Examples with LookupKV org.apache.metron.enrichment.lookup.LookupKV used on opensource projects

Search in sources :

Example 21 with LookupKV

use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.

the class SimpleHBaseAdapterTest method setup.

@Before
public void setup() throws Exception {
    final MockHTable trackerTable = (MockHTable) MockHBaseTableProvider.addToCache(atTableName, cf);
    final MockHTable hbaseTable = (MockHTable) MockHBaseTableProvider.addToCache(hbaseTableName, cf);
    EnrichmentHelper.INSTANCE.load(hbaseTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {

        {
            add(new LookupKV<>(new EnrichmentKey(PLAYFUL_CLASSIFICATION_TYPE, "10.0.2.3"), new EnrichmentValue(PLAYFUL_ENRICHMENT)));
        }
    });
    EnrichmentHelper.INSTANCE.load(hbaseTable, cf1, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {

        {
            add(new LookupKV<>(new EnrichmentKey(CF1_CLASSIFICATION_TYPE, "10.0.2.4"), new EnrichmentValue(CF1_ENRICHMENT)));
        }
    });
    BloomAccessTracker bat = new BloomAccessTracker(hbaseTableName, 100, 0.03);
    PersistentAccessTracker pat = new PersistentAccessTracker(hbaseTableName, "0", trackerTable, cf, bat, 0L);
    lookup = new EnrichmentLookup(hbaseTable, cf, pat);
    JSONParser jsonParser = new JSONParser();
    expectedMessage = (JSONObject) jsonParser.parse(expectedMessageString);
}
Also used : EnrichmentLookup(org.apache.metron.enrichment.lookup.EnrichmentLookup) LookupKV(org.apache.metron.enrichment.lookup.LookupKV) BloomAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker) PersistentAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker) JSONParser(org.json.simple.parser.JSONParser) MockHTable(org.apache.metron.hbase.mock.MockHTable) EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey) EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue) Before(org.junit.Before)

Example 22 with LookupKV

use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.

the class EnrichmentIntegrationTest method test.

@Test
public void test() throws Exception {
    final String cf = "cf";
    final String trackerHBaseTableName = "tracker";
    final String threatIntelTableName = "threat_intel";
    final String enrichmentsTableName = "enrichments";
    final Properties topologyProperties = new Properties() {

        {
            setProperty("enrichment_workers", "1");
            setProperty("enrichment_acker_executors", "0");
            setProperty("enrichment_topology_worker_childopts", "");
            setProperty("topology_auto_credentials", "[]");
            setProperty("enrichment_topology_max_spout_pending", "");
            setProperty("enrichment_kafka_start", "UNCOMMITTED_EARLIEST");
            setProperty("kafka_security_protocol", "PLAINTEXT");
            setProperty("enrichment_input_topic", Constants.ENRICHMENT_TOPIC);
            setProperty("enrichment_output_topic", Constants.INDEXING_TOPIC);
            setProperty("enrichment_error_topic", ERROR_TOPIC);
            setProperty("threatintel_error_topic", ERROR_TOPIC);
            setProperty("enrichment_join_cache_size", "1000");
            setProperty("threatintel_join_cache_size", "1000");
            setProperty("enrichment_hbase_provider_impl", "" + MockHBaseTableProvider.class.getName());
            setProperty("enrichment_hbase_table", enrichmentsTableName);
            setProperty("enrichment_hbase_cf", cf);
            setProperty("enrichment_host_known_hosts", "[{\"ip\":\"10.1.128.236\", \"local\":\"YES\", \"type\":\"webserver\", \"asset_value\" : \"important\"}," + "{\"ip\":\"10.1.128.237\", \"local\":\"UNKNOWN\", \"type\":\"unknown\", \"asset_value\" : \"important\"}," + "{\"ip\":\"10.60.10.254\", \"local\":\"YES\", \"type\":\"printer\", \"asset_value\" : \"important\"}," + "{\"ip\":\"10.0.2.15\", \"local\":\"YES\", \"type\":\"printer\", \"asset_value\" : \"important\"}]");
            setProperty("threatintel_hbase_table", threatIntelTableName);
            setProperty("threatintel_hbase_cf", cf);
            setProperty("enrichment_kafka_spout_parallelism", "1");
            setProperty("enrichment_split_parallelism", "1");
            setProperty("enrichment_stellar_parallelism", "1");
            setProperty("enrichment_join_parallelism", "1");
            setProperty("threat_intel_split_parallelism", "1");
            setProperty("threat_intel_stellar_parallelism", "1");
            setProperty("threat_intel_join_parallelism", "1");
            setProperty("kafka_writer_parallelism", "1");
        }
    };
    final ZKServerComponent zkServerComponent = getZKServerComponent(topologyProperties);
    final KafkaComponent kafkaComponent = getKafkaComponent(topologyProperties, new ArrayList<KafkaComponent.Topic>() {

