Examples with Aggregators org.apache.metron.common.aggregator.Aggregators used on opensource projects

Search in sources :

Example 1 with Aggregators

use of org.apache.metron.common.aggregator.Aggregators in project metron by apache.

the class ThreatTriageProcessor method apply.

@Nullable
@Override
public ThreatScore apply(@Nullable Map input) {
    ThreatScore threatScore = new ThreatScore();
    StellarPredicateProcessor predicateProcessor = new StellarPredicateProcessor();
    StellarProcessor processor = new StellarProcessor();
    VariableResolver resolver = new MapVariableResolver(input, sensorConfig.getConfiguration(), threatIntelConfig.getConfig());
    // attempt to apply each rule to the threat
    for (RiskLevelRule rule : threatTriageConfig.getRiskLevelRules()) {
        if (predicateProcessor.parse(rule.getRule(), resolver, functionResolver, context)) {
            // add the rule's score to the overall threat score
            String reason = execute(rule.getReason(), processor, resolver, String.class);
            RuleScore score = new RuleScore(rule, reason);
            threatScore.addRuleScore(score);
        }
    }
    // calculate the aggregate threat score
    Aggregators aggregators = threatTriageConfig.getAggregator();
    List<Number> allScores = threatScore.getRuleScores().stream().map(score -> score.getRule().getScore()).collect(Collectors.toList());
    Double aggregateScore = aggregators.aggregate(allScores, threatTriageConfig.getAggregationConfig());
    threatScore.setScore(aggregateScore);
    return threatScore;
}
Also used : StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore) FunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) Function(com.google.common.base.Function) RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) Collectors(java.util.stream.Collectors) SensorEnrichmentConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig) List(java.util.List) ThreatIntelConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig) RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore) Map(java.util.Map) Aggregators(org.apache.metron.common.aggregator.Aggregators) ThreatTriageConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig) ConversionUtils(org.apache.metron.stellar.common.utils.ConversionUtils) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor) Nullable(javax.annotation.Nullable) Context(org.apache.metron.stellar.dsl.Context) ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule) Aggregators(org.apache.metron.common.aggregator.Aggregators) RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor) Nullable(javax.annotation.Nullable)

Aggregations

Function (com.google.common.base.Function)1 List (java.util.List)1 Map (java.util.Map)1 Collectors (java.util.stream.Collectors)1 Nullable (javax.annotation.Nullable)1 Aggregators (org.apache.metron.common.aggregator.Aggregators)1 SensorEnrichmentConfig (org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)1 RiskLevelRule (org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule)1 RuleScore (org.apache.metron.common.configuration.enrichment.threatintel.RuleScore)1 ThreatIntelConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)1 ThreatScore (org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore)1 ThreatTriageConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig)1 StellarPredicateProcessor (org.apache.metron.stellar.common.StellarPredicateProcessor)1 StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)1 ConversionUtils (org.apache.metron.stellar.common.utils.ConversionUtils)1 Context (org.apache.metron.stellar.dsl.Context)1 MapVariableResolver (org.apache.metron.stellar.dsl.MapVariableResolver)1 VariableResolver (org.apache.metron.stellar.dsl.VariableResolver)1 FunctionResolver (org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial