diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java index 8320fde14..e733edbf4 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigService.java @@ -489,7 +489,7 @@ public void checkAndEnsureThreatIntelMonitorsDeleted( public void getIocTypeToIndices(ActionListener>> listener) { SearchRequest searchRequest = new SearchRequest(SecurityAnalyticsPlugin.JOB_INDEX_NAME); - String stateFieldName = String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD); + String stateFieldName = getStateFieldName(); BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery() .should(QueryBuilders.matchQuery(stateFieldName, AVAILABLE.toString())); queryBuilder.should(QueryBuilders.matchQuery(stateFieldName, REFRESHING)); @@ -523,4 +523,8 @@ public void getIocTypeToIndices(ActionListener>> listen } )); } + + public static String getStateFieldName() { + return String.format("%s.%s", SOURCE_CONFIG_FIELD, STATE_FIELD); + } } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java index f48cbd4e6..4abd3750c 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportListIOCsAction.java @@ -57,6 +57,9 @@ import java.util.concurrent.atomic.AtomicReference; import static org.opensearch.securityanalytics.services.STIX2IOCFeedStore.getIocIndexAlias; +import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.AVAILABLE; +import static org.opensearch.securityanalytics.threatIntel.common.TIFJobState.REFRESHING; +import static org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService.getStateFieldName; public class TransportListIOCsAction extends HandledTransportAction implements SecureTransportAction { private static final Logger log = LogManager.getLogger(TransportListIOCsAction.class); @@ -116,8 +119,11 @@ void start() { List iocIndices = new ArrayList<>(); for (SearchHit hit : searchResponse.getHits().getHits()) { String iocIndexAlias = getIocIndexAlias(hit.getId()); - String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state()); - iocIndices.add(writeIndex); + if (IndexUtils.isAlias(iocIndexAlias, clusterService.state())) { + String writeIndex = IndexUtils.getWriteIndex(iocIndexAlias, clusterService.state()); + if (writeIndex != null) + iocIndices.add(writeIndex); + } } if (iocIndices.isEmpty()) { log.info("No ioc indices found to query for given threat intel source filtering criteria {}", String.join(",", configIds)); @@ -263,7 +269,10 @@ private SearchSourceBuilder getFeedsSearchSourceBuilder(List configIds) } return new SearchSourceBuilder().query(queryBuilder).size(9999); } else { - return new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(9999); + BoolQueryBuilder stateQueryBuilder = QueryBuilders.boolQuery() + .should(QueryBuilders.matchQuery(getStateFieldName(), REFRESHING.toString())) + .should(QueryBuilders.matchQuery(getStateFieldName(), AVAILABLE.toString())); + return new SearchSourceBuilder().query(stateQueryBuilder).size(9999); } } }