Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom log type implementation #500

Merged
merged 1 commit into from
Jul 29, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
import org.opensearch.securityanalytics.logtype.LogTypeService;
import org.opensearch.securityanalytics.mapper.IndexTemplateManager;
import org.opensearch.securityanalytics.mapper.MapperService;
import org.opensearch.securityanalytics.model.CustomLogType;
import org.opensearch.securityanalytics.resthandler.*;
import org.opensearch.securityanalytics.transport.*;
import org.opensearch.securityanalytics.model.Rule;
Expand All @@ -66,6 +67,7 @@
import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
import org.opensearch.securityanalytics.util.CorrelationIndices;
import org.opensearch.securityanalytics.util.CorrelationRuleIndices;
import org.opensearch.securityanalytics.util.CustomLogTypeIndices;
import org.opensearch.securityanalytics.util.DetectorIndices;
import org.opensearch.securityanalytics.util.RuleIndices;
import org.opensearch.securityanalytics.util.RuleTopicIndices;
Expand All @@ -87,6 +89,8 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map
public static final String LIST_CORRELATIONS_URI = PLUGINS_BASE_URI + "/correlations";
public static final String CORRELATION_RULES_BASE_URI = PLUGINS_BASE_URI + "/correlation/rules";

public static final String CUSTOM_LOG_TYPE_URI = PLUGINS_BASE_URI + "/logtype";

private CorrelationRuleIndices correlationRuleIndices;

private DetectorIndices detectorIndices;
Expand All @@ -95,6 +99,8 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map

private CorrelationIndices correlationIndices;

private CustomLogTypeIndices customLogTypeIndices;

private MapperService mapperService;

private RuleIndices ruleIndices;
Expand Down Expand Up @@ -126,14 +132,15 @@ public Collection<Object> createComponents(Client client,
detectorIndices = new DetectorIndices(client.admin(), clusterService, threadPool);
ruleTopicIndices = new RuleTopicIndices(client, clusterService, logTypeService);
correlationIndices = new CorrelationIndices(client, clusterService);
customLogTypeIndices = new CustomLogTypeIndices(client.admin(), clusterService);
indexTemplateManager = new IndexTemplateManager(client, clusterService, indexNameExpressionResolver, xContentRegistry);
mapperService = new MapperService(client, clusterService, indexNameExpressionResolver, indexTemplateManager, logTypeService);
ruleIndices = new RuleIndices(logTypeService, client, clusterService, threadPool);
correlationRuleIndices = new CorrelationRuleIndices(client, clusterService);
this.client = client;

return List.of(
detectorIndices, correlationIndices, correlationRuleIndices, ruleTopicIndices, ruleIndices,
detectorIndices, correlationIndices, correlationRuleIndices, ruleTopicIndices, customLogTypeIndices, ruleIndices,
mapperService, indexTemplateManager, builtinLogTypeLoader
);
}
Expand Down Expand Up @@ -172,7 +179,10 @@ public List<RestHandler> getRestHandlers(Settings settings,
new RestIndexCorrelationRuleAction(),
new RestDeleteCorrelationRuleAction(),
new RestListCorrelationAction(),
new RestSearchCorrelationRuleAction()
new RestSearchCorrelationRuleAction(),
new RestIndexCustomLogTypeAction(),
new RestSearchCustomLogTypeAction(),
new RestDeleteCustomLogTypeAction()
);
}

Expand All @@ -181,7 +191,8 @@ public List<NamedXContentRegistry.Entry> getNamedXContent() {
return List.of(
Detector.XCONTENT_REGISTRY,
DetectorInput.XCONTENT_REGISTRY,
Rule.XCONTENT_REGISTRY
Rule.XCONTENT_REGISTRY,
CustomLogType.XCONTENT_REGISTRY
);
}

Expand Down Expand Up @@ -258,7 +269,10 @@ public List<Setting<?>> getSettings() {
new ActionPlugin.ActionHandler<>(DeleteCorrelationRuleAction.INSTANCE, TransportDeleteCorrelationRuleAction.class),
new ActionPlugin.ActionHandler<>(AlertingActions.SUBSCRIBE_FINDINGS_ACTION_TYPE, TransportCorrelateFindingAction.class),
new ActionPlugin.ActionHandler<>(ListCorrelationsAction.INSTANCE, TransportListCorrelationAction.class),
new ActionPlugin.ActionHandler<>(SearchCorrelationRuleAction.INSTANCE, TransportSearchCorrelationRuleAction.class)
new ActionPlugin.ActionHandler<>(SearchCorrelationRuleAction.INSTANCE, TransportSearchCorrelationRuleAction.class),
new ActionHandler<>(IndexCustomLogTypeAction.INSTANCE, TransportIndexCustomLogTypeAction.class),
new ActionHandler<>(SearchCustomLogTypeAction.INSTANCE, TransportSearchCustomLogTypeAction.class),
new ActionHandler<>(DeleteCustomLogTypeAction.INSTANCE, TransportDeleteCustomLogTypeAction.class)
);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,15 @@

public class CorrelatedFindingRequest extends ActionRequest {

private Detector.DetectorType detectorType;
private String detectorType;

private String findingId;

private long timeWindow;

private int noOfNearbyFindings;

