Example 1 with BloomAccessTracker
use of org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker in project metron by apache.
the class ThreatIntelAdapter method initializeAdapter.
@Override
public boolean initializeAdapter(Map<String, Object> configuration) {
PersistentAccessTracker accessTracker;
String hbaseTable = config.getHBaseTable();
int expectedInsertions = config.getExpectedInsertions();
double falsePositives = config.getFalsePositiveRate();
String trackerHBaseTable = config.getTrackerHBaseTable();
String trackerHBaseCF = config.getTrackerHBaseCF();
long millisecondsBetweenPersist = config.getMillisecondsBetweenPersists();
BloomAccessTracker bat = new BloomAccessTracker(hbaseTable, expectedInsertions, falsePositives);
Configuration hbaseConfig = HBaseConfiguration.create();
try {
accessTracker = new PersistentAccessTracker(hbaseTable, UUID.randomUUID().toString(), config.getProvider().getTable(hbaseConfig, trackerHBaseTable), trackerHBaseCF, bat, millisecondsBetweenPersist);
lookup = new EnrichmentLookup(config.getProvider().getTable(hbaseConfig, hbaseTable), config.getHBaseCF(), accessTracker);
} catch (IOException e) {
LOG.error("Unable to initialize ThreatIntelAdapter", e);
return false;
}
return true;
}
Also used :
EnrichmentLookup(org.apache.metron.enrichment.lookup.EnrichmentLookup)
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
BloomAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker)
PersistentAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker)
IOException(java.io.IOException)
Example 2 with BloomAccessTracker
use of org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker in project metron by apache.
the class ThreatIntelAdapterTest method setup.
@Before
public void setup() throws Exception {
final MockHTable trackerTable = (MockHTable) MockHBaseTableProvider.addToCache(atTableName, cf);
final MockHTable threatIntelTable = (MockHTable) MockHBaseTableProvider.addToCache(threatIntelTableName, cf);
EnrichmentHelper.INSTANCE.load(threatIntelTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {
{
add(new LookupKV<>(new EnrichmentKey("10.0.2.3", "10.0.2.3"), new EnrichmentValue(new HashMap<>())));
}
});
BloomAccessTracker bat = new BloomAccessTracker(threatIntelTableName, 100, 0.03);
PersistentAccessTracker pat = new PersistentAccessTracker(threatIntelTableName, "0", trackerTable, cf, bat, 0L);
lookup = new EnrichmentLookup(threatIntelTable, cf, pat);
JSONParser jsonParser = new JSONParser();
expectedMessage = (JSONObject) jsonParser.parse(expectedMessageString);
}
Also used :
EnrichmentLookup(org.apache.metron.enrichment.lookup.EnrichmentLookup)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
HashMap(java.util.HashMap)
BloomAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker)
PersistentAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker)
JSONParser(org.json.simple.parser.JSONParser)
MockHTable(org.apache.metron.hbase.mock.MockHTable)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Before(org.junit.Before)
Example 3 with BloomAccessTracker
use of org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker in project metron by apache.
the class SimpleHBaseAdapterTest method setup.
@Before
public void setup() throws Exception {
final MockHTable trackerTable = (MockHTable) MockHBaseTableProvider.addToCache(atTableName, cf);
final MockHTable hbaseTable = (MockHTable) MockHBaseTableProvider.addToCache(hbaseTableName, cf);
EnrichmentHelper.INSTANCE.load(hbaseTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {
{
add(new LookupKV<>(new EnrichmentKey(PLAYFUL_CLASSIFICATION_TYPE, "10.0.2.3"), new EnrichmentValue(PLAYFUL_ENRICHMENT)));
}
});
EnrichmentHelper.INSTANCE.load(hbaseTable, cf1, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {
{
add(new LookupKV<>(new EnrichmentKey(CF1_CLASSIFICATION_TYPE, "10.0.2.4"), new EnrichmentValue(CF1_ENRICHMENT)));
}
});
BloomAccessTracker bat = new BloomAccessTracker(hbaseTableName, 100, 0.03);
PersistentAccessTracker pat = new PersistentAccessTracker(hbaseTableName, "0", trackerTable, cf, bat, 0L);
lookup = new EnrichmentLookup(hbaseTable, cf, pat);
JSONParser jsonParser = new JSONParser();
expectedMessage = (JSONObject) jsonParser.parse(expectedMessageString);
}
Also used :
EnrichmentLookup(org.apache.metron.enrichment.lookup.EnrichmentLookup)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
BloomAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker)
PersistentAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker)
JSONParser(org.json.simple.parser.JSONParser)
MockHTable(org.apache.metron.hbase.mock.MockHTable)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Before(org.junit.Before)
Example 4 with BloomAccessTracker
use of org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker in project metron by apache.
the class LeastRecentlyUsedPrunerIntegrationTest method test.
