Example 1 with LookupKV
use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.
the class StixExtractor method main.
public static void main(String[] args) throws IOException {
File file = new File("/tmp/sample.xml");
/*if (args.length > 0) {
file = new File(args[0]);
} else {
try {
URL url = XML2Object.class.getClass().getResource(
"/org/mitre/stix/examples/sample.xml");
file = new File(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}*/
String line = FileUtils.readFileToString(file);
StixExtractor extractor = new StixExtractor();
for (LookupKV results : extractor.extract(line)) {
System.out.println(results);
}
}Example 2 with LookupKV
use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.
the class StixExtractor method extract.
@Override
public Iterable<LookupKV> extract(String line) throws IOException {
STIXPackage stixPackage = STIXPackage.fromXMLString(line.replaceAll("\"Equal\"", "\"Equals\""));
List<LookupKV> ret = new ArrayList<>();
for (Observable o : getObservables(stixPackage)) {
ObjectType obj = o.getObject();
if (obj != null) {
ObjectPropertiesType props = obj.getProperties();
if (props != null) {
ObjectTypeHandler handler = ObjectTypeHandlers.getHandlerByInstance(props);
if (handler != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Found {} for properties {}", handler.getTypeClass().getCanonicalName(), props.toXMLString());
}
Iterable<LookupKV> extractions = handler.extract(props, config);
for (LookupKV extraction : extractions) {
ret.add(extraction);
}
} else if (LOG.isDebugEnabled()) {
LOG.debug("Did not find a handler for properties {} of type {}", props.toXMLString(), props.getClass());
}
}
}
}
return ret;
}
Also used :
STIXPackage(org.mitre.stix.stix_1.STIXPackage)
ObjectType(org.mitre.cybox.cybox_2.ObjectType)
ObjectTypeHandler(org.apache.metron.dataloads.extractor.stix.types.ObjectTypeHandler)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
ArrayList(java.util.ArrayList)
Observable(org.mitre.cybox.cybox_2.Observable)
Example 3 with LookupKV
use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.
the class AddressHandler method extract.
@Override
public Iterable<LookupKV> extract(final Address type, Map<String, Object> config) throws IOException {
List<LookupKV> ret = new ArrayList<>();
final CategoryTypeEnum category = type.getCategory();
if (!SUPPORTED_CATEGORIES.contains(category)) {
return ret;
}
String typeStr = getType();
if (config != null) {
if (config.containsKey(SPECIFIC_CATEGORY_CONFIG)) {
List<CategoryTypeEnum> categories = new ArrayList<>();
for (String c : Splitter.on(",").split(config.get(SPECIFIC_CATEGORY_CONFIG).toString())) {
categories.add(CategoryTypeEnum.valueOf(c));
}
EnumSet<CategoryTypeEnum> specificCategories = EnumSet.copyOf(categories);
if (!specificCategories.contains(category)) {
return ret;
}
}
if (config.containsKey(TYPE_CONFIG)) {
typeStr = config.get(TYPE_CONFIG).toString();
}
}
StringObjectPropertyType value = type.getAddressValue();
for (String token : StixExtractor.split(value)) {
final String indicatorType = typeStr + ":" + category;
LookupKV results = new LookupKV(new EnrichmentKey(indicatorType, token), new EnrichmentValue(new HashMap<String, Object>() {
{
put("source-type", "STIX");
put("indicator-type", indicatorType);
put("source", type.toXMLString());
}
}));
ret.add(results);
}
return ret;
}
Also used :
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
StringObjectPropertyType(org.mitre.cybox.common_2.StringObjectPropertyType)
CategoryTypeEnum(org.mitre.cybox.objects.CategoryTypeEnum)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Example 4 with LookupKV
use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.
the class DomainHandler method extract.
@Override
public Iterable<LookupKV> extract(final DomainName type, Map<String, Object> config) throws IOException {
List<LookupKV> ret = new ArrayList<>();
String typeStr = getType();
if (config != null) {
Object o = config.get(TYPE_CONFIG);
if (o != null) {
typeStr = o.toString();
}
}
final DomainNameTypeEnum domainType = type.getType();
if (domainType == null || SUPPORTED_TYPES.contains(domainType)) {
StringObjectPropertyType value = type.getValue();
for (String token : StixExtractor.split(value)) {
final String indicatorType = typeStr + ":" + DomainNameTypeEnum.FQDN;
LookupKV results = new LookupKV(new EnrichmentKey(indicatorType, token), new EnrichmentValue(new HashMap<String, Object>() {
{
put("source-type", "STIX");
put("indicator-type", indicatorType);
put("source", type.toXMLString());
}
}));
ret.add(results);
}
}
return ret;
}
Also used :
DomainNameTypeEnum(org.mitre.cybox.objects.DomainNameTypeEnum)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
StringObjectPropertyType(org.mitre.cybox.common_2.StringObjectPropertyType)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Example 5 with LookupKV
use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.
the class URIHandler method extract.
@Override
public Iterable<LookupKV> extract(URIObjectType type, Map<String, Object> config) throws IOException {
List<LookupKV> ret = new ArrayList<>();
if (type != null) {
AnyURIObjectPropertyType val = type.getValue();
if (val != null) {
Object v = val.getValue();
if (v != null) {
final String indicatorType = getType();
LookupKV results = new LookupKV(new EnrichmentKey(indicatorType, v.toString()), new EnrichmentValue(new HashMap<String, Object>() {
{
put("source-type", "STIX");
put("uri", v.toString());
put("indicator-type", indicatorType);
put("source", type.toXMLString());
}
}));
ret.add(results);
}
}
}
return ret;
}
Also used :
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
AnyURIObjectPropertyType(org.mitre.cybox.common_2.AnyURIObjectPropertyType)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Aggregations
LookupKV (org.apache.metron.enrichment.lookup.LookupKV)33
Test (org.junit.Test)19
EnrichmentKey (org.apache.metron.enrichment.converter.EnrichmentKey)16
EnrichmentValue (org.apache.metron.enrichment.converter.EnrichmentValue)14
ArrayList (java.util.ArrayList)12
EnrichmentConverter (org.apache.metron.enrichment.converter.EnrichmentConverter)10
Result (org.apache.hadoop.hbase.client.Result)9
Delete (org.apache.hadoop.hbase.client.Delete)7
ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)7
MockHTable (org.apache.metron.hbase.mock.MockHTable)6
HashMap (java.util.HashMap)5
Put (org.apache.hadoop.hbase.client.Put)3
WriterConfiguration (org.apache.metron.common.configuration.writer.WriterConfiguration)3
SimpleHbaseEnrichmentWriter (org.apache.metron.enrichment.writer.SimpleHbaseEnrichmentWriter)3
JSONObject (org.json.simple.JSONObject)3
Before (org.junit.Before)3
File (java.io.File)2
ImmutableBytesWritable (org.apache.hadoop.hbase.io.ImmutableBytesWritable)2
ConfigUploadComponent (org.apache.metron.enrichment.integration.components.ConfigUploadComponent)2
EnrichmentLookup (org.apache.metron.enrichment.lookup.EnrichmentLookup)2
