Added Opensearch support for Elasticsearch feed (#27623)

* Added Opensearch support for Elasticsearch feed (#27333)

* Added Opensearch support for Elasticsearch feed

* Updated release notes and readme

* Updated release notes and readme

* Revert changes to poetry lock

* Update docker image.
Remove tested on version x.x in README.

* Fix flake8 errors.

* Update docker comment in RN.

* Trying to add opensearchpy dependency for test

* fix flake8 errors.

* Adding known_words section

* Moving opensearch-py to dev-packages section.

* Update docker image

* Align yml docker with RN docker.

---------

Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>

* Updating docker image.

---------

Co-authored-by: anilagr <40182783+anilagr@users.noreply.github.com>
Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>

Packs/FeedElasticsearch/.pack-ignore

@@ -0,0 +1,3 @@
+[known_words]
+Elasticsearch
+Opensearch

Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.py

@@ -3,9 +3,6 @@
 from CommonServerUserPython import *
 
 '''IMPORTS'''
-from elasticsearch import Elasticsearch, RequestsHttpConnection
-from elasticsearch_dsl import Search
-from elasticsearch_dsl.query import QueryString
 import requests
 import warnings
 import urllib3
@@ -33,6 +30,16 @@
 FEED_TYPE_CORTEX = 'Cortex XSOAR Feed'
 FEED_TYPE_CORTEX_MT = 'Cortex XSOAR MT Shared Feed'
 
+ELASTIC_SEARCH_CLIENT = demisto.params().get('client_type')
+if ELASTIC_SEARCH_CLIENT == 'OpenSearch':
+    from opensearchpy import OpenSearch as Elasticsearch, RequestsHttpConnection
+    from opensearch_dsl import Search
+    from opensearch_dsl.query import QueryString
+else:
+    from elasticsearch import Elasticsearch, RequestsHttpConnection
+    from elasticsearch_dsl import Search
+    from elasticsearch_dsl.query import QueryString
+
 
 class ElasticsearchClient:
     def __init__(self, insecure=None, server=None, username=None, password=None, api_key=None, api_id=None,

Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.yml

@@ -12,6 +12,15 @@ configuration:
   name: credentials
   required: false
   type: 9
+- additionalinfo: In some hosted ElasticSearch environments, the standard ElasticSearch client is not supported. If you encounter any related client issues, please consider using the OpenSearch client type.
+  defaultvalue: OpenSearch
+  display: Client type
+  name: client_type
+  options:
+  - ElasticSearch
+  - OpenSearch
+  required: false
+  type: 15
 - defaultvalue: 'false'
   display: Trust any certificate (not secure)
   name: insecure
@@ -163,7 +172,7 @@ script:
     description: Gets indicators available in the configured Elasticsearch database.
     execution: false
     name: es-get-indicators
-  dockerimage: demisto/py3-tools:1.0.0.45904
+  dockerimage: demisto/py3-tools:1.0.0.64131
   feed: true
   isfetch: false
   longRunning: false

Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch_test.py

@@ -1,3 +1,6 @@
+from CommonServerPython import *
+
+
 class MockHit:
     def __init__(self, hit_val):
         self._hit_val = hit_val
@@ -171,7 +174,9 @@ def test_hit_to_indicator():
     assert ioc[CUSTOM_TYPE_KEY] == ''
 
 
-def test_extract_indicators_from_insight_hit(mocker):
+def test_extract_indicators_from_insight_hit2(mocker):
+    params: dict = {'client_type': 'OpenSearch'}
+    mocker.patch.object(demisto, 'params', return_value=params)
     import FeedElasticsearch as esf
     mocker.patch.object(esf, 'hit_to_indicator', return_value=dict(PARSED_INSIGHT_HIT))
     ioc_lst, ioc_enrch_lst = esf.extract_indicators_from_insight_hit(PARSED_INSIGHT_HIT, ['tag1', 'tag2'], 'AMBER')

Packs/FeedElasticsearch/Integrations/FeedElasticsearch/Pipfile

@@ -9,6 +9,7 @@ pytest = "*"
 pytest-mock = "*"
 requests-mock = "*"
 pytest-asyncio = "*"
+opensearch-py = "*"
 
 [packages]
 elasticsearch = "*"