Examples with Extractor org.apache.metron.dataloads.extractor.Extractor used on opensource projects

Search in sources :

Example 1 with Extractor

use of org.apache.metron.dataloads.extractor.Extractor in project metron by apache.

the class TaxiiLoader method main.

public static void main(String... argv) throws Exception {
    Configuration conf = HBaseConfiguration.create();
    String zkQuorum = conf.get(HConstants.ZOOKEEPER_QUORUM);
    String[] otherArgs = new GenericOptionsParser(conf, argv).getRemainingArgs();
    CommandLine cli = TaxiiOptions.parse(new PosixParser(), otherArgs);
    if (TaxiiOptions.LOG4J_PROPERTIES.has(cli)) {
        PropertyConfigurator.configure(TaxiiOptions.LOG4J_PROPERTIES.get(cli));
    }
    ExtractorHandler handler = ExtractorHandler.load(FileUtils.readFileToString(new File(TaxiiOptions.EXTRACTOR_CONFIG.get(cli))));
    Extractor e = handler.getExtractor();
    SensorEnrichmentUpdateConfig sensorEnrichmentUpdateConfig = null;
    if (TaxiiOptions.ENRICHMENT_CONFIG.has(cli)) {
        sensorEnrichmentUpdateConfig = JSONUtils.INSTANCE.load(new File(TaxiiOptions.ENRICHMENT_CONFIG.get(cli)), SensorEnrichmentUpdateConfig.class);
        sensorEnrichmentUpdateConfig.updateSensorConfigs();
    }
    Timer timer = new Timer();
    if (isStixExtractor(e)) {
        Extractor extractor = e;
        TaxiiConnectionConfig connectionConfig = TaxiiConnectionConfig.load(FileUtils.readFileToString(new File(TaxiiOptions.CONNECTION_CONFIG.get(cli))));
        if (TaxiiOptions.BEGIN_TIME.has(cli)) {
            Date d = DATE_FORMAT.parse(TaxiiOptions.BEGIN_TIME.get(cli));
            connectionConfig.withBeginTime(d);
        }
        long timeBetween = DEFAULT_TIME_BETWEEN_POLLS;
        if (TaxiiOptions.TIME_BETWEEN_POLLS.has(cli)) {
            timeBetween = Long.parseLong(TaxiiOptions.TIME_BETWEEN_POLLS.get(cli));
        }
        timer.scheduleAtFixedRate(new TaxiiHandler(connectionConfig, extractor, conf), 0, timeBetween);
    } else {
        throw new IllegalStateException("Extractor must be a STIX Extractor");
    }
}
Also used : HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration) Configuration(org.apache.hadoop.conf.Configuration) ExtractorHandler(org.apache.metron.dataloads.extractor.ExtractorHandler) Date(java.util.Date) Timer(java.util.Timer) SensorEnrichmentUpdateConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentUpdateConfig) StixExtractor(org.apache.metron.dataloads.extractor.stix.StixExtractor) Extractor(org.apache.metron.dataloads.extractor.Extractor) File(java.io.File) GenericOptionsParser(org.apache.hadoop.util.GenericOptionsParser)

Example 2 with Extractor

use of org.apache.metron.dataloads.extractor.Extractor in project metron by apache.

the class TaxiiIntegrationTest method testTaxii.

@Test
public void testTaxii() throws Exception {
    final MockHBaseTableProvider provider = new MockHBaseTableProvider();
    final Configuration config = HBaseConfiguration.create();
    Extractor extractor = new TransformFilterExtractorDecorator(new StixExtractor());
    TaxiiHandler handler = new TaxiiHandler(TaxiiConnectionConfig.load(taxiiConnectionConfig), extractor, config) {

        @Override
        protected synchronized HTableInterface createHTable(String tableInfo) throws IOException {
            return provider.addToCache("threat_intel", "cf");
        }
    };
    // UnitTestHelper.verboseLogging();
    handler.run();
    Set<String> maliciousDomains;
    {
        MockHTable table = (MockHTable) provider.getTable(config, "threat_intel");
        maliciousDomains = getIndicators("domainname:FQDN", table.getPutLog(), "cf");
    }
    Assert.assertTrue(maliciousDomains.contains("www.office-112.com"));
    Assert.assertEquals(numStringsMatch(MockTaxiiService.pollMsg, "DomainNameObj:Value condition=\"Equals\""), maliciousDomains.size());
    Set<String> maliciousAddresses;
    {
        MockHTable table = (MockHTable) provider.getTable(config, "threat_intel");
        maliciousAddresses = getIndicators("address:IPV_4_ADDR", table.getPutLog(), "cf");
    }
    Assert.assertTrue(maliciousAddresses.contains("94.102.53.142"));
    Assert.assertEquals(numStringsMatch(MockTaxiiService.pollMsg, "AddressObj:Address_Value condition=\"Equal\""), maliciousAddresses.size());
    MockHBaseTableProvider.clear();
    // Ensure that the handler can be run multiple times without connection issues.
    handler.run();
}
Also used : TransformFilterExtractorDecorator(org.apache.metron.dataloads.extractor.TransformFilterExtractorDecorator) StixExtractor(org.apache.metron.dataloads.extractor.stix.StixExtractor) HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration) Configuration(org.apache.hadoop.conf.Configuration) MockHBaseTableProvider(org.apache.metron.hbase.mock.MockHBaseTableProvider) StixExtractor(org.apache.metron.dataloads.extractor.stix.StixExtractor) Extractor(org.apache.metron.dataloads.extractor.Extractor) MockHTable(org.apache.metron.hbase.mock.MockHTable)

