Examples with MetaAlertConfig org.apache.metron.indexing.dao.metaalert.MetaAlertConfig used on opensource projects

Example 1 with MetaAlertConfig

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConfig in project metron by apache.

the class ElasticsearchMetaAlertDaoTest method testUpdateShouldUpdateOnMissingMetaAlertIndex.

@Test
public void testUpdateShouldUpdateOnMissingMetaAlertIndex() throws Exception {
    ElasticsearchDao elasticsearchDao = mock(ElasticsearchDao.class);
    ElasticsearchMetaAlertRetrieveLatestDao elasticsearchMetaAlertRetrieveLatestDao = mock(ElasticsearchMetaAlertRetrieveLatestDao.class);
    MetaAlertConfig metaAlertConfig = mock(MetaAlertConfig.class);
    ElasticsearchMetaAlertUpdateDao emauDao = spy(new ElasticsearchMetaAlertUpdateDao(elasticsearchDao, elasticsearchMetaAlertRetrieveLatestDao, metaAlertConfig, 1));
    doThrow(new IndexNotFoundException(ElasticsearchMetaAlertDao.METAALERTS_INDEX)).when(emauDao).getMetaAlertsForAlert("alert_one");
    Document update = new Document(new HashMap<>(), "alert_one", "", 0L);
    emauDao.update(update, Optional.empty());
    Map<Document, Optional<String>> expectedUpdate = new HashMap<Document, Optional<String>>() {

        {
            put(update, Optional.empty());
        }
    };
    verify(elasticsearchDao).batchUpdate(expectedUpdate);
}

Example 2 with MetaAlertConfig

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConfig in project metron by apache.

the class SolrMetaAlertIntegrationTest method setupBefore.

@BeforeAll
public static void setupBefore() throws Exception {
    // Solr doesn't need retries, it'll show up after a commit.
    MAX_RETRIES = 1;
    // setup the client
    solr = new SolrComponent.Builder().build();
    solr.start();
    AccessConfig accessConfig = new AccessConfig();
    Map<String, Object> globalConfig = new HashMap<String, Object>() {

        {
            put("solr.clustername", "metron");
            put("solr.port", "9300");
            put("solr.ip", "localhost");
            put("solr.date.format", DATE_FORMAT);
            put(SOLR_ZOOKEEPER, solr.getZookeeperUrl());
        }
    };
    accessConfig.setMaxSearchResults(1000);
    accessConfig.setGlobalConfigSupplier(() -> globalConfig);
    accessConfig.setMaxSearchGroups(100);
    // Just use sensorType directly as the collection name.
    accessConfig.setIndexSupplier(s -> s);
    solrDao = new SolrDao();
    solrDao.init(accessConfig);
    MetaAlertConfig config = new MetaAlertConfig(METAALERTS_COLLECTION, THREAT_SORT_DEFAULT, () -> ImmutableMap.of(Constants.SENSOR_TYPE_FIELD_PROPERTY, Constants.SENSOR_TYPE, Constants.THREAT_SCORE_FIELD_PROPERTY, THREAT_FIELD_DEFAULT)) {

        @Override
        protected String getDefaultThreatTriageField() {
            return THREAT_FIELD_DEFAULT.replace(':', '.');
        }

        @Override
        protected String getDefaultSourceTypeField() {
            return Constants.SENSOR_TYPE;
        }
    };
    SolrClient solrClient = SolrClientFactory.create(globalConfig);
    SolrMetaAlertSearchDao searchDao = new SolrMetaAlertSearchDao(solrClient, solrDao.getSolrSearchDao(), config);
    SolrMetaAlertRetrieveLatestDao retrieveLatestDao = new SolrMetaAlertRetrieveLatestDao(solrClient, solrDao);
    SolrMetaAlertUpdateDao updateDao = new SolrMetaAlertUpdateDao(solrClient, solrDao, searchDao, retrieveLatestDao, config);
    metaDao = new SolrMetaAlertDao(solrDao, searchDao, updateDao, retrieveLatestDao);
}

Example 3 with MetaAlertConfig

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConfig in project metron by apache.

the class ElasticsearchMetaAlertDao method init.

