@Override public int hashCode() { int result = getFieldMap() != null ? getFieldMap().hashCode() : 0; result = 31 * result + (getFieldToTypeMap() != null ? getFieldToTypeMap().hashCode() : 0); result = 31 * result + (getConfig() != null ? getConfig().hashCode() : 0); return result; } }
protected Map<String, ConfigHandler> getFieldToHandlerMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getEnrichmentConfigs(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; if (!super.equals(o)) return false; ThreatIntelConfig that = (ThreatIntelConfig) o; return getTriageConfig() != null ? getTriageConfig().equals(that.getTriageConfig()) : that.getTriageConfig() == null; }
) { Map<String, List<JSONObject>> streamMessageMap = new HashMap<>(); Map<String, Object> enrichmentFieldMap = enrichmentStrategy.getUnderlyingConfig(config).getFieldMap(); Map<String, ConfigHandler> fieldToHandler = enrichmentStrategy.getUnderlyingConfig(config).getEnrichmentConfigs();
fieldMap = config.getEnrichment().getFieldMap(); if(fieldMap!= null) { fieldList = (List<String>)fieldMap.get(Constants.SIMPLE_HBASE_ENRICHMENT); fieldMap.put(Constants.SIMPLE_HBASE_ENRICHMENT, fieldList); fieldToTypeMap = config.getEnrichment().getFieldToTypeMap(); if(fieldToTypeMap == null) { fieldToTypeMap = new HashMap<>(); config.getEnrichment().setFieldToTypeMap(fieldToTypeMap);
Assert.assertNotSame(outputScs.get("bro"), broSc); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap().get(Constants.SIMPLE_HBASE_ENRICHMENT)).size() , 2 ); Assert.assertTrue( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap() .get(Constants.SIMPLE_HBASE_ENRICHMENT)) .contains("ip_src_addr") ); Assert.assertTrue( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap() .get(Constants.SIMPLE_HBASE_ENRICHMENT)) .contains("ip_dst_addr") ); Assert.assertEquals( outputScs.get("bro").toJSON() , outputScs.get("bro").getEnrichment().getFieldToTypeMap().keySet().size() , 2 ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr"))).size() , 1 ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr"))).get(0) , "playful" ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_dst_addr"))).size()
public static Map<String, Object> getStellarHandler(EnrichmentConfig enrichmentConfig) { Map<String, Object> fieldMap = enrichmentConfig.getFieldMap(); Map<String, Object> stellarHandler = (Map<String, Object>) fieldMap.getOrDefault("stellar", new HashMap<>()); fieldMap.put("stellar", stellarHandler); stellarHandler.putIfAbsent("config", new LinkedHashMap<String, Object>()); return stellarHandler; }
.getEnrichment().getFieldToTypeMap() .get(EnrichmentUtils.toTopLevelField(value.getField())); if(isInitialized() && enrichmentTypes != null && value.getValue() != null) {
public static String getColumnFamily(String enrichmentType, EnrichmentConfig config) { Object o = config.getConfig().get(TYPE_TO_COLUMN_FAMILY_CONF); if(o == null) { return null; } else { Map<String, String> cfMap = typeToCFs.get().get(o); if(cfMap == null) { cfMap = new HashMap<>(); if(o instanceof Map) { Map map = (Map) o; for(Object key : map.keySet()) { cfMap.put(key.toString(), map.get(key).toString()); } } typeToCFs.get().put(o, cfMap); } return cfMap.get(enrichmentType); } }
@Override public int hashCode() { int result = super.hashCode(); result = 31 * result + (getTriageConfig() != null ? getTriageConfig().hashCode() : 0); return result; }
add("enrichmentField"); }}); testSensorConfig.getEnrichment().setFieldMap(enrichmentFieldMap); Map<String, Object> threatIntelFieldMap = new HashMap<>(); threatIntelFieldMap.put("threatIntelTest", new ArrayList<String>() {{
