[Backport 2.19] [2.x]Adds support for uploading threat intelligence in Custom Format JSON #1485
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…JSON (#1455) * revert common utils dep change Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * adds jsonpath deps Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * adds custom JsonSchema request model Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * adds parsing iocs via new tif source type - custom schema ioc upload Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * change Ioc Type variable from enum to string to support custom ioc types Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * remove ioc type check to allow custom types Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add name and id field parsing via json path annotation Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * adds custom schema json parsing codec that parses based on JsonPath notations Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * fix stix ioc parsing with null checks on each text field Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * remove ioc type lower case conversion in ioc scan service Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * compute ioc types from iocs list instead of fetching from request Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * compute ioc types from parsed iocs in S3 threat intel source download Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add null check Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * rewrite amazon s3 connector to compute correct input codec Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * revert if else flip for create connector Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add logging to trace threat intel monitor execution Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * remove source type CUSTOM_SCHEMA_IOC_UPLOAD and merge the new source object into IOC_UPlOAD Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * validate that threat intel ioc type and schema that json is valid and also a legal string Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * remove iskey Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * update java docs Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * handle numbers in ioc value column Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * fix review comments Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * fix doc level monitor input constructor Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * udpate jar Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * revert build.gradle change Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * upgrade json smart to 2.5.2 to deal with CVE-2024-57699 Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> (cherry picked from commit 1b3d5c2)
opensearch-trigger-bot
bot
requested review from
AWSHurneyt,
amsiglan,
eirsep,
engechas,
getsaurabh02,
goyamegh,
jowg-amazon,
lezzago,
praveensameneni,
riysaxen-amzn and
sbcd90
as code owners
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 1b3d5c2 from #1455