Example 3 with Extractor

use of org.apache.metron.dataloads.extractor.Extractor in project metron by apache.

the class StixExtractorTest method testStixAddresses.

public void testStixAddresses(final String stixDoc) throws Exception {
    Thread t1 = new Thread(() -> {
        try {
            ExtractorHandler handler = ExtractorHandler.load(stixConfigOnlyIPV4);
            Extractor extractor = handler.getExtractor();
            Iterable<LookupKV> results = extractor.extract(stixDoc);
            Assert.assertEquals(3, Iterables.size(results));
            Assert.assertEquals("10.0.0.0", ((EnrichmentKey) (Iterables.get(results, 0).getKey())).indicator);
            Assert.assertEquals("10.0.0.1", ((EnrichmentKey) (Iterables.get(results, 1).getKey())).indicator);
            Assert.assertEquals("10.0.0.2", ((EnrichmentKey) (Iterables.get(results, 2).getKey())).indicator);
        } catch (Exception ex) {
            throw new RuntimeException(ex.getMessage(), ex);
        }
    });
    Thread t2 = new Thread(() -> {
        try {
            ExtractorHandler handler = ExtractorHandler.load(stixConfig);
            Extractor extractor = handler.getExtractor();
            Iterable<LookupKV> results = extractor.extract(stixDoc);
            Assert.assertEquals(3, Iterables.size(results));
            Assert.assertEquals("10.0.0.0", ((EnrichmentKey) (Iterables.get(results, 0).getKey())).indicator);
            Assert.assertEquals("10.0.0.1", ((EnrichmentKey) (Iterables.get(results, 1).getKey())).indicator);
            Assert.assertEquals("10.0.0.2", ((EnrichmentKey) (Iterables.get(results, 2).getKey())).indicator);
        } catch (Exception ex) {
            throw new RuntimeException(ex.getMessage(), ex);
        }
    });
    Thread t3 = new Thread(() -> {
        try {
            ExtractorHandler handler = ExtractorHandler.load(stixConfigOnlyIPV6);
            Extractor extractor = handler.getExtractor();
            Iterable<LookupKV> results = extractor.extract(stixDoc);
            Assert.assertEquals(0, Iterables.size(results));
        } catch (Exception ex) {
            throw new RuntimeException(ex.getMessage(), ex);
        }
    });
    t1.run();
    t2.run();
    t3.run();
    t1.join();
    t2.join();
    t3.join();
}
Also used : LookupKV(org.apache.metron.enrichment.lookup.LookupKV) ExtractorHandler(org.apache.metron.dataloads.extractor.ExtractorHandler) Extractor(org.apache.metron.dataloads.extractor.Extractor)

Aggregations

Extractor (org.apache.metron.dataloads.extractor.Extractor)3 Configuration (org.apache.hadoop.conf.Configuration)2 HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)2 ExtractorHandler (org.apache.metron.dataloads.extractor.ExtractorHandler)2 StixExtractor (org.apache.metron.dataloads.extractor.stix.StixExtractor)2 File (java.io.File)1 Date (java.util.Date)1 Timer (java.util.Timer)1 GenericOptionsParser (org.apache.hadoop.util.GenericOptionsParser)1 SensorEnrichmentUpdateConfig (org.apache.metron.common.configuration.enrichment.SensorEnrichmentUpdateConfig)1 TransformFilterExtractorDecorator (org.apache.metron.dataloads.extractor.TransformFilterExtractorDecorator)1 LookupKV (org.apache.metron.enrichment.lookup.LookupKV)1 MockHBaseTableProvider (org.apache.metron.hbase.mock.MockHBaseTableProvider)1 MockHTable (org.apache.metron.hbase.mock.MockHTable)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial