Skip to content

Commit

Permalink
Merge branch 'main' into bug-fix
Browse files Browse the repository at this point in the history
Signed-off-by: Riya <69919272+riysaxen-amzn@users.noreply.github.com>
  • Loading branch information
riysaxen-amzn authored Jul 2, 2024
2 parents da558fe + e8d7879 commit e95bef7
Show file tree
Hide file tree
Showing 9 changed files with 81 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
import org.opensearch.commons.alerting.model.action.Action;
import org.opensearch.core.common.Strings;
import org.opensearch.common.UUIDs;

import org.opensearch.common.io.PathUtils;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.xcontent.XContentFactory;
Expand Down Expand Up @@ -64,11 +63,18 @@
import org.opensearch.securityanalytics.correlation.CorrelationEngineRestApiIT;
import org.opensearch.securityanalytics.correlation.index.query.CorrelationQueryBuilder;
import org.opensearch.securityanalytics.mapper.MappingsTraverser;
import org.opensearch.securityanalytics.model.*;
import org.opensearch.securityanalytics.model.CorrelationQuery;
import org.opensearch.securityanalytics.model.CorrelationRule;
import org.opensearch.securityanalytics.model.CorrelationRuleTrigger;
import org.opensearch.securityanalytics.model.CustomLogType;
import org.opensearch.securityanalytics.model.Detector;
import org.opensearch.securityanalytics.model.DetectorInput;
import org.opensearch.securityanalytics.model.DetectorTrigger;
import org.opensearch.securityanalytics.model.DetectorRule;
import org.opensearch.securityanalytics.model.Rule;
import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
import org.opensearch.securityanalytics.util.CorrelationIndices;
import org.opensearch.test.rest.OpenSearchRestTestCase;


import javax.management.MBeanServerInvocationHandler;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
Expand All @@ -85,10 +91,19 @@
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;

import static org.opensearch.action.admin.indices.create.CreateIndexRequest.MAPPINGS;
import static org.opensearch.securityanalytics.SecurityAnalyticsPlugin.MAPPER_BASE_URI;
import static org.opensearch.securityanalytics.TestHelpers.*;
import static org.opensearch.securityanalytics.TestHelpers.adLdapLogMappings;
import static org.opensearch.securityanalytics.TestHelpers.appLogMappings;
import static org.opensearch.securityanalytics.TestHelpers.productIndexAvgAggRule;
import static org.opensearch.securityanalytics.TestHelpers.randomIndex;
import static org.opensearch.securityanalytics.TestHelpers.randomDetectorWithInputsAndTriggers;
import static org.opensearch.securityanalytics.TestHelpers.randomDetectorWithInputsAndTriggersAndType;
import static org.opensearch.securityanalytics.TestHelpers.randomDetectorType;
import static org.opensearch.securityanalytics.TestHelpers.sumAggregationTestRule;
import static org.opensearch.securityanalytics.TestHelpers.s3AccessLogMappings;
import static org.opensearch.securityanalytics.TestHelpers.vpcFlowMappings;
import static org.opensearch.securityanalytics.TestHelpers.windowsIndexMapping;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_INDEX_MAX_AGE;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_MAX_DOCS;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.ALERT_HISTORY_RETENTION_PERIOD;
Expand Down Expand Up @@ -1571,8 +1586,8 @@ protected void createNetflowLogIndex(String indexName) throws IOException {
Response response = client().performRequest(indexRequest);
assertEquals(HttpStatus.SC_CREATED, response.getStatusLine().getStatusCode());
// Refresh everything
response = client().performRequest(new Request("POST", "_refresh"));
assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
//response = client().performRequest(new Request("POST", "_refresh"));
//assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
}


Expand Down
10 changes: 9 additions & 1 deletion src/test/java/org/opensearch/securityanalytics/TestHelpers.java
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,15 @@
import org.opensearch.commons.authuser.User;
import org.opensearch.script.Script;
import org.opensearch.script.ScriptType;
import org.opensearch.securityanalytics.model.*;
import org.opensearch.securityanalytics.model.CorrelationQuery;
import org.opensearch.securityanalytics.model.CorrelationRule;
import org.opensearch.securityanalytics.model.CorrelationRuleTrigger;
import org.opensearch.securityanalytics.model.CustomLogType;
import org.opensearch.securityanalytics.model.Detector;
import org.opensearch.securityanalytics.model.DetectorInput;
import org.opensearch.securityanalytics.model.DetectorRule;
import org.opensearch.securityanalytics.model.DetectorTrigger;
import org.opensearch.securityanalytics.model.ThreatIntelFeedData;
import org.opensearch.test.OpenSearchTestCase;
import org.opensearch.test.rest.OpenSearchRestTestCase;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ public void testAckAlerts_WithInvalidDetectorAlertsCombination() throws IOExcept

indexDoc(index, "1", randomDoc());

