Threat Intel Analytics (opensearch-project#1098)

Threat Intel Analytics Added --------- Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]> Signed-off-by: AWSHurneyt <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: Chase Engelbrecht <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Riya Saxena <[email protected]> Co-authored-by: Joanne Wang <[email protected]> Co-authored-by: AWSHurneyt <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> Co-authored-by: Chase <[email protected]> Co-authored-by: Riya <[email protected]>
jowg-amazon · Jul 8, 2024 · a6ac3b8 · a6ac3b8
1 parent 08174b4
commit a6ac3b8
Show file tree

Hide file tree

Showing 188 changed files with 17,674 additions and 361 deletions.
diff --git a/build.gradle b/build.gradle
@@ -14,14 +14,21 @@ buildscript {
         opensearch_build = version_tokens[0] + '.0'
         plugin_no_snapshot = opensearch_build
         opensearch_no_snapshot = opensearch_version.replace("-SNAPSHOT","")
+        sa_commons_version = '1.0.0'
         if (buildVersionQualifier) {
             opensearch_build += "-${buildVersionQualifier}"
         }
         if (isSnapshot) {
             opensearch_build += "-SNAPSHOT"
+
+            // TODO consider enabling snapshot options once SA commons is published to maven central
+//            sa_commons_version += "-SNAPSHOT"
         }
         common_utils_version = System.getProperty("common_utils.version", opensearch_build)
-        kotlin_version = '1.6.10'
+        kotlin_version = '1.8.21'
+
+        sa_commons_file_name = "security-analytics-commons-${sa_commons_version}.jar"
+        sa_commons_file_path = "${project.rootDir}/${sa_commons_file_name}"
     }
 
     repositories {
@@ -54,7 +61,7 @@ ext {
     noticeFile = rootProject.file('NOTICE')
 }
 
-licenseHeaders.enabled = true
+licenseHeaders.enabled = false
 testingConventions.enabled = false
 forbiddenApis.ignoreFailures = true
 
@@ -68,7 +75,7 @@ opensearchplugin {
     name 'opensearch-security-analytics'
     description 'OpenSearch Security Analytics plugin'
     classname 'org.opensearch.securityanalytics.SecurityAnalyticsPlugin'
-    extendedPlugins = ['opensearch-job-scheduler']
+    extendedPlugins = ['opensearch-job-scheduler', 'opensearch-alerting']
 }
 
 javaRestTest {
@@ -150,27 +157,36 @@ configurations {
         resolutionStrategy {
             // for spotless transitive dependency CVE
             force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0"
-            force "com.google.guava:guava:32.1.2-jre"
+            force "com.google.guava:guava:32.1.3-jre"
         }
     }
 }
 
 dependencies {
     javaRestTestImplementation project.sourceSets.main.runtimeClasspath
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: "${versions.commonslang}"
-    implementation "org.antlr:antlr4-runtime:4.10.1"
-    implementation "com.cronutils:cron-utils:9.1.6"
-    api "org.opensearch:common-utils:${common_utils_version}@jar"
-    api "org.opensearch.client:opensearch-rest-client:${opensearch_version}"
-    implementation "org.jetbrains.kotlin:kotlin-stdlib:${kotlin_version}"
+    compileOnly "org.antlr:antlr4-runtime:4.10.1"
+    compileOnly "com.cronutils:cron-utils:9.1.7"
+    compileOnly "org.opensearch:common-utils:${common_utils_version}@jar"
+    compileOnly "org.opensearch.client:opensearch-rest-client:${opensearch_version}"
+    compileOnly "org.jetbrains.kotlin:kotlin-stdlib:${kotlin_version}"
     compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}"
+    compileOnly "org.opensearch.alerting:alerting-spi:${opensearch_build}"
     implementation "org.apache.commons:commons-csv:1.10.0"
+    compileOnly "com.google.guava:guava:32.1.3-jre"
+
+    // TODO uncomment once SA commons is published to maven central
+//    api "org.opensearch:security-analytics-commons:${sa_commons_version}@jar"
+
+    // TODO remove once SA commons is published to maven central
+    api files(sa_commons_file_path)
 
