“Canonical Data Platform” team

~data-platform/+git/opensearch-security-analytics:lp-2.11.1

  1. Git
  2. lp:~data-platform/+git/opensearch-security-analytics
  3. lp-2.11.1
Last commit made on 2023-11-28
Get this branch:
git clone -b lp-2.11.1 https://git.launchpad.net/~data-platform/+git/opensearch-security-analytics
Members of Canonical Data Platform can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
lp-2.11.1
Repository:
lp:~data-platform/+git/opensearch-security-analytics

Recent commits

80e028d... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

update release notes for 2.11.1 (#736) (#738)

* update release notes for 2.11.1

Signed-off-by: Subhobrata Dey <email address hidden>

* Update opensearch-security-analytics.release-notes-2.11.1.0.md

---------

Signed-off-by: Subhobrata Dey <email address hidden>
(cherry picked from commit 9b36b3538f57ceb290e04880ab28f109fbbb0940)

Co-authored-by: Subhobrata Dey <email address hidden>

53fce55... by Surya Sashank Nistala <email address hidden>

Revert "fix doc level query constructor (#651) (#682)" (#735)

This reverts commit 282046d7c76048f6e2120fcfe2eb7b50360d015f.

Signed-off-by: Surya Sashank Nistala <email address hidden>

6ef168d... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

Added release notes for 2.11.1 (#727) (#729)

* added release notes for 2.11.1

Signed-off-by: Amardeepsingh Siglani <email address hidden>

* updated release notes

Signed-off-by: Amardeepsingh Siglani <email address hidden>

---------

Signed-off-by: Amardeepsingh Siglani <email address hidden>
(cherry picked from commit 177e8313008381c464ec7627a95d1b6a40c194d5)

Co-authored-by: Amardeepsingh Siglani <email address hidden>

29f2cae... by Joanne Wang <email address hidden>

Revert Threat Intel Changes for 2.11 (#717)

* Revert "make threat intel async (#703) (#704)"

This reverts commit 5b4ab6c20755ece318ab5a7ba740c7b7f3ace952.

Signed-off-by: Joanne Wang <email address hidden>

* Revert "Integrate threat intel feeds (#669) (#690)"

This reverts commit 559d97eb4e14a3c7e3be7a7293942dc0af5713e6.

Signed-off-by: Joanne Wang <email address hidden>

---------

Signed-off-by: Joanne Wang <email address hidden>

658aa99... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

add rollover & archival mechanism for correlation history indices (#670) (#707)

Signed-off-by: Subhobrata Dey <email address hidden>

5fd01b0... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

Incremented version to 2.11.1 (#668)

Signed-off-by: GitHub <email address hidden>
Co-authored-by: opensearch-ci-bot <email address hidden>

5b4ab6c... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

make threat intel async (#703) (#704)

Signed-off-by: Subhobrata Dey <email address hidden>
(cherry picked from commit 0dd978744b5e35165e3645af3083e9309fee41ed)

Co-authored-by: Subhobrata Dey <email address hidden>

c605fa0... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

fix detector writeTo() method missing fields (#695) (#699)

* fix detector writeTo() method missing fields

Signed-off-by: Surya Sashank Nistala <email address hidden>

* fix test

Signed-off-by: Surya Sashank Nistala <email address hidden>

---------

Signed-off-by: Surya Sashank Nistala <email address hidden>
(cherry picked from commit 7a452039e4bb7c6010cebffb1a455b84a23514f3)

Co-authored-by: Surya Sashank Nistala <email address hidden>

1f3b093... by "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>

return rule fields which do not have aliases (#652) (#694)

* return rule fields which do not have aliases

Signed-off-by: Subhobrata Dey <email address hidden>

* return rule fields which do not have aliases

Signed-off-by: Subhobrata Dey <email address hidden>

---------

Signed-off-by: Subhobrata Dey <email address hidden>
(cherry picked from commit 92a620d158d27d860ad81e5e04c00b54387ea74e)

