fix bug: threat intel monitor finding doesnt contain all doc_ids cont…

…aining malicious IOC Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
eirsep · Jul 18, 2024 · 687c7ac · 687c7ac
1 parent cf31d58
commit 687c7ac
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...ain/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java b/...ain/java/org/opensearch/securityanalytics/threatIntel/iocscan/service/IoCScanService.java
@@ -131,11 +131,11 @@ abstract void matchAgainstThreatIntelAndReturnMaliciousIocs(
                         List<String> vals = getValuesAsStringList(datum, field);
                         String id = getId(datum);
                         String docId = id + ":" + index;
-                        Set<String> iocs = docIdToIocsMap.getOrDefault(docIdToIocsMap.get(docId), new HashSet<>());
+                        Set<String> iocs = docIdToIocsMap.getOrDefault(docId, new HashSet<>());
                         iocs.addAll(vals);
                         docIdToIocsMap.put(docId, iocs);
                         for (String ioc : vals) {
-                            Set<String> docIds = iocValueToDocIdMap.getOrDefault(iocValueToDocIdMap.get(ioc), new HashSet<>());
+                            Set<String> docIds = iocValueToDocIdMap.getOrDefault(ioc, new HashSet<>());
                             docIds.add(docId);
                             iocValueToDocIdMap.put(ioc, docIds);
                         }