Skip to content

[Backport 2.19] [2.x]Adds support for uploading threat intelligence in Custom Format JSON #1485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 2.19
Choose a base branch
from
Open

[Backport 2.19] [2.x]Adds support for uploading threat intelligence in Custom Format JSON #1485

wants to merge 1 commit into from

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 1b3d5c2 from #1455

@eirsep @github-actions
[2.x]Adds support for uploading threat intelligence in Custom Format …
24b89c4 
…JSON (#1455)

* revert common utils dep change

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds jsonpath deps

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds custom JsonSchema request model

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds parsing iocs via new tif source type - custom schema ioc upload

Signed-off-by: Surya Sashank Nistala <[email protected]>

* change Ioc Type variable from enum to string to support custom ioc types

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove ioc type check to allow custom types

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add name and id field parsing via json path annotation

Signed-off-by: Surya Sashank Nistala <[email protected]>

* adds custom schema json parsing codec that parses based on JsonPath notations

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix stix ioc parsing with null checks on each text field

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove ioc type lower case conversion in ioc scan service

Signed-off-by: Surya Sashank Nistala <[email protected]>

* compute ioc types from iocs list instead of fetching from request

Signed-off-by: Surya Sashank Nistala <[email protected]>

* compute ioc types from parsed iocs in S3 threat intel source download

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add null check

Signed-off-by: Surya Sashank Nistala <[email protected]>

* rewrite amazon s3 connector to compute correct input codec

Signed-off-by: Surya Sashank Nistala <[email protected]>

* revert if else flip for create connector

Signed-off-by: Surya Sashank Nistala <[email protected]>

* add logging to trace threat intel monitor execution

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove source type CUSTOM_SCHEMA_IOC_UPLOAD and merge the new source object into IOC_UPlOAD

Signed-off-by: Surya Sashank Nistala <[email protected]>

* validate that threat intel ioc type and schema that json is valid and also a legal string

Signed-off-by: Surya Sashank Nistala <[email protected]>

* remove iskey

Signed-off-by: Surya Sashank Nistala <[email protected]>

* update java docs

Signed-off-by: Surya Sashank Nistala <[email protected]>

* handle numbers in ioc value column

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix review comments

Signed-off-by: Surya Sashank Nistala <[email protected]>

* fix doc level monitor input constructor

Signed-off-by: Surya Sashank Nistala <[email protected]>

* udpate jar

Signed-off-by: Surya Sashank Nistala <[email protected]>

* revert build.gradle change

Signed-off-by: Surya Sashank Nistala <[email protected]>

* upgrade json smart to 2.5.2 to deal with CVE-2024-57699

Signed-off-by: Surya Sashank Nistala <[email protected]>

---------

Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 1b3d5c2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@eirsep eirsep Awaiting requested review from eirsep eirsep is a code owner

@jowg-amazon jowg-amazon Awaiting requested review from jowg-amazon jowg-amazon is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eirsep