From e6884d6e0ee6af9bdf42c23d57c59e13f6145cdf Mon Sep 17 00:00:00 2001 From: Riya <69919272+riysaxen-amzn@users.noreply.github.com> Date: Wed, 11 Sep 2024 13:20:48 -0700 Subject: [PATCH] Stashcontext sa (#1297) * adding stash context for system indices Signed-off-by: Riya Saxena * adding stash context for system indices Signed-off-by: Riya Saxena --------- Signed-off-by: Riya Saxena --- .../securityanalytics/SecurityAnalyticsPlugin.java | 7 ++++++- .../transport/TransportAckCorrelationAlertsAction.java | 2 ++ .../transport/TransportGetCorrelationAlertsAction.java | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java index 4f79dcc7d..dd5cd28a5 100644 --- a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java +++ b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java @@ -226,6 +226,7 @@ import static org.opensearch.securityanalytics.threatIntel.iocscan.service.ThreatIntelMonitorRunner.THREAT_INTEL_MONITOR_TYPE; import static org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfig.SOURCE_CONFIG_FIELD; import static org.opensearch.securityanalytics.threatIntel.model.TIFJobParameter.THREAT_INTEL_DATA_INDEX_NAME_PREFIX; +import static org.opensearch.securityanalytics.util.CorrelationIndices.CORRELATION_ALERT_INDEX; public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, MapperPlugin, SearchPlugin, EnginePlugin, ClusterPlugin, SystemIndexPlugin, JobSchedulerExtension, RemoteMonitorRunnerExtension { @@ -284,7 +285,11 @@ public class SecurityAnalyticsPlugin extends Plugin implements ActionPlugin, Map @Override public Collection getSystemIndexDescriptors(Settings settings) { - return Collections.singletonList(new SystemIndexDescriptor(THREAT_INTEL_DATA_INDEX_NAME_PREFIX, "System index used for threat intel data")); + List descriptors = List.of( + new SystemIndexDescriptor(THREAT_INTEL_DATA_INDEX_NAME_PREFIX, "System index used for threat intel data"), + new SystemIndexDescriptor(CORRELATION_ALERT_INDEX, "System index used for Correlation Alerts") + ); + return descriptors; } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java index 917d0349c..7032819de 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java @@ -67,6 +67,8 @@ protected void doExecute(Task task, AckCorrelationAlertsRequest request, ActionL return; } + this.threadPool.getThreadContext().stashContext(); + if (!request.getCorrelationAlertIds().isEmpty()) { correlationAlertService.acknowledgeAlerts( request.getCorrelationAlertIds(), diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java index cdca86a23..a19817e5b 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java @@ -64,6 +64,8 @@ protected void doExecute(Task task, GetCorrelationAlertsRequest request, ActionL return; } + this.threadPool.getThreadContext().stashContext(); + if (request.getCorrelationRuleId() != null) { correlationAlertService.getCorrelationAlerts( request.getCorrelationRuleId(),