Add skipping index and saved queries for WAF integration

Signed-off-by: Ryan Liang <[email protected]>
RyanL1997 · Apr 29, 2024 · 3996b67 · 3996b67
1 parent 685aeaf
commit 3996b67
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/.../adaptors/integrations/__data__/repository/aws_waf/assets/create_skipping_index-1.0.0.sql b/.../adaptors/integrations/__data__/repository/aws_waf/assets/create_skipping_index-1.0.0.sql
@@ -0,0 +1,12 @@
+CREATE SKIPPING INDEX ON {table_name} (
+  `timestamp` VALUE_SET, 
+  `webaclId` VALUE_SET, 
+  `httpRequest` VALUE_SET, 
+  `action` BLOOM_FILTER, 
+  `terminatingRuleType` BLOOM_FILTER
+) WITH (
+  auto_refresh = true,
+  refresh_interval = '15 Minutes',
+  checkpoint_location = '{s3_checkpoint_location}',
+  watermark_delay = '1 Minute'
+)
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_waf/assets/example_queries-1.0.0.ndjson
@@ -0,0 +1,3 @@
+{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Allowed Web Access Logs","query":"SELECT `timestamp` as event_timestamp, `webaclId`, `action`, `httpSourceName`, `httpRequest`.clientIp, `httpRequest`.country, `httpRequest`.uri, `httpRequest`.httpMethod, `httpRequest`.requestId FROM {table_name} WHERE `action` = 'ALLOW' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Allowed Web Access Logs","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="}
+{"attributes":{"createdTimeMs":1713293269224,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Regular TerminatingRule WebACLs Limited","query":"SELECT `webaclId` FROM {table_name} WHERE `terminatingRuleType` = 'REGULAR' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Average Time Taken","version":1},"id":"d2a038a0-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:47:49.290Z","version":"WzI4MzIsMV0="}
+{"attributes":{"createdTimeMs":1713294061574,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Allowed Actions WebACLs","query":"SELECT `webaclId`, `action` FROM {table_name} WHERE `action` = 'ALLOW' LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Requests by User Agent","version":1},"id":"aae73c80-fc23-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T19:01:01.640Z","version":"WzI4MzUsMV0="}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json b/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json
@@ -73,6 +73,20 @@
       "type": "query",
       "workflows": ["dashboards"]
 
+    },
+    {
+      "name": "create_skipping_index",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["queries"]
+    },
+    {
+      "name": "example_queries",
+      "version": "1.0.0",
+      "extension": "ndjson",
+      "type": "savedObjectBundle",
+      "workflows": ["queries"]
     }
   ],
   "sampleData": {