@Test public void testSerialization() throws Exception { EnrichmentConfig config = JSONUtils.INSTANCE.load(sourceConfigStr, EnrichmentConfig.class); Assert.assertTrue(config.getFieldMap().get("stellar") instanceof Map); Assert.assertTrue(config.getEnrichmentConfigs().get("stellar") instanceof ConfigHandler); Assert.assertEquals(Configs.STELLAR, ((ConfigHandler)config.getEnrichmentConfigs().get("stellar")).getType()); }
protected Map<String, Object > getFieldMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getFieldMap(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); }
@Override public JSONObject enrich(CacheKey value) { Context stellarContext = (Context) value.getConfig().getConfiguration().get(STELLAR_CONTEXT_CONF); ConfigHandler handler = getHandler.apply(value.getConfig()); Map<String, Object> globalConfig = value.getConfig().getConfiguration(); Map<String, Object> sensorConfig = value.getConfig().getEnrichment().getConfig(); if(handler == null) { _LOG.trace("Stellar ConfigHandler is null."); return new JSONObject(); } Long slowLogThreshold = null; if(_PERF_LOG.isDebugEnabled()) { slowLogThreshold = ConversionUtils.convert(globalConfig.getOrDefault(STELLAR_SLOW_LOG, STELLAR_SLOW_LOG_DEFAULT), Long.class); } //Ensure that you clone the message, because process will modify the message. If the message object is modified //then cache misses will happen because the cache will be modified. Map<String, Object> message = new HashMap<>(value.getValue(Map.class)); VariableResolver resolver = new MapVariableResolver(message, sensorConfig, globalConfig); StellarProcessor processor = new StellarProcessor(); JSONObject enriched = process(message , handler , value.getField() , slowLogThreshold , processor , resolver , stellarContext ); _LOG.trace("Stellar Enrichment Success: {}", enriched); return enriched; }
@Override public int hashCode() { int result = getEnrichment() != null ? getEnrichment().hashCode() : 0; result = 31 * result + (getEnrichment() != null ? getEnrichment().hashCode() : 0); result = 31 * result + (getThreatIntel() != null ? getThreatIntel().hashCode() : 0); result = 31 * result + (getConfiguration() != null ? getConfiguration().hashCode() : 0); return result; }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; EnrichmentConfig that = (EnrichmentConfig) o; if (getFieldMap() != null ? !getFieldMap().equals(that.getFieldMap()) : that.getFieldMap() != null) return false; if (getFieldToTypeMap() != null ? !getFieldToTypeMap().equals(that.getFieldToTypeMap()) : that.getFieldToTypeMap() != null) return false; return getConfig() != null ? getConfig().equals(that.getConfig()) : that.getConfig() == null; }
protected Map<String, ConfigHandler> getFieldToHandlerMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getEnrichmentConfigs(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); } protected Map<String, Object > getFieldMap(String sensorType) {
enrichmentConfig.getFieldMap().remove("stellar");
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; SensorEnrichmentConfig that = (SensorEnrichmentConfig) o; if (getEnrichment() != null ? !getEnrichment().equals(that.getEnrichment()) : that.getEnrichment() != null) return false; if (getThreatIntel() != null ? !getThreatIntel().equals(that.getThreatIntel()) : that.getThreatIntel() != null) return false; return getConfiguration() != null ? getConfiguration().equals(that.getConfiguration()) : that.getConfiguration() == null; }
@Test public void testGetSubgroups_default() throws IOException { for(String c : DEFAULT_CONFIGS) { EnrichmentConfig enrichmentConfig = JSONUtils.INSTANCE.load(c, EnrichmentConfig.class); Assert.assertNotNull(enrichmentConfig.getEnrichmentConfigs().get("stellar")); ConfigHandler handler = enrichmentConfig.getEnrichmentConfigs().get("stellar"); List<String> subgroups = Configs.STELLAR.getSubgroups(handler); Assert.assertEquals("", subgroups.get(0)); Assert.assertEquals(1, subgroups.size()); } }