Skip to content

Commit

Permalink
get all findings as part of findings API enhancement (opensearch-proj…
Browse files Browse the repository at this point in the history 
…ect#803)

* get all findings as part of findings API enhancement

Signed-off-by: Riya Saxena <[email protected]>

* findingsAPI feature enhancements (address comments to prev PR)

Signed-off-by: Riya Saxena <[email protected]>

* findingsAPI feature enhancements (address comments to prev PR)

Signed-off-by: Riya Saxena <[email protected]>

* added support for  param in Finding API

Signed-off-by: Riya Saxena <[email protected]>

* added detectionType as param for Findings API enhancements

Signed-off-by: Riya Saxena <[email protected]>

* added few tests to validate findings by params

Signed-off-by: Riya Saxena <[email protected]>

* added test for searchString param in FindingsAPI

Signed-off-by: Riya Saxena <[email protected]>

* adding addiional params findingIds, startTime and endTime as findings API enhancement

Signed-off-by: Riya Saxena <[email protected]>

* added params in getFindingsByDetectorId func

* changed the startTime and endTime req input format

* fix merge conflixt

* fix integ test failures in findings API

* fix integ tests

* fix integ tests for findings

Signed-off-by: Subhobrata Dey <[email protected]>

---------

Signed-off-by: Riya Saxena <[email protected]>
Signed-off-by: Riya <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
Co-authored-by: Subhobrata Dey <[email protected]>
  • Loading branch information
@riysaxen-amzn @sbcd90 @jowg-amazon
2 people authored and jowg-amazon committed Mar 14, 2024
1 parent fbccff4 commit b00b173
Show file tree
Hide file tree
Showing 9 changed files with 809 additions and 71 deletions.
54 changes: 50 additions & 4 deletions src/main/java/org/opensearch/securityanalytics/action/GetFindingsRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
package org.opensearch.securityanalytics.action;

import java.io.IOException;
import java.time.Instant;
import java.util.List;
import java.util.Locale;
import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionRequestValidationException;
Expand All @@ -18,9 +20,14 @@

public class GetFindingsRequest extends ActionRequest {

private List<String> findingIds;
private Instant startTime;
private Instant endTime;
private String logType;
private String detectorId;
private Table table;
private String severity;
private String detectionType;

public static final String DETECTOR_ID = "detector_id";

Expand All @@ -32,22 +39,36 @@ public GetFindingsRequest(StreamInput sin) throws IOException {
this(
sin.readOptionalString(),
sin.readOptionalString(),
Table.readFrom(sin)
Table.readFrom(sin),
sin.readOptionalString(),
sin.readOptionalString(),
sin.readOptionalStringList(),
sin.readOptionalInstant(),
sin.readOptionalInstant()
);
}

public GetFindingsRequest(String detectorId, String logType, Table table) {
public GetFindingsRequest(String detectorId, String logType, Table table, String severity, String detectionType, List<String> findingIds, Instant startTime, Instant endTime) {
this.detectorId = detectorId;
this.logType = logType;
this.table = table;
this.severity = severity;
this.detectionType = detectionType;
this.findingIds = findingIds;
this.startTime = startTime;
this.endTime = endTime;
}

@Override
public ActionRequestValidationException validate() {
ActionRequestValidationException validationException = null;
if ((detectorId == null || detectorId.length() == 0) && logType == null) {
if (detectorId != null && detectorId.length() == 0) {
validationException = addValidationError(String.format(Locale.getDefault(),
"detector_id is missing"),
validationException);
} else if(startTime != null && endTime != null && startTime.isAfter(endTime)) {
validationException = addValidationError(String.format(Locale.getDefault(),
"At least one of detector type or detector id needs to be passed", DETECTOR_ID),
"startTime should be less than endTime"),
validationException);
}
return validationException;
Expand All @@ -58,17 +79,42 @@ public void writeTo(StreamOutput out) throws IOException {
out.writeOptionalString(detectorId);
out.writeOptionalString(logType);
table.writeTo(out);
out.writeOptionalString(severity);
out.writeOptionalString(detectionType);
out.writeOptionalStringCollection(findingIds);
out.writeOptionalInstant(startTime);
out.writeOptionalInstant(endTime);
}

public String getDetectorId() {
return detectorId;
}

public String getSeverity() {
return severity;
}

public String getDetectionType() {
return detectionType;
}

public String getLogType() {
return logType;
}

public Table getTable() {
return table;
}

public List<String> getFindingIds() {
return findingIds;
}

public Instant getStartTime() {
return startTime;
}

public Instant getEndTime() {
return endTime;
}
}
32 changes: 28 additions & 4 deletions src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/
package org.opensearch.securityanalytics.findings;

