opensearch-project · riysaxen-amzn · Mar 11, 2024 · Jan 16, 2024 · Jan 19, 2024 · Jan 19, 2024
@@ -5,6 +5,8 @@
 package org.opensearch.securityanalytics.action;
 
 import java.io.IOException;
+import java.time.Instant;
+import java.util.List;
 import java.util.Locale;
 import org.opensearch.action.ActionRequest;
 import org.opensearch.action.ActionRequestValidationException;
@@ -18,9 +20,14 @@
 
 public class GetFindingsRequest extends ActionRequest {
 
+    private List<String> findingIds;
+    private Instant startTime;
+    private Instant endTime;
     private String logType;
     private String detectorId;
     private Table table;
+    private String severity;
+    private String detectionType;
 
     public static final String DETECTOR_ID = "detector_id";
 
@@ -32,22 +39,36 @@ public GetFindingsRequest(StreamInput sin) throws IOException {
         this(
             sin.readOptionalString(),
             sin.readOptionalString(),
-            Table.readFrom(sin)
+            Table.readFrom(sin),
+            sin.readOptionalString(),
+            sin.readOptionalString(),
+            sin.readOptionalStringList(),
+            sin.readOptionalInstant(),
+            sin.readOptionalInstant()
         );
     }
 
-    public GetFindingsRequest(String detectorId, String logType, Table table) {
+    public GetFindingsRequest(String detectorId, String logType, Table table, String severity, String detectionType, List<String> findingIds, Instant startTime, Instant endTime) {
         this.detectorId = detectorId;
         this.logType = logType;
         this.table = table;
+        this.severity = severity;
+        this.detectionType = detectionType;
+        this.findingIds = findingIds;
+        this.startTime = startTime;
+        this.endTime = endTime;
     }
 
     @Override
     public ActionRequestValidationException validate() {
         ActionRequestValidationException validationException = null;
-        if ((detectorId == null || detectorId.length() == 0) && logType == null) {
+        if (detectorId != null && detectorId.length() == 0) {
+            validationException = addValidationError(String.format(Locale.getDefault(),
+                            "detector_id is missing"),
+                    validationException);
+        } else if(startTime != null && endTime != null && startTime.isAfter(endTime)) {
             validationException = addValidationError(String.format(Locale.getDefault(),
-                            "At least one of detector type or detector id needs to be passed", DETECTOR_ID),
+                            "startTime should be less than endTime"),
                     validationException);
         }
         return validationException;
@@ -58,17 +79,42 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeOptionalString(detectorId);
         out.writeOptionalString(logType);
         table.writeTo(out);
+        out.writeOptionalString(severity);
+        out.writeOptionalString(detectionType);
+        out.writeOptionalStringCollection(findingIds);
+        out.writeOptionalInstant(startTime);
+        out.writeOptionalInstant(endTime);
     }
 
     public String getDetectorId() {
         return detectorId;
     }
 
+    public String getSeverity() {
+        return severity;
+    }
+
+    public String getDetectionType() {
+        return detectionType;
+    }
+
     public String getLogType() {
         return logType;
     }
 
     public Table getTable() {
         return table;
     }
+
+    public List<String> getFindingIds() {
+        return findingIds;
+    }
+
+    public Instant getStartTime() {
+        return startTime;
+    }
+
+    public Instant getEndTime() {
+        return endTime;
+    }
 }
@@ -4,6 +4,7 @@
  */
 package org.opensearch.securityanalytics.findings;
 
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -52,7 +53,12 @@ public FindingsService(Client client) {
      * @param table group of search related parameters
      * @param listener ActionListener to get notified on response or error
      */
-    public void getFindingsByDetectorId(String detectorId, Table table, ActionListener<GetFindingsResponse> listener ) {
+    public void getFindingsByDetectorId(String detectorId, Table table, String severity,
+                                        String detectionType,
+                                        List<String> findingIds,
+                                        Instant startTime,
+                                        Instant endTime,
+                                        ActionListener<GetFindingsResponse> listener ) {
         this.client.execute(GetDetectorAction.INSTANCE, new GetDetectorRequest(detectorId, -3L), new ActionListener<>() {
 
