Skip to content

Commit

Permalink
add filter to list ioc api to fetch only from available and refreshin…
Browse files Browse the repository at this point in the history 
…g apis. null check for alias (opensearch-project#1131)

Signed-off-by: Surya Sashank Nistala <[email protected]>
  • Loading branch information
@eirsep
eirsep authored Jul 2, 2024
1 parent 5d3dbca commit 23ab84a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
6 changes: 5 additions & 1 deletion ...n/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@ public void checkAndEnsureThreatIntelMonitorsDeleted(
public void getIocTypeToIndices(ActionListener<Map<String, List<String>>> listener) {
SearchRequest searchRequest = new SearchRequest(SecurityAnalyticsPlugin.JOB_INDEX_NAME);

String stateFieldName = String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD);
String stateFieldName = getStateFieldName();
BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery(stateFieldName, AVAILABLE.toString()));
queryBuilder.should(QueryBuilders.matchQuery(stateFieldName, REFRESHING));
Expand Down Expand Up @@ -523,4 +523,8 @@ public void getIocTypeToIndices(ActionListener<Map<String, List<String>>> listen
}
));
}

public static String getStateFieldName() {
return String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD);
}
}
15 changes: 12 additions & 3 deletions src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
import java.util.concurrent.atomic.AtomicReference;

import static org.opensearch.securityanalytics.services.STIX2IOCFeedStore.getIocIndexAlias;
import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.AVAILABLE;
import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.REFRESHING;
import static org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService.getStateFieldName;

public class TransportListIOCsAction extends HandledTransportAction<ListIOCsActionRequest, ListIOCsActionResponse> implements SecureTransportAction {
private static final Logger log = LogManager.getLogger(TransportListIOCsAction.class);
Expand Down Expand Up @@ -116,8 +119,11 @@ void start() {
List<String> iocIndices = new ArrayList<>();
for (SearchHit hit : searchResponse.getHits().getHits()) {
String iocIndexAlias = getIocIndexAlias(hit.getId());
String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state());
iocIndices.add(writeIndex);
if (IndexUtils.isAlias(iocIndexAlias, clusterService.state())) {
String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state());
if (writeIndex != null)
iocIndices.add(writeIndex);
}
}
if (iocIndices.isEmpty()) {
log.info("No ioc indices found to query for given threat intel source filtering criteria {}", String.join(",", configIds));
Expand Down Expand Up @@ -263,7 +269,10 @@ private SearchSourceBuilder getFeedsSearchSourceBuilder(List<String> configIds)
}
return new SearchSourceBuilder().query(queryBuilder).size(9999);
} else {
return new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(9999);
BoolQueryBuilder stateQueryBuilder = QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery(getStateFieldName(), REFRESHING.toString()))
.should(QueryBuilders.matchQuery(getStateFieldName(), AVAILABLE.toString()));
return new SearchSourceBuilder().query(stateQueryBuilder).size(9999);
}
}
}

0 comments on commit 23ab84a

Please sign in to comment.