Skip to content

Commit

Permalink
Threat Intel Analytics (opensearch-project#1098)
Browse files Browse the repository at this point in the history
Threat Intel Analytics Added

---------

Signed-off-by: Joanne Wang <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Chase Engelbrecht <[email protected]>
Signed-off-by: Riya <[email protected]>
Signed-off-by: Riya Saxena <[email protected]>
Co-authored-by: Joanne Wang <[email protected]>
Co-authored-by: AWSHurneyt <[email protected]>
Co-authored-by: Subhobrata Dey <[email protected]>
Co-authored-by: Chase <[email protected]>
Co-authored-by: Riya <[email protected]>
6 people committed Jul 8, 2024
1 parent 08174b4 commit b83bb82
Showing 188 changed files with 17,674 additions and 361 deletions.
40 changes: 31 additions & 9 deletions build.gradle
Original file line number Diff line number Diff line change
@@ -14,14 +14,21 @@ buildscript {
opensearch_build = version_tokens[0] + '.0'
plugin_no_snapshot = opensearch_build
opensearch_no_snapshot = opensearch_version.replace("-SNAPSHOT","")
sa_commons_version = '1.0.0'
if (buildVersionQualifier) {
opensearch_build += "-${buildVersionQualifier}"
}
if (isSnapshot) {
opensearch_build += "-SNAPSHOT"

// TODO consider enabling snapshot options once SA commons is published to maven central
// sa_commons_version += "-SNAPSHOT"
}
common_utils_version = System.getProperty("common_utils.version", opensearch_build)
kotlin_version = '1.6.10'
kotlin_version = '1.8.21'

sa_commons_file_name = "security-analytics-commons-${sa_commons_version}.jar"
sa_commons_file_path = "${project.rootDir}/${sa_commons_file_name}"
}

repositories {
@@ -54,7 +61,7 @@ ext {
noticeFile = rootProject.file('NOTICE')
}

licenseHeaders.enabled = true
licenseHeaders.enabled = false
testingConventions.enabled = false
forbiddenApis.ignoreFailures = true

@@ -68,7 +75,7 @@ opensearchplugin {
name 'opensearch-security-analytics'
description 'OpenSearch Security Analytics plugin'
classname 'org.opensearch.securityanalytics.SecurityAnalyticsPlugin'
extendedPlugins = ['opensearch-job-scheduler']
extendedPlugins = ['opensearch-job-scheduler', 'opensearch-alerting']
}

javaRestTest {
@@ -150,27 +157,36 @@ configurations {
resolutionStrategy {
// for spotless transitive dependency CVE
force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0"
force "com.google.guava:guava:32.1.2-jre"
force "com.google.guava:guava:32.1.3-jre"
}
}
}

dependencies {
javaRestTestImplementation project.sourceSets.main.runtimeClasspath
implementation group: 'org.apache.commons', name: 'commons-lang3', version: "${versions.commonslang}"
implementation "org.antlr:antlr4-runtime:4.10.1"
implementation "com.cronutils:cron-utils:9.1.6"
api "org.opensearch:common-utils:${common_utils_version}@jar"
api "org.opensearch.client:opensearch-rest-client:${opensearch_version}"
implementation "org.jetbrains.kotlin:kotlin-stdlib:${kotlin_version}"
compileOnly "org.antlr:antlr4-runtime:4.10.1"
compileOnly "com.cronutils:cron-utils:9.1.7"
compileOnly "org.opensearch:common-utils:${common_utils_version}@jar"
compileOnly "org.opensearch.client:opensearch-rest-client:${opensearch_version}"
compileOnly "org.jetbrains.kotlin:kotlin-stdlib:${kotlin_version}"
compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}"
compileOnly "org.opensearch.alerting:alerting-spi:${opensearch_build}"
implementation "org.apache.commons:commons-csv:1.10.0"
compileOnly "com.google.guava:guava:32.1.3-jre"

// TODO uncomment once SA commons is published to maven central
// api "org.opensearch:security-analytics-commons:${sa_commons_version}@jar"

// TODO remove once SA commons is published to maven central
api files(sa_commons_file_path)

// Needed for integ tests
zipArchive group: 'org.opensearch.plugin', name:'alerting', version: "${opensearch_build}"
zipArchive group: 'org.opensearch.plugin', name:'opensearch-notifications-core', version: "${opensearch_build}"
zipArchive group: 'org.opensearch.plugin', name:'notifications', version: "${opensearch_build}"
zipArchive group: 'org.opensearch.plugin', name:'opensearch-job-scheduler', version: "${opensearch_build}"
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.1'
}

// RPM & Debian build
@@ -364,6 +380,12 @@ afterEvaluate {
into opensearchplugin.name
}

// TODO remove once SA commons is published to maven central
from(project.rootDir) {
include sa_commons_file_name
into opensearchplugin.name
}

user 'root'
permissionGroup 'root'
fileMode 0644
Binary file added security-analytics-commons-1.0.0.jar
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;

import org.antlr.v4.runtime.ParserRuleContext;
@@ -14,6 +10,7 @@
* which can be extended to create a listener which only needs to handle a subset
* of the available methods.
*/
@SuppressWarnings("CheckReturnValue")
public class ConditionBaseListener implements ConditionListener {
/**
* {@inheritDoc}
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;
import org.antlr.v4.runtime.tree.AbstractParseTreeVisitor;