@Test
public void test() throws Exception {
long ts = System.currentTimeMillis();
BloomAccessTracker bat = new BloomAccessTracker("tracker1", 100, 0.03);
PersistentAccessTracker pat = new PersistentAccessTracker(tableName, "0", atTable, atCF, bat, 0L);
EnrichmentLookup lookup = new EnrichmentLookup(testTable, cf, pat);
List<LookupKey> goodKeysHalf = getKeys(0, 5);
List<LookupKey> goodKeysOtherHalf = getKeys(5, 10);
Iterable<LookupKey> goodKeys = Iterables.concat(goodKeysHalf, goodKeysOtherHalf);
List<LookupKey> badKey = getKeys(10, 11);
EnrichmentConverter converter = new EnrichmentConverter();
for (LookupKey k : goodKeysHalf) {
testTable.put(converter.toPut(cf, (EnrichmentKey) k, new EnrichmentValue(new HashMap<String, Object>() {
{
put("k", "dummy");
}
})));
Assert.assertTrue(lookup.exists((EnrichmentKey) k, new EnrichmentLookup.HBaseContext(testTable, cf), true));
}
pat.persist(true);
for (LookupKey k : goodKeysOtherHalf) {
testTable.put(converter.toPut(cf, (EnrichmentKey) k, new EnrichmentValue(new HashMap<String, Object>() {
{
put("k", "dummy");
}
})));
Assert.assertTrue(lookup.exists((EnrichmentKey) k, new EnrichmentLookup.HBaseContext(testTable, cf), true));
}
testUtil.flush();
Assert.assertFalse(lookup.getAccessTracker().hasSeen(goodKeysHalf.get(0)));
for (LookupKey k : goodKeysOtherHalf) {
Assert.assertTrue(lookup.getAccessTracker().hasSeen(k));
}
pat.persist(true);
{
testTable.put(converter.toPut(cf, (EnrichmentKey) badKey.get(0), new EnrichmentValue(new HashMap<String, Object>() {
{
put("k", "dummy");
}
})));
}
testUtil.flush();
Assert.assertFalse(lookup.getAccessTracker().hasSeen(badKey.get(0)));
Job job = LeastRecentlyUsedPruner.createJob(config, tableName, cf, atTableName, atCF, ts);
Assert.assertTrue(job.waitForCompletion(true));
for (LookupKey k : goodKeys) {
Assert.assertTrue(lookup.exists((EnrichmentKey) k, new EnrichmentLookup.HBaseContext(testTable, cf), true));
}
for (LookupKey k : badKey) {
Assert.assertFalse(lookup.exists((EnrichmentKey) k, new EnrichmentLookup.HBaseContext(testTable, cf), true));
}
}
Also used :
HashMap(java.util.HashMap)
BloomAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker)
LookupKey(org.apache.metron.enrichment.lookup.LookupKey)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentLookup(org.apache.metron.enrichment.lookup.EnrichmentLookup)
EnrichmentConverter(org.apache.metron.enrichment.converter.EnrichmentConverter)
PersistentAccessTracker(org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker)
Job(org.apache.hadoop.mapreduce.Job)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Aggregations
EnrichmentLookup (org.apache.metron.enrichment.lookup.EnrichmentLookup)4
BloomAccessTracker (org.apache.metron.enrichment.lookup.accesstracker.BloomAccessTracker)4
PersistentAccessTracker (org.apache.metron.enrichment.lookup.accesstracker.PersistentAccessTracker)4
EnrichmentKey (org.apache.metron.enrichment.converter.EnrichmentKey)3
EnrichmentValue (org.apache.metron.enrichment.converter.EnrichmentValue)3
HashMap (java.util.HashMap)2
LookupKV (org.apache.metron.enrichment.lookup.LookupKV)2
MockHTable (org.apache.metron.hbase.mock.MockHTable)2
JSONParser (org.json.simple.parser.JSONParser)2
Before (org.junit.Before)2
IOException (java.io.IOException)1
Configuration (org.apache.hadoop.conf.Configuration)1
HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)1
Job (org.apache.hadoop.mapreduce.Job)1
EnrichmentConverter (org.apache.metron.enrichment.converter.EnrichmentConverter)1
LookupKey (org.apache.metron.enrichment.lookup.LookupKey)1