import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
Expand Down Expand Up @@ -52,7 +53,12 @@ public FindingsService(Client client) {
* @param table group of search related parameters
* @param listener ActionListener to get notified on response or error
*/
public void getFindingsByDetectorId(String detectorId, Table table, ActionListener<GetFindingsResponse> listener ) {
public void getFindingsByDetectorId(String detectorId, Table table, String severity,
String detectionType,
List<String> findingIds,
Instant startTime,
Instant endTime,
ActionListener<GetFindingsResponse> listener ) {
this.client.execute(GetDetectorAction.INSTANCE, new GetDetectorRequest(detectorId, -3L), new ActionListener<>() {

@Override
Expand Down Expand Up @@ -102,6 +108,11 @@ public void onFailure(Exception e) {
new ArrayList<>(monitorToDetectorMapping.keySet()),
DetectorMonitorConfig.getAllFindingsIndicesPattern(detector.getDetectorType()),
table,
severity,
detectionType,
findingIds,
startTime,
endTime,
getFindingsResponseListener
);
}
Expand All @@ -126,18 +137,21 @@ public void getFindingsByMonitorIds(
List<String> monitorIds,
String findingIndexName,
Table table,
String severity,
String detectionType,
List<String> findingIds,
Instant startTime,
Instant endTime,
ActionListener<GetFindingsResponse> listener
) {

org.opensearch.commons.alerting.action.GetFindingsRequest req =
new org.opensearch.commons.alerting.action.GetFindingsRequest(
null,
table,
null,
findingIndexName,
monitorIds
monitorIds, severity, detectionType,findingIds, startTime, endTime
);

AlertingPluginInterface.INSTANCE.getFindings((NodeClient) client, req, new ActionListener<>() {
@Override
public void onResponse(
Expand Down Expand Up @@ -171,6 +185,11 @@ public void getFindings(
List<Detector> detectors,
String logType,
Table table,
String severity,
String detectionType,
List<String> findingIds,
Instant startTime,
Instant endTime,
ActionListener<GetFindingsResponse> listener
) {
if (detectors.size() == 0) {
Expand All @@ -195,6 +214,11 @@ public void getFindings(
allMonitorIds,
DetectorMonitorConfig.getAllFindingsIndicesPattern(logType),
table,
severity,
detectionType,
findingIds,
startTime,
endTime,
new ActionListener<>() {
@Override
public void onResponse(GetFindingsResponse getFindingsResponse) {
Expand Down
40 changes: 39 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/resthandler/RestGetFindingsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
package org.opensearch.securityanalytics.resthandler;

import java.io.IOException;
import java.time.DateTimeException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import org.opensearch.client.node.NodeClient;
Expand Down Expand Up @@ -40,6 +44,35 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
int size = request.paramAsInt("size", 20);
int startIndex = request.paramAsInt("startIndex", 0);
String searchString = request.param("searchString", "");
String severity = request.param("severity", null);
String detectionType = request.param("detectionType", null);
List<String> findingIds = null;
if (request.param("findingIds") != null) {
findingIds = Arrays.asList(request.param("findingIds").split(","));
}
Instant startTime = null;
String startTimeParam = request.param("startTime");
if (startTimeParam != null && !startTimeParam.isEmpty()) {
try {
startTime = Instant.ofEpochMilli(Long.parseLong(startTimeParam));
} catch (NumberFormatException | NullPointerException | DateTimeException e) {
// Handle the parsing error
// For example, log the error or provide a default value
startTime = Instant.now(); // Default value or fallback
}
}

Instant endTime = null;
String endTimeParam = request.param("endTime");
if (endTimeParam != null && !endTimeParam.isEmpty()) {
try {
endTime = Instant.ofEpochMilli(Long.parseLong(endTimeParam));
} catch (NumberFormatException | NullPointerException | DateTimeException e) {
// Handle the parsing error
// For example, log the error or provide a default value
endTime = Instant.now(); // Default value or fallback
}
}

Table table = new Table(
sortOrder,
Expand All @@ -53,7 +86,12 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
GetFindingsRequest req = new GetFindingsRequest(
detectorId,
detectorType,
table
table,
severity,
detectionType,
findingIds,
startTime,
endTime
);

return channel -> client.execute(
Expand Down
Loading

0 comments on commit b00b173

Please sign in to comment.