@@ -14,6 +10,7 @@
* @param <T> The return type of the visit operation. Use {@link Void} for
* operations with no return type.
*/
@SuppressWarnings("CheckReturnValue")
public class ConditionBaseVisitor<T> extends AbstractParseTreeVisitor<T> implements ConditionVisitor<T> {
/**
* {@inheritDoc}
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;
import org.antlr.v4.runtime.Lexer;
import org.antlr.v4.runtime.CharStream;
@@ -13,9 +9,9 @@
import org.antlr.v4.runtime.dfa.DFA;
import org.antlr.v4.runtime.misc.*;

@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
public class ConditionLexer extends Lexer {
static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }

protected static final DFA[] _decisionToDFA;
protected static final PredictionContextCache _sharedContextCache =
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;
import org.antlr.v4.runtime.tree.ParseTreeListener;

Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;
import org.antlr.v4.runtime.atn.*;
import org.antlr.v4.runtime.dfa.DFA;
@@ -13,9 +9,9 @@
import java.util.Iterator;
import java.util.ArrayList;

@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
public class ConditionParser extends Parser {
static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }

protected static final DFA[] _decisionToDFA;
protected static final PredictionContextCache _sharedContextCache =
@@ -78,7 +74,7 @@ public Vocabulary getVocabulary() {
}

@Override
public String getGrammarFileName() { return "Condition.g4"; }
public String getGrammarFileName() { return "java-escape"; }

@Override
public String[] getRuleNames() { return ruleNames; }
@@ -94,6 +90,7 @@ public ConditionParser(TokenStream input) {
_interp = new ParserATNSimulator(this,_ATN,_decisionToDFA,_sharedContextCache);
}

@SuppressWarnings("CheckReturnValue")
public static class StartContext extends ParserRuleContext {
public ExpressionContext expression() {
return getRuleContext(ExpressionContext.class,0);
@@ -138,6 +135,7 @@ public final StartContext start() throws RecognitionException {
return _localctx;
}

@SuppressWarnings("CheckReturnValue")
public static class ExpressionContext extends ParserRuleContext {
public ExpressionContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
@@ -149,6 +147,7 @@ public void copyFrom(ExpressionContext ctx) {
super.copyFrom(ctx);
}
}
@SuppressWarnings("CheckReturnValue")
public static class OrExpressionContext extends ExpressionContext {
public ExpressionContext left;
public Token operator;
@@ -175,6 +174,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
else return visitor.visitChildren(this);
}
}
@SuppressWarnings("CheckReturnValue")
public static class IdentOrSelectExpressionContext extends ExpressionContext {
public TerminalNode SELECTOR() { return getToken(ConditionParser.SELECTOR, 0); }
public TerminalNode IDENTIFIER() { return getToken(ConditionParser.IDENTIFIER, 0); }
@@ -193,6 +193,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
else return visitor.visitChildren(this);
}
}
@SuppressWarnings("CheckReturnValue")
public static class AndExpressionContext extends ExpressionContext {
public ExpressionContext left;
public Token operator;
@@ -219,6 +220,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
else return visitor.visitChildren(this);
}
}
@SuppressWarnings("CheckReturnValue")
public static class NotExpressionContext extends ExpressionContext {
public TerminalNode NOT() { return getToken(ConditionParser.NOT, 0); }
public ExpressionContext expression() {
@@ -239,6 +241,7 @@ public <T> T accept(ParseTreeVisitor<? extends T> visitor) {
else return visitor.visitChildren(this);
}
}
@SuppressWarnings("CheckReturnValue")
public static class ParenExpressionContext extends ExpressionContext {
public ExpressionContext inner;
public TerminalNode LPAREN() { return getToken(ConditionParser.LPAREN, 0); }
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Condition.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition;
import org.antlr.v4.runtime.tree.ParseTreeVisitor;

Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Aggregation.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition.aggregation;

import org.antlr.v4.runtime.ParserRuleContext;
@@ -14,6 +10,7 @@
* which can be extended to create a listener which only needs to handle a subset
* of the available methods.
*/
@SuppressWarnings("CheckReturnValue")
public class AggregationBaseListener implements AggregationListener {
/**
* {@inheritDoc}
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Aggregation.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition.aggregation;
import org.antlr.v4.runtime.tree.AbstractParseTreeVisitor;

@@ -14,6 +10,7 @@
* @param <T> The return type of the visit operation. Use {@link Void} for
* operations with no return type.
*/
@SuppressWarnings("CheckReturnValue")
public class AggregationBaseVisitor<T> extends AbstractParseTreeVisitor<T> implements AggregationVisitor<T> {
/**
* {@inheritDoc}
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Aggregation.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition.aggregation;
import org.antlr.v4.runtime.Lexer;
import org.antlr.v4.runtime.CharStream;
@@ -13,9 +9,9 @@
import org.antlr.v4.runtime.dfa.DFA;
import org.antlr.v4.runtime.misc.*;

@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast"})
@SuppressWarnings({"all", "warnings", "unchecked", "unused", "cast", "CheckReturnValue"})
public class AggregationLexer extends Lexer {
static { RuntimeMetaData.checkVersion("4.10.1", RuntimeMetaData.VERSION); }
static { RuntimeMetaData.checkVersion("4.11.1", RuntimeMetaData.VERSION); }

protected static final DFA[] _decisionToDFA;
protected static final PredictionContextCache _sharedContextCache =
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
// Generated from Aggregation.g4 by ANTLR 4.10.1
// Generated from java-escape by ANTLR 4.11.1
package org.opensearch.securityanalytics.rules.condition.aggregation;
import org.antlr.v4.runtime.tree.ParseTreeListener;

Loading

0 comments on commit b83bb82

Please sign in to comment.