diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java index 4f79dcc7d..aaba862f8 100644 --- a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java +++ b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java @@ -216,16 +216,13 @@ import org.opensearch.watcher.ResourceWatcherService; import reactor.util.annotation.NonNull; -import java.util.Collection; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.Optional; +import java.util.*; import java.util.function.Supplier; import static org.opensearch.securityanalytics.threatIntel.iocscan.service.ThreatIntelMonitorRunner.THREAT_INTEL_MONITOR_TYPE; import static org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfig.SOURCE_CONFIG_FIELD; import static org.opensearch.securityanalytics.threatIntel.model.TIFJobParameter.THREAT_INTEL_DATA_INDEX_NAME_PREFIX; +import static org.opensearch.securityanalytics.util.CorrelationIndices.CORRELATION_ALERT_INDEX; public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, MapperPlugin, SearchPlugin, EnginePlugin, ClusterPlugin, SystemIndexPlugin, JobSchedulerExtension, RemoteMonitorRunnerExtension { @@ -284,7 +281,11 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map @Override public Collection getSystemIndexDescriptors(Settings settings) { - return Collections.singletonList(new SystemIndexDescriptor(THREAT_INTEL_DATA_INDEX_NAME_PREFIX, "System index used for threat intel data")); + List descriptors = List.of( + new SystemIndexDescriptor(THREAT_INTEL_DATA_INDEX_NAME_PREFIX, "System index used for threat intel data"), + new SystemIndexDescriptor(CORRELATION_ALERT_INDEX, "System index used for Correlation Alerts") + ); + return descriptors; } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java index 917d0349c..7032819de 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java @@ -67,6 +67,8 @@ protected void doExecute(Task task, AckCorrelationAlertsRequest request, ActionL return; } + this.threadPool.getThreadContext().stashContext(); + if (!request.getCorrelationAlertIds().isEmpty()) { correlationAlertService.acknowledgeAlerts( request.getCorrelationAlertIds(), diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java index cdca86a23..a19817e5b 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java @@ -64,6 +64,8 @@ protected void doExecute(Task task, GetCorrelationAlertsRequest request, ActionL return; } + this.threadPool.getThreadContext().stashContext(); + if (request.getCorrelationRuleId() != null) { correlationAlertService.getCorrelationAlerts( request.getCorrelationRuleId(),