Merge branch 'main' into alertsInCorrelations

release-notes/opensearch-security-analytics.release-notes-2.15.0.0.md

@@ -0,0 +1,15 @@
+## Version 2.15.0.0 2024-06-10
+
+Compatible with OpenSearch 2.15.0
+
+### Maintenance
+* Increment version to 2.15.0-SNAPSHOT. ([#1055](https://github.com/opensearch-project/security-analytics/pull/1055))
+* Fix codecov calculation ([#1021](https://github.com/opensearch-project/security-analytics/pull/1021))
+* Stabilize integ tests ([#1014](https://github.com/opensearch-project/security-analytics/pull/1014))
+
+### Bug Fixes
+* Fix chained findings monitor logic in update detector flow ([#1019](https://github.com/opensearch-project/security-analytics/pull/1019))
+* Change default filter to time based fields ([#1030](https://github.com/opensearch-project/security-analytics/pull/1030))
+
+### Documentation
+* Added 2.15.0 release notes. ([#1061](https://github.com/opensearch-project/security-analytics/pull/1061))

src/main/java/org/opensearch/securityanalytics/correlation/index/codec/CorrelationCodecVersion.java

@@ -20,7 +20,7 @@
 
 public enum CorrelationCodecVersion {
     V_9_5_0(
-            "CorrelationCodec950",
+            "CorrelationCodec",
             new Lucene95Codec(),
             new PerFieldCorrelationVectorsFormat950(Optional.empty()),
             (userCodec, mapperService) -> new CorrelationCodec950(userCodec, new PerFieldCorrelationVectorsFormat950(Optional.of(mapperService))),

src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java

@@ -785,7 +785,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List<Pair<String, Rule>
         }
 
         Monitor monitor = new Monitor(monitorId, Monitor.NO_VERSION, detector.getName(), false, detector.getSchedule(), detector.getLastUpdateTime(), null,
-                Monitor.MonitorType.DOC_LEVEL_MONITOR, detector.getUser(), 1, docLevelMonitorInputs, triggers, Map.of(),
+                Monitor.MonitorType.DOC_LEVEL_MONITOR.getValue(), detector.getUser(), 1, docLevelMonitorInputs, triggers, Map.of(),
                 new DataSources(detector.getRuleIndex(),
                         detector.getFindingsIndex(),
                         detector.getFindingsIndexPattern(),
@@ -886,7 +886,7 @@ private IndexMonitorRequest createDocLevelMonitorMatchAllRequest(
         }
 
         Monitor monitor = new Monitor(monitorId, Monitor.NO_VERSION, monitorName, false, detector.getSchedule(), detector.getLastUpdateTime(), null,
-                Monitor.MonitorType.DOC_LEVEL_MONITOR, detector.getUser(), 1, docLevelMonitorInputs, triggers, Map.of(),
+                Monitor.MonitorType.DOC_LEVEL_MONITOR.getValue(), detector.getUser(), 1, docLevelMonitorInputs, triggers, Map.of(),
                 new DataSources(detector.getRuleIndex(),
                         detector.getFindingsIndex(),
                         detector.getFindingsIndexPattern(),
@@ -1060,7 +1060,7 @@ public void onResponse(GetIndexMappingsResponse getIndexMappingsResponse) {
                              } **/
 
                             Monitor monitor = new Monitor(monitorId, Monitor.NO_VERSION, detector.getName(), false, detector.getSchedule(), detector.getLastUpdateTime(), null,
-                                    MonitorType.BUCKET_LEVEL_MONITOR, detector.getUser(), 1, bucketLevelMonitorInputs, triggers, Map.of(),
+                                    MonitorType.BUCKET_LEVEL_MONITOR.getValue(), detector.getUser(), 1, bucketLevelMonitorInputs, triggers, Map.of(),
                                     new DataSources(detector.getRuleIndex(),
                                             detector.getFindingsIndex(),
                                             detector.getFindingsIndexPattern(),
@@ -1782,7 +1782,7 @@ private Map<String, String> mapMonitorIds(List<IndexMonitorResponse> monitorResp
                 Collectors.toMap(
                     // In the case of bucket level monitors rule id is trigger id
                     it -> {
-                        if (MonitorType.BUCKET_LEVEL_MONITOR == it.getMonitor().getMonitorType()) {
+                        if (MonitorType.BUCKET_LEVEL_MONITOR.getValue().equals(it.getMonitor().getMonitorType())) {
                             return it.getMonitor().getTriggers().get(0).getId();
                         } else {
                             if (it.getMonitor().getName().contains("_chained_findings")) {

src/main/java/org/opensearch/securityanalytics/util/DetectorUtils.java

@@ -109,7 +109,7 @@ public static List<String> getBucketLevelMonitorIds(
     ) {
         return monitorResponses.stream().filter(
                 // In the case of bucket level monitors rule id is trigger id
-                it -> Monitor.MonitorType.BUCKET_LEVEL_MONITOR == it.getMonitor().getMonitorType()
+                it -> Monitor.MonitorType.BUCKET_LEVEL_MONITOR.getValue().equals(it.getMonitor().getMonitorType())
                 ).map(IndexMonitorResponse::getId).collect(Collectors.toList());
     }
     public static List<String> getAggRuleIdsConfiguredToTrigger(Detector detector, List<Pair<String, Rule>> rulesById) {

src/test/java/org/opensearch/securityanalytics/alerts/AlertingServiceTests.java

@@ -88,7 +88,7 @@ public void testGetAlerts_success() {
                         new CronSchedule("31 * * * *", ZoneId.of("Asia/Kolkata"), Instant.ofEpochSecond(1538164858L)),
                         Instant.now(),
                         Instant.now(),
-                        Monitor.MonitorType.DOC_LEVEL_MONITOR,
+                        Monitor.MonitorType.DOC_LEVEL_MONITOR.getValue(),
                         null,
                         1,
                         List.of(),
@@ -122,7 +122,7 @@ public void testGetAlerts_success() {
                         new CronSchedule("31 * * * *", ZoneId.of("Asia/Kolkata"), Instant.ofEpochSecond(1538164858L)),
                         Instant.now(),
                         Instant.now(),
-                        Monitor.MonitorType.DOC_LEVEL_MONITOR,
+                        Monitor.MonitorType.DOC_LEVEL_MONITOR.getValue(),
                         null,
                         1,
                         List.of(),

src/test/java/org/opensearch/securityanalytics/alerts/AlertsIT.java

@@ -179,6 +179,7 @@ public void testGetAlerts_success() throws IOException {
         assertEquals(((ArrayList<AlertDto>) ackAlertsResponseMap.get("acknowledged")).size(), 1);
     }
 
+    @Ignore
     @SuppressWarnings("unchecked")
     public void testGetAlertsByStartTimeAndEndTimeSuccess() throws IOException, InterruptedException {
         String index = createTestIndex(randomIndex(), windowsIndexMapping());