Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.19] [2.x]Adds support for uploading threat intelligence in Custom Format JSON #1485

Open
wants to merge 1 commit into
base: 2.19
Choose a base branch
from
Open

[Backport 2.19] [2.x]Adds support for uploading threat intelligence in Custom Format JSON #1485

wants to merge 1 commit into from

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 1b3d5c2 from #1455

@eirsep @github-actions
[2.x]Adds support for uploading threat intelligence in Custom Format …
24b89c4 
…JSON (#1455)

* revert common utils dep change

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* adds jsonpath deps

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* adds custom JsonSchema request model

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* adds parsing iocs via new tif source type - custom schema ioc upload

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* change Ioc Type variable from enum to string to support custom ioc types

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove ioc type check to allow custom types

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add name and id field parsing via json path annotation

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* adds custom schema json parsing codec that parses based on JsonPath notations

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix stix ioc parsing with null checks on each text field

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove ioc type lower case conversion in ioc scan service

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* compute ioc types from iocs list instead of fetching from request

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* compute ioc types from parsed iocs in S3 threat intel source download

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add null check

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* rewrite amazon s3 connector to compute correct input codec

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* revert if else flip for create connector

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* add logging to trace threat intel monitor execution

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove source type CUSTOM_SCHEMA_IOC_UPLOAD and merge the new source object into IOC_UPlOAD

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* validate that threat intel ioc type and schema that json is valid and also a legal string

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* remove iskey

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* update java docs

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* handle numbers in ioc value column

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix review comments

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* fix doc level monitor input constructor

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* udpate jar

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* revert build.gradle change

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

* upgrade json smart to 2.5.2 to deal with CVE-2024-57699

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>

---------

Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
(cherry picked from commit 1b3d5c2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@eirsep eirsep Awaiting requested review from eirsep eirsep is a code owner

@jowg-amazon jowg-amazon Awaiting requested review from jowg-amazon jowg-amazon is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@eirsep