             @Override
@@ -102,6 +108,11 @@ public void onFailure(Exception e) {
                         new ArrayList<>(monitorToDetectorMapping.keySet()),
                         DetectorMonitorConfig.getAllFindingsIndicesPattern(detector.getDetectorType()),
                         table,
+                        severity,
+                        detectionType,
+                        findingIds,
+                        startTime,
+                        endTime,
                         getFindingsResponseListener
                 );
             }
@@ -126,18 +137,21 @@ public void getFindingsByMonitorIds(
             List<String> monitorIds,
             String findingIndexName,
             Table table,
+            String severity,
+            String detectionType,
+            List<String> findingIds,
+            Instant startTime,
+            Instant endTime,
             ActionListener<GetFindingsResponse> listener
     ) {
-
         org.opensearch.commons.alerting.action.GetFindingsRequest req =
                 new org.opensearch.commons.alerting.action.GetFindingsRequest(
                 null,
                 table,
                 null,
                 findingIndexName,
-                monitorIds
+                monitorIds, severity, detectionType,findingIds, startTime, endTime
         );
-
         AlertingPluginInterface.INSTANCE.getFindings((NodeClient) client, req, new ActionListener<>() {
                     @Override
                     public void onResponse(
@@ -171,6 +185,11 @@ public void getFindings(
             List<Detector> detectors,
             String logType,
             Table table,
+            String severity,
+            String detectionType,
+            List<String> findingIds,
+            Instant startTime,
+            Instant endTime,
             ActionListener<GetFindingsResponse> listener
     ) {
         if (detectors.size() == 0) {
@@ -195,6 +214,11 @@ public void getFindings(
             allMonitorIds,
             DetectorMonitorConfig.getAllFindingsIndicesPattern(logType),
             table,
+            severity,
+            detectionType,
+            findingIds,
+            startTime,
+            endTime,
             new ActionListener<>() {
                 @Override
                 public void onResponse(GetFindingsResponse getFindingsResponse) {

@@ -5,6 +5,10 @@
 package org.opensearch.securityanalytics.resthandler;
 
 import java.io.IOException;
+import java.time.DateTimeException;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import org.opensearch.client.node.NodeClient;
@@ -40,6 +44,35 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
         int size = request.paramAsInt("size", 20);
         int startIndex = request.paramAsInt("startIndex", 0);
         String searchString = request.param("searchString", "");
+        String severity = request.param("severity", null);
+        String detectionType = request.param("detectionType", null);
+        List<String> findingIds = null;
+        if (request.param("findingIds") != null) {
+            findingIds = Arrays.asList(request.param("findingIds").split(","));
+        }
+        Instant startTime = null;
+        String startTimeParam = request.param("startTime");
+        if (startTimeParam != null && !startTimeParam.isEmpty()) {
+            try {
+                startTime = Instant.ofEpochMilli(Long.parseLong(startTimeParam));
+            } catch (NumberFormatException | NullPointerException | DateTimeException e) {
+                // Handle the parsing error
+                // For example, log the error or provide a default value
+                startTime = Instant.now(); // Default value or fallback
+            }
+        }
+
+        Instant endTime = null;
+        String endTimeParam = request.param("endTime");
+        if (endTimeParam != null && !endTimeParam.isEmpty()) {
+            try {
+                endTime = Instant.ofEpochMilli(Long.parseLong(endTimeParam));
+            } catch (NumberFormatException | NullPointerException | DateTimeException e) {
+                // Handle the parsing error
+                // For example, log the error or provide a default value
+                endTime = Instant.now(); // Default value or fallback
+            }
+        }
 
         Table table = new Table(
                 sortOrder,
@@ -53,7 +86,12 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
         GetFindingsRequest req = new GetFindingsRequest(
                 detectorId,
                 detectorType,
-                table
+                table,
+                severity,
+                detectionType,
+                findingIds,
+                startTime,
+                endTime
         );
 
         return channel -> client.execute(