Co-authored-by: Subhobrata Dey <email address hidden>

559d97e... by Joanne Wang <email address hidden>

Integrate threat intel feeds (#669) (#690)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* create doc level query from threat intel feed data index docs"

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* with listener and processor

* removed actions

* clean up

* added parser

* add unit tests

* refactored class names

* before moving db

* after moving db

* added actions to plugin and removed user schedule

* unit tests

* fix build error

* changed transport naming

---------

* converge job scheduler code with threat intel feed integration in detectors

* converge job scheduler and detector threat intel code

* add feed metadata config files in src and test

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* fix compilation issues in tests

* test udpate detector disabling threat intel

* add tests for detector creation and updation with threat intel

* Threat intel test (#673)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* create doc level query from threat intel feed data index docs"

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* with listener and processor

* removed actions

* clean up

* added parser

* add unit tests

* refactored class names

* before moving db

* after moving db

* added actions to plugin and removed user schedule

* unit tests

* fix build error

* changed transport naming

---------

* converge job scheduler code with threat intel feed integration in detectors

* refactored out unecessary

* added headers and cleaned up

* converge job scheduler and detector threat intel code

* working on testing

* fixed the parser and build.gradle

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* create doc level query from threat intel feed data index docs"

* handle threat intel enabled check during detector updation

* add tests for testing threat intel feed integration with detectors

* Threat intel feeds job runner and unit tests (#654)

* fix doc level query constructor (#651)

* add mapping for indices storing threat intel feed data

* fix feed indices mapping

* add threat intel feed data dao

* add threatIntelEnabled field in detector.

* add threat intel feed service and searching feeds

* ti feed data to doc level query convertor logic added

* plug threat intel feed into detector creation

* Preliminary framework for jobscheduler and datasource (#626)

* with listener and processor

* removed actions

* clean up

* added parser

* add unit tests

* refactored class names

* before moving db

* after moving db

* added actions to plugin and removed user schedule

* unit tests

* fix build error

* changed transport naming

---------

* converge job scheduler code with threat intel feed integration in detectors

* converge job scheduler and detector threat intel code

* add feed metadata config files in src and test

* clean up some tests

* fixed merge conflicts

* adds ioc fields list in log type config files and ioc fields object in LogType POJO

* update csv parser and new metadata field

* fixed job scheduler interval settings

* add tests for ioc to fields for each log type

* removed wildcards

---------

* fix threat intel integ tests and add update detector logic

* JS for Threat intel feeds - changed extension (#675)

* merge conflicts

* fixed java wildcards and changed update key name

* integ test failing

* fix job scheduler params

* changed extension and has debug messages

* clean up

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

---------

* TIF Job Runner Cleanup (#676)

* merge conflicts

* fixed java wildcards and changed update key name

* integ test failing

* fix job scheduler params

* changed extension and has debug messages

* clean up

* fixed job scheduler plugin spi jar resolution

* cleaned up TODOs and changed job scheduler name

* removed google commons unused import, updated interval setting, removed rest action

* removed policy file and updated name for job scheduler

* responded to comments about parameter validator and TIFMetadata

* refactored ThreatIntelFeedDataService and changed variables to public static final where possible

* changed opensearch-sap-threatintel to opensearch-sap-threat-intel

---------

* fix TIFJobParameter class

* test detector updation when feed updation job runs

* removed delete job scheduler code and cleaned up (#678)

* working integ test (#680)

* fix timeout of tif job creation

* remove unncessary thread forking in put tif job action

* refactoring code to address review comments

* detector trigger detection types

* pull out threat intel rest tests into separate test class

* add detection types testing in detector trigger for rules and threat intel detection scenarios

* add license header

* add threat intel field aliases in mapping view response

* fix threat intel feed parser

* fix workflow failing test

* spotless check failures fixed

* remove dockerfile (#689)

---------

Signed-off-by: Surya Sashank Nistala <email address hidden>
Signed-off-by: Joanne Wang <email address hidden>
Signed-off-by: Joanne Wang <email address hidden>
Co-authored-by: Surya Sashank Nistala <email address hidden>