get all findings as part of findings API enhancement #803
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Riya Saxena <[email protected]>
riysaxen-amzn
requested review from
amsiglan,
AWSHurneyt,
getsaurabh02,
lezzago,
praveensameneni,
sbcd90,
eirsep and
jowg-amazon
as code owners
eirsep
reviewed
Jan 16, 2024
src/main/java/org/opensearch/securityanalytics/action/GetFindingsRequest.java
Outdated
Show resolved
Hide resolved
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #803 +/- ##
============================================
- Coverage 24.97% 24.76% -0.22%
+ Complexity 1043 1027 -16
============================================
Files 277 277
Lines 12771 12722 -49
Branches 1391 1402 +11
============================================
- Hits 3190 3150 -40
Misses 9307 9307
+ Partials 274 265 -9 ☔ View full report in Codecov by Sentry. |
jowg-amazon
reviewed
Jan 17, 2024
src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
Outdated
Show resolved
Hide resolved
|
i am not sure this design is correct or maybe i have grossly misunderstood the approach. Can you add a detailed approach of how findings from detectors of all log types are being fetched? |
eirsep
previously requested changes
Jan 18, 2024
So, the idea is first to get all the detectors using |
eirsep
reviewed
Jan 18, 2024
src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
Outdated
Show resolved
Hide resolved
eirsep
reviewed
Jan 18, 2024
src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
Outdated
Show resolved
Hide resolved
eirsep
reviewed
Jan 18, 2024
src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
Outdated
Show resolved
Hide resolved
eirsep
reviewed
Jan 18, 2024
src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
Outdated
Show resolved
Hide resolved
eirsep
reviewed
Jan 18, 2024
| public void onFailure(Exception e) { | ||
| findingsService.getFindings( | ||
| detectors, | ||
| request.getLogType() == null ? "*" : request.getLogType(), |
There was a problem hiding this comment.
how is findings service already handling "*"? I don't see a change in FIndingsService class in this PR
Gotcha! thank you. I wasn't aware that we already are searching on the "all finding indices pattern" Can you create 2 detectors for different log types and test fetching findings for only one of the log types and verify that behaviour is correct? |
this test is creating detectors of two different logTypes and verifying the behavior -> https://github.com/opensearch-project/security-analytics/pull/803/files#diff-d37f0c96e5ab58c9a80449652179f36f9696044aa275fc7c7f33ce2677fa6793 |
Signed-off-by: Riya Saxena <[email protected]>
Signed-off-by: Riya Saxena <[email protected]>
1 task
Signed-off-by: Riya Saxena <[email protected]>
Signed-off-by: Riya Saxena <[email protected]>
engechas
previously approved these changes
Mar 6, 2024
Comment on lines
+55
to
+63
| if (startTimeParam != null && !startTimeParam.isEmpty()) { | ||
| try { | ||
| startTime = Instant.ofEpochMilli(Long.parseLong(startTimeParam)); | ||
| } catch (NumberFormatException | NullPointerException | DateTimeException e) { | ||
| // Handle the parsing error | ||
| // For example, log the error or provide a default value | ||
| startTime = Instant.now(); // Default value or fallback | ||
| } | ||
| } |
There was a problem hiding this comment.