     // Needed for integ tests
     zipArchive group: 'org.opensearch.plugin', name:'alerting', version: "${opensearch_build}"
     zipArchive group: 'org.opensearch.plugin', name:'opensearch-notifications-core', version: "${opensearch_build}"
     zipArchive group: 'org.opensearch.plugin', name:'notifications', version: "${opensearch_build}"
     zipArchive group: 'org.opensearch.plugin', name:'opensearch-job-scheduler', version: "${opensearch_build}"
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.1'
 }
 
 // RPM & Debian build
@@ -364,6 +380,12 @@ afterEvaluate {
             into opensearchplugin.name
         }
 
+        // TODO remove once SA commons is published to maven central
+        from(project.rootDir) {
+            include sa_commons_file_name
+            into opensearchplugin.name
+        }
+
         user 'root'
         permissionGroup 'root'
         fileMode 0644

diff --git a/security-analytics-commons-1.0.0.jar b/security-analytics-commons-1.0.0.jar
diff --git a/...ain/generated/org/opensearch/securityanalytics/rules/condition/ConditionBaseListener.java b/...ain/generated/org/opensearch/securityanalytics/rules/condition/ConditionBaseListener.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 
 import org.antlr.v4.runtime.ParserRuleContext;
@@ -14,6 +10,7 @@
  * which can be extended to create a listener which only needs to handle a subset
  * of the available methods.
  */
+@SuppressWarnings("CheckReturnValue")
 public class ConditionBaseListener implements ConditionListener {
     /**
      * {@inheritDoc}

diff --git a/...main/generated/org/opensearch/securityanalytics/rules/condition/ConditionBaseVisitor.java b/...main/generated/org/opensearch/securityanalytics/rules/condition/ConditionBaseVisitor.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 import org.antlr.v4.runtime.tree.AbstractParseTreeVisitor;
 
@@ -14,6 +10,7 @@
  * @param <T> The return type of the visit operation. Use {@link Void} for
  * operations with no return type.
  */
+@SuppressWarnings("CheckReturnValue")
 public class ConditionBaseVisitor<T> extends AbstractParseTreeVisitor<T> implements ConditionVisitor<T> {
     /**
      * {@inheritDoc}

diff --git a/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionLexer.java b/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionLexer.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 import org.antlr.v4.runtime.Lexer;
 import org.antlr.v4.runtime.CharStream;
@@ -13,9 +9,9 @@
 import org.antlr.v4.runtime.dfa.DFA;
 import org.antlr.v4.runtime.misc.*;
 
-@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
+@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
 public class ConditionLexer extends Lexer {
-    static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
+    static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }
 
     protected static final DFA[] _decisionToDFA;
     protected static final PredictionContextCache _sharedContextCache =

diff --git a/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionListener.java b/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionListener.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 import org.antlr.v4.runtime.tree.ParseTreeListener;
 

diff --git a/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionParser.java b/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionParser.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 import org.antlr.v4.runtime.atn.*;
 import org.antlr.v4.runtime.dfa.DFA;
@@ -13,9 +9,9 @@
 import java.util.Iterator;
 import java.util.ArrayList;
 
-@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
+@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
 public class ConditionParser extends Parser {
-    static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
+    static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }
 
     protected static final DFA[] _decisionToDFA;
     protected static final PredictionContextCache _sharedContextCache =
@@ -78,7 +74,7 @@ public Vocabulary getVocabulary() {
     }
 
     @Override
-    public String getGrammarFileName() { return "Condition.g4"; }
+    public String getGrammarFileName() { return "java-escape"; }
 
     @Override
     public String[] getRuleNames() { return ruleNames; }
@@ -94,6 +90,7 @@ public ConditionParser(TokenStream input) {
         _interp = new ParserATNSimulator(this,_ATN,_decisionToDFA,_sharedContextCache);
     }
 
+    @SuppressWarnings("CheckReturnValue")
     public static class StartContext extends ParserRuleContext {
         public ExpressionContext expression() {
             return getRuleContext(ExpressionContext.class,0);
@@ -138,6 +135,7 @@ public final StartContext start() throws RecognitionException {
         return _localctx;
     }
 
