Security Analytics 2.7 Backports #938
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Megha Goyal <[email protected]>
* fix detector writeTo() method missing fields Signed-off-by: Surya Sashank Nistala <[email protected]> * fix test Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
* fix null query filter conversion from sigma to query string query Signed-off-by: Surya Sashank Nistala <[email protected]> * fix rule to query conversion tests for null filter Signed-off-by: Surya Sashank Nistala <[email protected]> * enhance test to verify non null doc doesnt match null query Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Megha Goyal <[email protected]> * Adding integ tests for empty mappings/aliases use-cases Signed-off-by: Megha Goyal <[email protected]> * Fix unit tests for MappingsTraverser Signed-off-by: Megha Goyal <[email protected]> --------- Signed-off-by: Megha Goyal <[email protected]>
…quashed) Signed-off-by: Dennis Toepker <[email protected]>
…emove blocking actionGet() calls (#873) * pass query field names in doc level queries during monitor creation/updation Signed-off-by: Surya Sashank Nistala <[email protected]> * remove actionGet() and change get index mapping call to event driven flow Signed-off-by: Surya Sashank Nistala <[email protected]> * fix chained findings monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add finding mappings Signed-off-by: Surya Sashank Nistala <[email protected]> * remove test messages from logs Signed-off-by: Surya Sashank Nistala <[email protected]> * revert build.gradle change Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 2.7 #938 +/- ##
============================================
- Coverage 28.09% 27.77% -0.32%
- Complexity 900 902 +2
============================================
Files 231 231
Lines 9341 9495 +154
Branches 1076 1081 +5
============================================
+ Hits 2624 2637 +13
- Misses 6481 6623 +142
+ Partials 236 235 -1 ☔ View full report in Codecov by Sentry. |
engechas
reviewed
Mar 19, 2024
| import org.opensearch.common.SetOnce; | ||
| import org.apache.lucene.util.SetOnce; |
There was a problem hiding this comment.
Don't think this was supposed to change. Not sure what the ramifications are
Signed-off-by: Dennis Toepker <[email protected]>
engechas
approved these changes
Mar 19, 2024
sbcd90
approved these changes
Mar 19, 2024
riysaxen-amzn
pushed a commit
to riysaxen-amzn/security-analytics
that referenced
this pull request
Mar 25, 2024
…) (opensearch-project#938) (cherry picked from commit e0b7a5a7905b977e58d80e3b9134b14893d122b0) * remove unneeded import --------- * Stashed user together with it's roles --------- * Added workflow execution logic (opensearch-project#850) * Added workflow execution logic * Adjusted code according to comments * Updated version of the findings json * Updating the workflow metadata in the case of updating flag set to false while the metadata alerady exist * Added logging for workflow metadata update * Added Rest Execute Workflow action * Extended workflow context with workflowMetadataId. Adjusted the doc level monitor findings * Updated conditions for unstashing the context when indexing and deleting the workflow --------- * Added fix when executing the workflow and when chained findings index… (opensearch-project#890) * Fixed deleting monitor workflow metadata (#882) * Fixed deleting monitor metadata and workflow metadata. * fix monitor metadata error from conflict resolution * remove unused import * remove rest execute workflow action * increment schema version for findings mapping json --------- Signed-off-by: Stevan Buzejic <[email protected]> Signed-off-by: Angie Zhang <[email protected]> Signed-off-by: Ashish Agrawal <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]> Co-authored-by: Stevan Buzejic <[email protected]> Co-authored-by: Angie Zhang <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: Petar Dzepina <[email protected]> Co-authored-by: Ashish Agrawal <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Backports #695 #722 #724 #873
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.