public CorrelatedFindingRequest(String findingId, Detector.DetectorType detectorType, long timeWindow, int noOfNearbyFindings) {
public CorrelatedFindingRequest(String findingId, String detectorType, long timeWindow, int noOfNearbyFindings) {
super();
this.findingId = findingId;
this.detectorType = detectorType;
Expand All @@ -33,7 +33,7 @@ public CorrelatedFindingRequest(String findingId, Detector.DetectorType detector
public CorrelatedFindingRequest(StreamInput sin) throws IOException {
this(
sin.readString(),
sin.readEnum(Detector.DetectorType.class),
sin.readString(),
sin.readLong(),
sin.readInt()
);
Expand All @@ -47,7 +47,7 @@ public ActionRequestValidationException validate() {
@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(findingId);
out.writeEnum(detectorType);
out.writeString(detectorType);
out.writeLong(timeWindow);
out.writeInt(noOfNearbyFindings);
}
Expand All @@ -56,7 +56,7 @@ public String getFindingId() {
return findingId;
}

public Detector.DetectorType getDetectorType() {
public String getDetectorType() {
return detectorType;
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.securityanalytics.action;

import org.opensearch.action.ActionType;

public class DeleteCustomLogTypeAction extends ActionType<DeleteCustomLogTypeResponse> {

public static final DeleteCustomLogTypeAction INSTANCE = new DeleteCustomLogTypeAction();
public static final String NAME = "cluster:admin/opensearch/securityanalytics/logtype/delete";

public DeleteCustomLogTypeAction() {
super(NAME, DeleteCustomLogTypeResponse::new);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.securityanalytics.action;

import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionRequestValidationException;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.common.io.stream.StreamInput;
import org.opensearch.common.io.stream.StreamOutput;

import java.io.IOException;

public class DeleteCustomLogTypeRequest extends ActionRequest {

private String logTypeId;

private WriteRequest.RefreshPolicy refreshPolicy;

public DeleteCustomLogTypeRequest(String logTypeId, WriteRequest.RefreshPolicy refreshPolicy) {
super();
this.logTypeId = logTypeId;
this.refreshPolicy = refreshPolicy;
}

public DeleteCustomLogTypeRequest(StreamInput sin) throws IOException {
this(sin.readString(),
WriteRequest.RefreshPolicy.readFrom(sin));
}

@Override
public ActionRequestValidationException validate() {
return null;
}

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(logTypeId);
refreshPolicy.writeTo(out);
}

public String getLogTypeId() {
return logTypeId;
}

public WriteRequest.RefreshPolicy getRefreshPolicy() {
return refreshPolicy;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.securityanalytics.action;

import org.opensearch.action.ActionResponse;
import org.opensearch.common.io.stream.StreamInput;
import org.opensearch.common.io.stream.StreamOutput;
import org.opensearch.core.xcontent.ToXContentObject;
import org.opensearch.core.xcontent.XContentBuilder;
import org.opensearch.rest.RestStatus;

import java.io.IOException;

import static org.opensearch.securityanalytics.util.RestHandlerUtils._ID;
import static org.opensearch.securityanalytics.util.RestHandlerUtils._VERSION;

public class DeleteCustomLogTypeResponse extends ActionResponse implements ToXContentObject {

private String id;

private Long version;

private RestStatus status;

public DeleteCustomLogTypeResponse(String id, Long version, RestStatus status) {
super();
this.id = id;
this.version = version;
this.status = status;
}

public DeleteCustomLogTypeResponse(StreamInput sin) throws IOException {
this(
sin.readString(),
sin.readLong(),
sin.readEnum(RestStatus.class)
);
}

@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
builder.startObject()
.field(_ID, id)
.field(_VERSION, version);
return builder.endObject();
}

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(id);
out.writeLong(version);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.securityanalytics.action;

import org.opensearch.action.ActionType;

public class IndexCustomLogTypeAction extends ActionType<IndexCustomLogTypeResponse> {

public static final IndexCustomLogTypeAction INSTANCE = new IndexCustomLogTypeAction();
public static final String NAME = "cluster:admin/opensearch/securityanalytics/logtype/write";

public IndexCustomLogTypeAction() {
super(NAME, IndexCustomLogTypeResponse::new);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.securityanalytics.action;

import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionRequestValidationException;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.common.io.stream.StreamInput;
import org.opensearch.common.io.stream.StreamOutput;
import org.opensearch.rest.RestRequest;
import org.opensearch.securityanalytics.model.CustomLogType;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class IndexCustomLogTypeRequest extends ActionRequest {

private String logTypeId;

private WriteRequest.RefreshPolicy refreshPolicy;

private RestRequest.Method method;

private CustomLogType customLogType;

private static final Pattern IS_VALID_CUSTOM_LOG_NAME = Pattern.compile("[a-zA-Z0-9 _,-.]{5,50}");

public IndexCustomLogTypeRequest(
String logTypeId,
WriteRequest.RefreshPolicy refreshPolicy,
RestRequest.Method method,
CustomLogType customLogType
) {
super();
this.logTypeId = logTypeId;
this.refreshPolicy = refreshPolicy;
this.method = method;
this.customLogType = customLogType;
}

public IndexCustomLogTypeRequest(StreamInput sin) throws IOException {
this(
sin.readString(),
WriteRequest.RefreshPolicy.readFrom(sin),
sin.readEnum(RestRequest.Method.class),
CustomLogType.readFrom(sin)
);
}

@Override
public ActionRequestValidationException validate() {
Matcher matcher = IS_VALID_CUSTOM_LOG_NAME.matcher(customLogType.getName());
boolean find = matcher.matches();
if (!find) {
throw new ActionRequestValidationException();
}
return null;
}

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(logTypeId);
refreshPolicy.writeTo(out);
out.writeEnum(method);
customLogType.writeTo(out);
}

public String getLogTypeId() {
return logTypeId;
}

public WriteRequest.RefreshPolicy getRefreshPolicy() {
return refreshPolicy;
}

public RestRequest.Method getMethod() {
return method;
}

public CustomLogType getCustomLogType() {
return customLogType;
}
}
Loading