/**
 * Initializes this implementation by setting the supplied IndexDao and also setting a separate
 *     ElasticsearchDao.
 * This is needed for some specific Elasticsearch functions (looking up an index from a GUID for
 *     example).
 * @param indexDao The DAO to wrap for our queries
 * @param threatSort The summary aggregation of the child threat triage scores used
 *                   as the overall threat triage score for the metaalert. This
 *                   can be either max, min, average, count, median, or sum.
 */
@Override
public void init(IndexDao indexDao, Optional<String> threatSort) {
    if (indexDao instanceof MultiIndexDao) {
        this.indexDao = indexDao;
        MultiIndexDao multiIndexDao = (MultiIndexDao) indexDao;
        for (IndexDao childDao : multiIndexDao.getIndices()) {
            if (childDao instanceof ElasticsearchDao) {
                this.elasticsearchDao = (ElasticsearchDao) childDao;
            }
        }
    } else if (indexDao instanceof ElasticsearchDao) {
        this.indexDao = indexDao;
        this.elasticsearchDao = (ElasticsearchDao) indexDao;
    } else {
        throw new IllegalArgumentException("Need an ElasticsearchDao when using ElasticsearchMetaAlertDao");
    }
    if (threatSort.isPresent()) {
        this.threatSort = threatSort.get();
    }
    Supplier<Map<String, Object>> globalConfigSupplier = () -> new HashMap<>();
    if (elasticsearchDao != null && elasticsearchDao.getAccessConfig() != null) {
        globalConfigSupplier = elasticsearchDao.getAccessConfig().getGlobalConfigSupplier();
    }
    MetaAlertConfig config = new MetaAlertConfig(metaAlertsIndex, this.threatSort, globalConfigSupplier) {

        @Override
        protected String getDefaultThreatTriageField() {
            return THREAT_TRIAGE_FIELD;
        }

        @Override
        protected String getDefaultSourceTypeField() {
            return SOURCE_TYPE_FIELD;
        }
    };
    this.metaAlertSearchDao = new ElasticsearchMetaAlertSearchDao(elasticsearchDao, config, pageSize);
    this.metaAlertRetrieveLatestDao = new ElasticsearchMetaAlertRetrieveLatestDao(indexDao);
    this.metaAlertUpdateDao = new ElasticsearchMetaAlertUpdateDao(elasticsearchDao, metaAlertRetrieveLatestDao, config, pageSize);
}

Example 4 with MetaAlertConfig

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConfig in project metron by apache.

the class ElasticsearchMetaAlertDaoTest method testUpdateShouldThrowExceptionOnMissingSensorIndex.

@Test
public void testUpdateShouldThrowExceptionOnMissingSensorIndex() throws Exception {
    ElasticsearchDao elasticsearchDao = mock(ElasticsearchDao.class);
    ElasticsearchMetaAlertRetrieveLatestDao elasticsearchMetaAlertRetrieveLatestDao = mock(ElasticsearchMetaAlertRetrieveLatestDao.class);
    MetaAlertConfig metaAlertConfig = mock(MetaAlertConfig.class);
    ElasticsearchMetaAlertUpdateDao emauDao = spy(new ElasticsearchMetaAlertUpdateDao(elasticsearchDao, elasticsearchMetaAlertRetrieveLatestDao, metaAlertConfig, 1));
    doThrow(new IndexNotFoundException("bro")).when(emauDao).getMetaAlertsForAlert("alert_one");
    Document update = new Document(new HashMap<>(), "alert_one", "", 0L);
    assertThrows(IndexNotFoundException.class, () -> emauDao.update(update, Optional.empty()));
}

Example 5 with MetaAlertConfig

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConfig in project metron by apache.

the class InMemoryMetaAlertDao method init.

@Override
public void init(IndexDao indexDao, Optional<String> threatSort) {
    this.indexDao = indexDao;
    this.metaAlertRetrieveLatestDao = new InMemoryMetaAlertRetrieveLatestDao(indexDao);
    Supplier<Map<String, Object>> globalConfigSupplier = () -> new HashMap<>();
    MetaAlertConfig config = new MetaAlertConfig(METAALERT_INDEX, null, globalConfigSupplier) {

        @Override
        protected String getDefaultThreatTriageField() {
            return MetaAlertConstants.THREAT_FIELD_DEFAULT;
        }

        @Override
        protected String getDefaultSourceTypeField() {
            return SENSOR_TYPE;
        }
    };
    this.metaAlertUpdateDao = new InMemoryMetaAlertUpdateDao(indexDao, metaAlertRetrieveLatestDao, config, -1);
// Ignore threatSort for test.
}