…1418) (#1431) (cherry picked from commit 2a9646e) Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This pr proposes optimizations for sigma aggregation rule based detectors execution workflow.
Filters out only alerts generated from match all doc-level monitors. https://github.com/opensearch-project/security-analytics/pull/1418/files#diff-dd990d08c350d0f4c1c87148dffbdd5bdaf50dcfd9b22c9bba0fe10bb1930ce7R89
pass an additional flag to ignore findings and alerts generated from chained doc-level monitors. https://github.com/opensearch-project/security-analytics/pull/1418/files#diff-8fa8978eef6244554fff1512eb4ed63755d995cf3e8aa295522657a4eecb6166R905
fixes a bug in update scenario of chained bucket-level doc-level monitors. https://github.com/opensearch-project/security-analytics/pull/1418/files#diff-ac84d76e5ec563a48e1e18eeedca280d589c79bcb29cbc2fce8d8bf6d3097928R103
upgrade artifact to v4.
Related Issues
Resolves #[Issue number to be closed when this PR is merged]
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.