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

Response executeResponse = null;

Expand Down Expand Up @@ -566,7 +566,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt

indexDoc(index, "1", randomDoc());

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
Map<String, Object> executeResults = entityAsMap(executeResponse);
Expand Down Expand Up @@ -682,7 +682,7 @@ public void testGetAlerts_byDetectorType_multipleDetectors_success() throws IOEx
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

request = "{\n" +
" \"query\" : {\n" +
Expand All @@ -700,7 +700,7 @@ public void testGetAlerts_byDetectorType_multipleDetectors_success() throws IOEx
hits = executeSearch(DetectorMonitorConfig.getAlertsIndex("network"), request);
}

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

// Call GetAlerts API for WINDOWS detector
Map<String, String> params = new HashMap<>();
Expand Down Expand Up @@ -1081,7 +1081,7 @@ public void testAlertHistoryRollover_maxDocs() throws IOException, InterruptedEx

indexDoc(index, "1", randomDoc());

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
Map<String, Object> executeResults = entityAsMap(executeResponse);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt

indexDoc(index, "1", randomDoc());

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

Response executeResponse = executeAlertingMonitor(monitorId, Collections.emptyMap());
Map<String, Object> executeResults = entityAsMap(executeResponse);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.securityanalytics.correlation.alerts;

import org.opensearch.client.Client;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.securityanalytics.correlation.alerts;

import org.apache.hc.core5.http.io.entity.StringEntity;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ public void testGetFindings_byDetectorType_success() throws IOException {
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

// Call GetFindings API for first detector
Map<String, String> params = new HashMap<>();
Expand Down Expand Up @@ -367,7 +367,7 @@ public void testGetAllFindings_success() throws IOException {
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
// Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

// Call GetFindings API for all the detectors
Map<String, String> params = new HashMap<>();
Expand Down Expand Up @@ -586,7 +586,7 @@ public void testGetFindings_bySeverity_success() throws IOException {
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

// Call GetFindings API for first detector by severity
Map<String, String> params = new HashMap<>();
Expand Down Expand Up @@ -707,7 +707,7 @@ public void testGetFindings_bySearchString_success() throws IOException {
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));

// Call GetFindings API for first detector by searchString 'high'
Map<String, String> params = new HashMap<>();
Expand Down Expand Up @@ -823,7 +823,7 @@ public void testGetFindings_byStartTimeAndEndTime_success() throws IOException {
int noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));
// Call GetFindings API for first detector by startTime and endTime
Map<String, String> params = new HashMap<>();
params.put("startTime", String.valueOf(startTime1.toEpochMilli()));
Expand All @@ -834,7 +834,7 @@ public void testGetFindings_byStartTimeAndEndTime_success() throws IOException {
Map<String, Object> getFindingsBody = entityAsMap(getFindingsResponse);
Assert.assertEquals(1, getFindingsBody.get("total_findings"));

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));
Instant startTime2 = Instant.now();
// execute monitor 2
executeResponse = executeAlertingMonitor(monitorId2, Collections.emptyMap());
Expand Down Expand Up @@ -1335,7 +1335,7 @@ public void testGetFindings_rolloverByMaxDoc_short_retention_success() throws IO
// Call GetFindings API
Map<String, String> params = new HashMap<>();
params.put("detector_id", detectorId);
client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));
Response getFindingsResponse = makeRequest(client(), "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
Map<String, Object> getFindingsBody = entityAsMap(getFindingsResponse);
Assert.assertEquals(1, getFindingsBody.get("total_findings"));
Expand Down Expand Up @@ -1364,7 +1364,7 @@ public void testGetFindings_rolloverByMaxDoc_short_retention_success() throws IO

noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(5, noOfSigmaRuleMatches);
client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));
getFindingsResponse = makeRequest(client(), "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
getFindingsBody = entityAsMap(getFindingsResponse);
Assert.assertEquals(1, getFindingsBody.get("total_findings"));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ public void testGetFindings_byDetectorType_success() throws IOException {
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(5, noOfSigmaRuleMatches);

client().performRequest(new Request("POST", "_refresh"));
// client().performRequest(new Request("POST", "_refresh"));


// try to do get finding as a user with read access
Expand Down
Loading

0 comments on commit e95bef7

Please sign in to comment.