        {
            add(new KafkaComponent.Topic(Constants.ENRICHMENT_TOPIC, 1));
            add(new KafkaComponent.Topic(Constants.INDEXING_TOPIC, 1));
            add(new KafkaComponent.Topic(ERROR_TOPIC, 1));
        }
    });
    String globalConfigStr = null;
    {
        File globalConfig = new File(new File(TestConstants.SAMPLE_CONFIG_PATH), "global.json");
        Map<String, Object> config = JSONUtils.INSTANCE.load(globalConfig, JSONUtils.MAP_SUPPLIER);
        config.put(SimpleHBaseEnrichmentFunctions.TABLE_PROVIDER_TYPE_CONF, MockHBaseTableProvider.class.getName());
        config.put(SimpleHBaseEnrichmentFunctions.ACCESS_TRACKER_TYPE_CONF, "PERSISTENT_BLOOM");
        config.put(PersistentBloomTrackerCreator.Config.PERSISTENT_BLOOM_TABLE, trackerHBaseTableName);
        config.put(PersistentBloomTrackerCreator.Config.PERSISTENT_BLOOM_CF, cf);
        config.put(GeoLiteDatabase.GEO_HDFS_FILE, geoHdfsFile.getAbsolutePath());
        globalConfigStr = JSONUtils.INSTANCE.toJSON(config, true);
    }
    ConfigUploadComponent configUploadComponent = new ConfigUploadComponent().withTopologyProperties(topologyProperties).withGlobalConfig(globalConfigStr).withEnrichmentConfigsPath(TestConstants.SAMPLE_CONFIG_PATH);
    // create MockHBaseTables
    final MockHTable trackerTable = (MockHTable) MockHBaseTableProvider.addToCache(trackerHBaseTableName, cf);
    final MockHTable threatIntelTable = (MockHTable) MockHBaseTableProvider.addToCache(threatIntelTableName, cf);
    EnrichmentHelper.INSTANCE.load(threatIntelTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {

        {
            add(new LookupKV<>(new EnrichmentKey(MALICIOUS_IP_TYPE, "10.0.2.3"), new EnrichmentValue(new HashMap<>())));
        }
    });
    final MockHTable enrichmentTable = (MockHTable) MockHBaseTableProvider.addToCache(enrichmentsTableName, cf);
    EnrichmentHelper.INSTANCE.load(enrichmentTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {

        {
            add(new LookupKV<>(new EnrichmentKey(PLAYFUL_CLASSIFICATION_TYPE, "10.0.2.3"), new EnrichmentValue(PLAYFUL_ENRICHMENT)));
        }
    });
    FluxTopologyComponent fluxComponent = new FluxTopologyComponent.Builder().withTopologyLocation(new File(fluxPath())).withTopologyName("test").withTemplateLocation(new File(templatePath)).withTopologyProperties(topologyProperties).build();
    // UnitTestHelper.verboseLogging();
    ComponentRunner runner = new ComponentRunner.Builder().withComponent("zk", zkServerComponent).withComponent("kafka", kafkaComponent).withComponent("config", configUploadComponent).withComponent("storm", fluxComponent).withMillisecondsBetweenAttempts(15000).withCustomShutdownOrder(new String[] { "storm", "config", "kafka", "zk" }).withNumRetries(10).build();
    try {
        runner.start();
        fluxComponent.submitTopology();
        kafkaComponent.writeMessages(Constants.ENRICHMENT_TOPIC, inputMessages);
        ProcessorResult<Map<String, List<Map<String, Object>>>> result = runner.process(getProcessor());
        Map<String, List<Map<String, Object>>> outputMessages = result.getResult();
        List<Map<String, Object>> docs = outputMessages.get(Constants.INDEXING_TOPIC);
        Assert.assertEquals(inputMessages.size(), docs.size());
        validateAll(docs);
        List<Map<String, Object>> errors = outputMessages.get(ERROR_TOPIC);
        Assert.assertEquals(inputMessages.size(), errors.size());
        validateErrors(errors);
    } finally {
        runner.stop();
    }
}
Also used : KafkaComponent(org.apache.metron.integration.components.KafkaComponent) HashMap(java.util.HashMap) ZKServerComponent(org.apache.metron.integration.components.ZKServerComponent) Properties(java.util.Properties) MockHTable(org.apache.metron.hbase.mock.MockHTable) FluxTopologyComponent(org.apache.metron.integration.components.FluxTopologyComponent) EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey) LookupKV(org.apache.metron.enrichment.lookup.LookupKV) ConfigUploadComponent(org.apache.metron.enrichment.integration.components.ConfigUploadComponent) ComponentRunner(org.apache.metron.integration.ComponentRunner) ArrayList(java.util.ArrayList) List(java.util.List) File(java.io.File) HashMap(java.util.HashMap) Map(java.util.Map) EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue) BaseIntegrationTest(org.apache.metron.integration.BaseIntegrationTest) Test(org.junit.Test)

Example 23 with LookupKV

use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.

the class SimpleHBaseEnrichmentFunctionsTest method setup.