Minor - could create a private method for this to avoid the duplication with the endTime parsing
|
Fix merge conflicts + make sure CI's pass |
Signed-off-by: Riya <[email protected]>
praveensameneni
previously approved these changes
Mar 10, 2024
sbcd90
previously approved these changes
Mar 10, 2024
riysaxen-amzn
dismissed stale reviews from sbcd90 and praveensameneni
via
8a7c3d8
Signed-off-by: Subhobrata Dey <[email protected]>
fix integ tests for findings
praveensameneni
approved these changes
Mar 11, 2024
sbcd90
approved these changes
Mar 11, 2024
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-803-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 0d1d599fea536ee2afe088f70ee1980a0ec572fe
# Push it to GitHub
git push --set-upstream origin backport/backport-803-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.xThen, create a pull request where the |
jowg-amazon
pushed a commit
to jowg-amazon/security-analytics
that referenced
this pull request
Mar 14, 2024
…ect#803) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]>
5 tasks
jowg-amazon
added a commit
that referenced
this pull request
Mar 15, 2024
* get all findings as part of findings API enhancement (#803) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> * fix integ test (#918) Signed-off-by: Joanne Wang <[email protected]> * Feature findings api enhancements (#914) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * refactored the logic Signed-off-by: Riya Saxena <[email protected]> * remove unused imports * address the pr comments Signed-off-by: Riya Saxena <[email protected]> * address pr comments Signed-off-by: Riya Saxena <[email protected]> * SA integ tests fix * SA integ tests fix * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix flaky integ tests Signed-off-by: Riya Saxena <[email protected]> * address pr comments Signed-off-by: Riya Saxena <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Co-authored-by: Riya <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]>
jowg-amazon
pushed a commit
to jowg-amazon/security-analytics
that referenced
this pull request
Mar 15, 2024
…ect#803) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]>
5 tasks
jowg-amazon
added a commit
that referenced
this pull request
Mar 15, 2024
* support object fields in aggregation based sigma rules (#789) Signed-off-by: Subhobrata Dey <[email protected]> * Fix duplicate ecs mappings which returns incorrect log index field in mapping view API (#786) (#788) * field mapping changes Signed-off-by: Joanne Wang <[email protected]> * add integ test Signed-off-by: Joanne Wang <[email protected]> * turn unmappedfieldaliases as set and add integ test Signed-off-by: Joanne Wang <[email protected]> * add comments Signed-off-by: Joanne Wang <[email protected]> * fix integ tests Signed-off-by: Joanne Wang <[email protected]> * moved logic to method for better readability Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> * Fix get mappings view API incorrectly returning ecs path (#867) * add logic and integ tests to not add duplicate to log-types-config index Signed-off-by: Joanne Wang <[email protected]> * change naming for existingFieldMapping and change contains to equals Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Joanne Wang <[email protected]> * fix integ test (#918) Signed-off-by: Joanne Wang <[email protected]> * get all findings as part of findings API enhancement (#803) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> * Feature findings api enhancements (#914) * get all findings as part of findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * findingsAPI feature enhancements (address comments to prev PR) Signed-off-by: Riya Saxena <[email protected]> * added support for param in Finding API Signed-off-by: Riya Saxena <[email protected]> * added detectionType as param for Findings API enhancements Signed-off-by: Riya Saxena <[email protected]> * added few tests to validate findings by params Signed-off-by: Riya Saxena <[email protected]> * added test for searchString param in FindingsAPI Signed-off-by: Riya Saxena <[email protected]> * adding addiional params findingIds, startTime and endTime as findings API enhancement Signed-off-by: Riya Saxena <[email protected]> * added params in getFindingsByDetectorId func * changed the startTime and endTime req input format * fix merge conflixt * fix integ test failures in findings API * fix integ tests * refactored the logic Signed-off-by: Riya Saxena <[email protected]> * remove unused imports * address the pr comments Signed-off-by: Riya Saxena <[email protected]> * address pr comments Signed-off-by: Riya Saxena <[email protected]> * SA integ tests fix * SA integ tests fix * fix integ tests for findings Signed-off-by: Subhobrata Dey <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix conflixt errors Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix integ tests Signed-off-by: Riya Saxena <[email protected]> * fix flaky integ tests Signed-off-by: Riya Saxena <[email protected]> * address pr comments Signed-off-by: Riya Saxena <[email protected]> --------- Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Signed-off-by: Subhobrata Dey <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> * fix findings api integ tests Signed-off-by: Joanne Wang <[email protected]> --------- Signed-off-by: Subhobrata Dey <[email protected]> Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: Riya Saxena <[email protected]> Signed-off-by: Riya <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]> Co-authored-by: Riya <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
findings/_searchAPI. As part of the enhancement, the API can now return all the findings for all the detectors.severityanddetectionTypein findings APICorresponding Alerting and Common-Utils PRs
Issues Resolved
#795
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.