@Nullable
@Override
public ThreatScore apply(@Nullable Map message) {
ThreatScore threatScore = new ThreatScore();
StellarPredicateProcessor predicateProcessor = new StellarPredicateProcessor();
StellarProcessor processor = new StellarProcessor();
VariableResolver variableResolver = new MapVariableResolver(message, sensorConfig.getConfiguration(), threatIntelConfig.getConfig());
for(RiskLevelRule rule : threatTriageConfig.getRiskLevelRules()) {
if(predicateProcessor.parse(rule.getRule(), variableResolver, functionResolver, context)) {
String reason = execute(rule.getReason(), processor, variableResolver, String.class);
Double score = execute(rule.getScoreExpression(), processor, variableResolver, Double.class);
threatScore.addRuleScore(new RuleScore(rule, reason, score));
}
}
List<Number> ruleScores = new ArrayList<>();
for(RuleScore ruleScore: threatScore.getRuleScores()) {
ruleScores.add(ruleScore.getScore());
}
Aggregators aggregators = threatTriageConfig.getAggregator();
Double aggregateScore = aggregators.aggregate(ruleScores, threatTriageConfig.getAggregationConfig());
threatScore.setScore(aggregateScore);
return threatScore;
}