@Override public EnrichmentConfig getUnderlyingConfig(SensorEnrichmentConfig config) { return config.getEnrichment(); }
public static EnrichmentConfig getConfig(SensorEnrichmentConfig sensorConfig, Type type) { EnrichmentConfig enrichmentConfig = null; switch(type) { case ENRICHMENT: enrichmentConfig = sensorConfig.getEnrichment(); break; case THREAT_INTEL: case THREATINTEL: enrichmentConfig = sensorConfig.getThreatIntel(); } return enrichmentConfig; }
@Override public int hashCode() { int result = getEnrichment() != null ? getEnrichment().hashCode() : 0; result = 31 * result + (getEnrichment() != null ? getEnrichment().hashCode() : 0); result = 31 * result + (getThreatIntel() != null ? getThreatIntel().hashCode() : 0); result = 31 * result + (getConfiguration() != null ? getConfiguration().hashCode() : 0); return result; }
public Map<String, Object> getFieldMap(String sourceType) { if(sourceType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sourceType); if (config != null && config.getEnrichment() != null) { return config.getEnrichment().getFieldMap(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sourceType); } } else { LOG.error("Trying to retrieve a field map with source type of null"); } return null; } }
protected Map<String, Object > getFieldMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getFieldMap(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); }
protected Map<String, ConfigHandler> getFieldToHandlerMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getEnrichmentConfigs(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); }
protected Map<String, ConfigHandler> getFieldToHandlerMap(String sensorType) { if(sensorType != null) { SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sensorType); if (config != null) { return config.getEnrichment().getEnrichmentConfigs(); } else { LOG.debug("Unable to retrieve a sensor enrichment config of {}", sensorType); } } else { LOG.error("Trying to retrieve a field map with sensor type of null"); } return new HashMap<>(); } protected Map<String, Object > getFieldMap(String sensorType) {
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; SensorEnrichmentConfig that = (SensorEnrichmentConfig) o; if (getEnrichment() != null ? !getEnrichment().equals(that.getEnrichment()) : that.getEnrichment() != null) return false; if (getThreatIntel() != null ? !getThreatIntel().equals(that.getThreatIntel()) : that.getThreatIntel() != null) return false; return getConfiguration() != null ? getConfiguration().equals(that.getConfiguration()) : that.getConfiguration() == null; }
fieldMap = config.getEnrichment().getFieldMap(); if(fieldMap!= null) { fieldList = (List<String>)fieldMap.get(Constants.SIMPLE_HBASE_ENRICHMENT); fieldMap.put(Constants.SIMPLE_HBASE_ENRICHMENT, fieldList); fieldToTypeMap = config.getEnrichment().getFieldToTypeMap(); if(fieldToTypeMap == null) { fieldToTypeMap = new HashMap<>(); config.getEnrichment().setFieldToTypeMap(fieldToTypeMap);
@Override public JSONObject enrich(CacheKey value) { Context stellarContext = (Context) value.getConfig().getConfiguration().get(STELLAR_CONTEXT_CONF); ConfigHandler handler = getHandler.apply(value.getConfig()); Map<String, Object> globalConfig = value.getConfig().getConfiguration(); Map<String, Object> sensorConfig = value.getConfig().getEnrichment().getConfig(); if(handler == null) { _LOG.trace("Stellar ConfigHandler is null."); return new JSONObject(); } Long slowLogThreshold = null; if(_PERF_LOG.isDebugEnabled()) { slowLogThreshold = ConversionUtils.convert(globalConfig.getOrDefault(STELLAR_SLOW_LOG, STELLAR_SLOW_LOG_DEFAULT), Long.class); } //Ensure that you clone the message, because process will modify the message. If the message object is modified //then cache misses will happen because the cache will be modified. Map<String, Object> message = new HashMap<>(value.getValue(Map.class)); VariableResolver resolver = new MapVariableResolver(message, sensorConfig, globalConfig); StellarProcessor processor = new StellarProcessor(); JSONObject enriched = process(message , handler , value.getField() , slowLogThreshold , processor , resolver , stellarContext ); _LOG.trace("Stellar Enrichment Success: {}", enriched); return enriched; }
.getEnrichment().getFieldToTypeMap() .get(EnrichmentUtils.toTopLevelField(value.getField())); if(isInitialized() && enrichmentTypes != null && value.getValue() != null) { , new EnrichmentUtils.TypeToKey( value.coerceValue(String.class) , lookup.getTable() , value.getConfig().getEnrichment()
Assert.assertNotSame(outputScs.get("bro"), broSc); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap().get(Constants.SIMPLE_HBASE_ENRICHMENT)).size() , 2 ); Assert.assertTrue( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap() .get(Constants.SIMPLE_HBASE_ENRICHMENT)) .contains("ip_src_addr") ); Assert.assertTrue( outputScs.get("bro").toJSON() , ((List<String>)outputScs.get("bro").getEnrichment().getFieldMap() .get(Constants.SIMPLE_HBASE_ENRICHMENT)) .contains("ip_dst_addr") ); Assert.assertEquals( outputScs.get("bro").toJSON() , outputScs.get("bro").getEnrichment().getFieldToTypeMap().keySet().size() , 2 ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr"))).size() , 1 ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr"))).get(0) , "playful" ); Assert.assertEquals( outputScs.get("bro").toJSON() , ((List<String>)(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_dst_addr"))).size()
add("enrichmentField"); }}); testSensorConfig.getEnrichment().setFieldMap(enrichmentFieldMap); Map<String, Object> threatIntelFieldMap = new HashMap<>(); threatIntelFieldMap.put("threatIntelTest", new ArrayList<String>() {{