@Before
public void setup() throws Exception {
    final MockHTable hbaseTable = (MockHTable) MockHBaseTableProvider.addToCache(hbaseTableName, cf);
    EnrichmentHelper.INSTANCE.load(hbaseTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {

        {
            for (int i = 0; i < 5; ++i) {
                add(new LookupKV<>(new EnrichmentKey(ENRICHMENT_TYPE, "indicator" + i), new EnrichmentValue(ImmutableMap.of("key" + i, "value" + i))));
            }
        }
    });
    context = new Context.Builder().with(Context.Capabilities.GLOBAL_CONFIG, () -> ImmutableMap.of(SimpleHBaseEnrichmentFunctions.TABLE_PROVIDER_TYPE_CONF, MockHBaseTableProvider.class.getName())).build();
}
Also used : Context(org.apache.metron.stellar.dsl.Context) LookupKV(org.apache.metron.enrichment.lookup.LookupKV) MockHTable(org.apache.metron.hbase.mock.MockHTable) EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey) EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue) Before(org.junit.Before)

Example 24 with LookupKV

use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.

the class CSVExtractor method extract.

@Override
public Iterable<LookupKV> extract(String line) throws IOException {
    if (ignore(line)) {
        return Collections.emptyList();
    }
    String[] tokens = parser.parseLine(line);
    LookupKey key = converter.toKey(getType(tokens), tokens[indicatorColumn]);
    Map<String, Object> values = new HashMap<>();
    for (Map.Entry<String, Integer> kv : columnMap.entrySet()) {
        values.put(kv.getKey(), tokens[kv.getValue()]);
    }
    return Arrays.asList(new LookupKV(key, converter.toValue(values)));
}
Also used : LookupKV(org.apache.metron.enrichment.lookup.LookupKV) LookupKey(org.apache.metron.enrichment.lookup.LookupKey)

Example 25 with LookupKV

use of org.apache.metron.enrichment.lookup.LookupKV in project metron by apache.

the class HostnameHandler method extract.

@Override
public Iterable<LookupKV> extract(final Hostname type, Map<String, Object> config) throws IOException {
    StringObjectPropertyType value = type.getHostnameValue();
    String typeStr = getType();
    if (config != null) {
        Object o = config.get(TYPE_CONFIG);
        if (o != null) {
            typeStr = o.toString();
        }
    }
    List<LookupKV> ret = new ArrayList<>();
    for (String token : StixExtractor.split(value)) {
        final String indicatorType = typeStr;
        LookupKV results = new LookupKV(new EnrichmentKey(indicatorType, token), new EnrichmentValue(new HashMap<String, Object>() {

            {
                put("source-type", "STIX");
                put("indicator-type", indicatorType);
                put("source", type.toXMLString());
            }
        }));
        ret.add(results);
    }
    return ret;
}
Also used : LookupKV(org.apache.metron.enrichment.lookup.LookupKV) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) StringObjectPropertyType(org.mitre.cybox.common_2.StringObjectPropertyType) EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey) EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)

Aggregations

LookupKV (org.apache.metron.enrichment.lookup.LookupKV)33 Test (org.junit.Test)19 EnrichmentKey (org.apache.metron.enrichment.converter.EnrichmentKey)16 EnrichmentValue (org.apache.metron.enrichment.converter.EnrichmentValue)14 ArrayList (java.util.ArrayList)12 EnrichmentConverter (org.apache.metron.enrichment.converter.EnrichmentConverter)10 Result (org.apache.hadoop.hbase.client.Result)9 Delete (org.apache.hadoop.hbase.client.Delete)7 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)7 MockHTable (org.apache.metron.hbase.mock.MockHTable)6 HashMap (java.util.HashMap)5 Put (org.apache.hadoop.hbase.client.Put)3 WriterConfiguration (org.apache.metron.common.configuration.writer.WriterConfiguration)3 SimpleHbaseEnrichmentWriter (org.apache.metron.enrichment.writer.SimpleHbaseEnrichmentWriter)3 JSONObject (org.json.simple.JSONObject)3 Before (org.junit.Before)3 File (java.io.File)2 ImmutableBytesWritable (org.apache.hadoop.hbase.io.ImmutableBytesWritable)2 ConfigUploadComponent (org.apache.metron.enrichment.integration.components.ConfigUploadComponent)2 EnrichmentLookup (org.apache.metron.enrichment.lookup.EnrichmentLookup)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial