Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <jowg@amazon.com> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <jowg@amazon.com> * with listener and processor Signed-off-by: Joanne Wang <jowg@amazon.com> * removed actions Signed-off-by: Joanne Wang <jowg@amazon.com> * clean up Signed-off-by: Joanne Wang <jowg@amazon.com> * added parser Signed-off-by: Joanne Wang <jowg@amazon.com> * add unit tests Signed-off-by: Joanne Wang <jowg@amazon.com> * refactored class names Signed-off-by: Joanne Wang <jowg@amazon.com> * before moving db Signed-off-by: Joanne Wang <jowg@amazon.com> * after moving db Signed-off-by: Joanne Wang <jowg@amazon.com> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <jowg@amazon.com> * unit tests Signed-off-by: Joanne Wang <jowg@amazon.com> * fix build error Signed-off-by: Joanne Wang <jowg@amazon.com> * changed transport naming Signed-off-by: Joanne Wang <jowg@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: Joanne Wang <jowg@amazon.com> Co-authored-by: Surya Sashank Nistala <snistala@amazon.com> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * refactored out unecessary Signed-off-by: Joanne Wang <jowg@amazon.com> * added headers and cleaned up Signed-off-by: Joanne Wang <jowg@amazon.com> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * working on testing Signed-off-by: Joanne Wang <jowg@amazon.com> * fixed the parser and build.gradle Signed-off-by: Joanne Wang <jowg@amazon.com> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <jowg@amazon.com> * create doc level query from threat intel feed data index docs" Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * handle threat intel enabled check during detector updation * add tests for testing threat intel feed integration with detectors Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Threat intel feeds job runner and unit tests (#654) * fix doc level query constructor (#651) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add mapping for indices storing threat intel feed data * fix feed indices mapping * add threat intel feed data dao Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threatIntelEnabled field in detector. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add threat intel feed service and searching feeds Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * ti feed data to doc level query convertor logic added * plug threat intel feed into detector creation Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * Preliminary framework for jobscheduler and datasource (#626) Signed-off-by: Joanne Wang <jowg@amazon.com> * with listener and processor Signed-off-by: Joanne Wang <jowg@amazon.com> * removed actions Signed-off-by: Joanne Wang <jowg@amazon.com> * clean up Signed-off-by: Joanne Wang <jowg@amazon.com> * added parser Signed-off-by: Joanne Wang <jowg@amazon.com> * add unit tests Signed-off-by: Joanne Wang <jowg@amazon.com> * refactored class names Signed-off-by: Joanne Wang <jowg@amazon.com> * before moving db Signed-off-by: Joanne Wang <jowg@amazon.com> * after moving db Signed-off-by: Joanne Wang <jowg@amazon.com> * added actions to plugin and removed user schedule Signed-off-by: Joanne Wang <jowg@amazon.com> * unit tests Signed-off-by: Joanne Wang <jowg@amazon.com> * fix build error Signed-off-by: Joanne Wang <jowg@amazon.com> * changed transport naming Signed-off-by: Joanne Wang <jowg@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: Joanne Wang <jowg@amazon.com> Co-authored-by: Surya Sashank Nistala <snistala@amazon.com> * converge job scheduler code with threat intel feed integration in detectors Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * converge job scheduler and detector threat intel code Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add feed metadata config files in src and test Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * clean up some tests Signed-off-by: Joanne Wang <jowg@amazon.com> * fixed merge conflicts Signed-off-by: Joanne Wang <jowg@amazon.com> * adds ioc fields list in log type config files and ioc fields object in LogType POJO * update csv parser and new metadata field Signed-off-by: Joanne Wang <jowg@amazon.com> * fixed job scheduler interval settings Signed-off-by: Joanne Wang <jowg@amazon.com> * add tests for ioc to fields for each log type Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * removed wildcards Signed-off-by: Joanne Wang <jowg@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: Joanne Wang <jowg@amazon.com> Signed-off-by: Joanne Wang <109310487+jowg-amazon@users.noreply.github.com> Co-authored-by: Joanne Wang <109310487+jowg-amazon@users.noreply.github.com> Co-authored-by: Joanne Wang <jowg@amazon.com>
- Loading branch information