+    @SuppressWarnings("CheckReturnValue")
     public static class ExpressionContext extends ParserRuleContext {
         public ExpressionContext(ParserRuleContext parent, int invokingState) {
             super(parent, invokingState);
@@ -149,6 +147,7 @@ public void copyFrom(ExpressionContext ctx) {
             super.copyFrom(ctx);
         }
     }
+    @SuppressWarnings("CheckReturnValue")
     public static class OrExpressionContext extends ExpressionContext {
         public ExpressionContext left;
         public Token operator;
@@ -175,6 +174,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
             else return visitor.visitChildren(this);
         }
     }
+    @SuppressWarnings("CheckReturnValue")
     public static class IdentOrSelectExpressionContext extends ExpressionContext {
         public TerminalNode SELECTOR() { return getToken(ConditionParser.SELECTOR, 0); }
         public TerminalNode IDENTIFIER() { return getToken(ConditionParser.IDENTIFIER, 0); }
@@ -193,6 +193,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
             else return visitor.visitChildren(this);
         }
     }
+    @SuppressWarnings("CheckReturnValue")
     public static class AndExpressionContext extends ExpressionContext {
         public ExpressionContext left;
         public Token operator;
@@ -219,6 +220,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
             else return visitor.visitChildren(this);
         }
     }
+    @SuppressWarnings("CheckReturnValue")
     public static class NotExpressionContext extends ExpressionContext {
         public TerminalNode NOT() { return getToken(ConditionParser.NOT, 0); }
         public ExpressionContext expression() {
@@ -239,6 +241,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
             else return visitor.visitChildren(this);
         }
     }
+    @SuppressWarnings("CheckReturnValue")
     public static class ParenExpressionContext extends ExpressionContext {
         public ExpressionContext inner;
         public TerminalNode LPAREN() { return getToken(ConditionParser.LPAREN, 0); }

diff --git a/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionVisitor.java b/src/main/generated/org/opensearch/securityanalytics/rules/condition/ConditionVisitor.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Condition.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition;
 import org.antlr.v4.runtime.tree.ParseTreeVisitor;
 

diff --git a/...org/opensearch/securityanalytics/rules/condition/aggregation/AggregationBaseListener.java b/...org/opensearch/securityanalytics/rules/condition/aggregation/AggregationBaseListener.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Aggregation.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition.aggregation;
 
 import org.antlr.v4.runtime.ParserRuleContext;
@@ -14,6 +10,7 @@
  * which can be extended to create a listener which only needs to handle a subset
  * of the available methods.
  */
+@SuppressWarnings("CheckReturnValue")
 public class AggregationBaseListener implements AggregationListener {
     /**
      * {@inheritDoc}

diff --git a/.../org/opensearch/securityanalytics/rules/condition/aggregation/AggregationBaseVisitor.java b/.../org/opensearch/securityanalytics/rules/condition/aggregation/AggregationBaseVisitor.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Aggregation.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition.aggregation;
 import org.antlr.v4.runtime.tree.AbstractParseTreeVisitor;
 
@@ -14,6 +10,7 @@
  * @param <T> The return type of the visit operation. Use {@link Void} for
  * operations with no return type.
  */
+@SuppressWarnings("CheckReturnValue")
 public class AggregationBaseVisitor<T> extends AbstractParseTreeVisitor<T> implements AggregationVisitor<T> {
     /**
      * {@inheritDoc}

diff --git a/...erated/org/opensearch/securityanalytics/rules/condition/aggregation/AggregationLexer.java b/...erated/org/opensearch/securityanalytics/rules/condition/aggregation/AggregationLexer.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Aggregation.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition.aggregation;
 import org.antlr.v4.runtime.Lexer;
 import org.antlr.v4.runtime.CharStream;
@@ -13,9 +9,9 @@
 import org.antlr.v4.runtime.dfa.DFA;
 import org.antlr.v4.runtime.misc.*;
 
-@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
+@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
 public class AggregationLexer extends Lexer {
-    static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
+    static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }
 
     protected static final DFA[] _decisionToDFA;
     protected static final PredictionContextCache _sharedContextCache =

diff --git a/...ted/org/opensearch/securityanalytics/rules/condition/aggregation/AggregationListener.java b/...ted/org/opensearch/securityanalytics/rules/condition/aggregation/AggregationListener.java
@@ -1,8 +1,4 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-// Generated from Aggregation.g4 by ANTLR 4.10.1
+// Generated from java-escape by ANTLR 4.11.1
 package org.opensearch.securityanalytics.rules.condition.aggregation;
 import org.antlr.v4.runtime.tree.ParseTreeListener;