Examples with METAALERT_TYPE org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE used on opensource projects

Search in sources :

Example 1 with METAALERT_TYPE

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE in project metron by apache.

the class MetaAlertIntegrationTest method shouldGetAllMetaAlertsForAlert.

@Test
public void shouldGetAllMetaAlertsForAlert() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(3);
    addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
    // Load metaAlerts
    List<Map<String, Object>> metaAlerts = buildMetaAlerts(12, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
    metaAlerts.add(buildMetaAlert("meta_active_12", MetaAlertStatus.ACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(2)))));
    metaAlerts.add(buildMetaAlert("meta_inactive", MetaAlertStatus.INACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(2)))));
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
    // Verify load was successful
    List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
    createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
    findCreatedDocs(createdDocs);
    {
        // Verify searches successfully return more than 10 results
        SearchResponse searchResponse0 = metaDao.getAllMetaAlertsForAlert("message_0");
        List<SearchResult> searchResults0 = searchResponse0.getResults();
        assertEquals(13, searchResults0.size());
        Set<Map<String, Object>> resultSet = new HashSet<>();
        Iterables.addAll(resultSet, Iterables.transform(searchResults0, r -> r.getSource()));
        StringBuffer reason = new StringBuffer("Unable to find " + metaAlerts.get(0) + "\n");
        reason.append(Joiner.on("\n").join(resultSet));
        assertTrue(resultSet.contains(metaAlerts.get(0)), reason.toString());
        // Verify no meta alerts are returned because message_1 was not added to any
        SearchResponse searchResponse1 = metaDao.getAllMetaAlertsForAlert("message_1");
        List<SearchResult> searchResults1 = searchResponse1.getResults();
        assertEquals(0, searchResults1.size());
        // Verify only the meta alert message_2 was added to is returned
        SearchResponse searchResponse2 = metaDao.getAllMetaAlertsForAlert("message_2");
        List<SearchResult> searchResults2 = searchResponse2.getResults();
        assertEquals(1, searchResults2.size());
        assertEquals(metaAlerts.get(12), searchResults2.get(0).getSource());
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Iterables(com.google.common.collect.Iterables) Arrays(java.util.Arrays) SortOrder(org.apache.metron.indexing.dao.search.SortOrder) STATUS_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.STATUS_FIELD) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) HashMap(java.util.HashMap) PatchRequest(org.apache.metron.indexing.dao.update.PatchRequest) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Group(org.apache.metron.indexing.dao.search.Group) ParseException(org.json.simple.parser.ParseException) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Map(java.util.Map) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) JSONUtils(org.apache.metron.common.utils.JSONUtils) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) METAALERT_TYPE(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE) THREAT_FIELD_DEFAULT(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.THREAT_FIELD_DEFAULT) Document(org.apache.metron.indexing.dao.update.Document) GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest) Set(java.util.Set) IOException(java.io.IOException) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) Constants(org.apache.metron.common.Constants) SortField(org.apache.metron.indexing.dao.search.SortField) Collectors(java.util.stream.Collectors) OriginalNotFoundException(org.apache.metron.indexing.dao.update.OriginalNotFoundException) Test(org.junit.jupiter.api.Test) List(java.util.List) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Multiline(org.adrianwalker.multilinestring.Multiline) ALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD) Optional(java.util.Optional) METAALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD) TestUtils.assertEventually(org.apache.metron.integration.utils.TestUtils.assertEventually) Comparator(java.util.Comparator) Collections(java.util.Collections) Joiner(com.google.common.base.Joiner) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) HashSet(java.util.HashSet) Set(java.util.Set) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.jupiter.api.Test)

Example 2 with METAALERT_TYPE

use of org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE in project metron by apache.

the class MetaAlertIntegrationTest method shouldSortByThreatTriageScore.

@Test
public void shouldSortByThreatTriageScore() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(2);
    alerts.get(0).put(METAALERT_FIELD, "meta_active_0");
    addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
    // Load metaAlerts
    List<Map<String, Object>> metaAlerts = buildMetaAlerts(1, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
    // Verify load was successful
    List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
    createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
    findCreatedDocs(createdDocs);
    // Test descending
    SortField sf = new SortField();
    sf.setField(getThreatTriageField());
    sf.setSortOrder(SortOrder.DESC.getSortOrder());
    SearchRequest sr = new SearchRequest();
    sr.setQuery("*:*");
    sr.setSize(5);
    sr.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
    sr.setSort(Collections.singletonList(sf));
    SearchResponse result = metaDao.search(sr);
    List<SearchResult> results = result.getResults();
    assertEquals(2, results.size());
    assertEquals("meta_active_0", results.get((0)).getSource().get(Constants.GUID));
    assertEquals("message_1", results.get((1)).getSource().get(Constants.GUID));
    // Test ascending
    SortField sfAsc = new SortField();
    sfAsc.setField(getThreatTriageField());
    sfAsc.setSortOrder(SortOrder.ASC.getSortOrder());
    SearchRequest srAsc = new SearchRequest();
    srAsc.setQuery("*:*");
    srAsc.setSize(2);
    srAsc.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
    srAsc.setSort(Collections.singletonList(sfAsc));
    result = metaDao.search(srAsc);
    results = result.getResults();
    assertEquals("message_1", results.get((0)).getSource().get(Constants.GUID));
    assertEquals("meta_active_0", results.get((1)).getSource().get(Constants.GUID));
    assertEquals(2, results.size());
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Iterables(com.google.common.collect.Iterables) Arrays(java.util.Arrays) SortOrder(org.apache.metron.indexing.dao.search.SortOrder) STATUS_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.STATUS_FIELD) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) HashMap(java.util.HashMap) PatchRequest(org.apache.metron.indexing.dao.update.PatchRequest) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Group(org.apache.metron.indexing.dao.search.Group) ParseException(org.json.simple.parser.ParseException) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Map(java.util.Map) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) JSONUtils(org.apache.metron.common.utils.JSONUtils) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) METAALERT_TYPE(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE) THREAT_FIELD_DEFAULT(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.THREAT_FIELD_DEFAULT) Document(org.apache.metron.indexing.dao.update.Document) GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest) Set(java.util.Set) IOException(java.io.IOException) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) Constants(org.apache.metron.common.Constants) SortField(org.apache.metron.indexing.dao.search.SortField) Collectors(java.util.stream.Collectors) OriginalNotFoundException(org.apache.metron.indexing.dao.update.OriginalNotFoundException) Test(org.junit.jupiter.api.Test) List(java.util.List) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Multiline(org.adrianwalker.multilinestring.Multiline) ALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD) Optional(java.util.Optional) METAALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD) TestUtils.assertEventually(org.apache.metron.integration.utils.TestUtils.assertEventually) Comparator(java.util.Comparator) Collections(java.util.Collections) Joiner(com.google.common.base.Joiner) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) SortField(org.apache.metron.indexing.dao.search.SortField) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) HashMap(java.util.HashMap) Map(java.util.Map) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.jupiter.api.Test)

Aggregations

Joiner (com.google.common.base.Joiner)2 Iterables (com.google.common.collect.Iterables)2 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 Arrays (java.util.Arrays)2 Collections (java.util.Collections)2 Comparator (java.util.Comparator)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 List (java.util.List)2 Map (java.util.Map)2 Optional (java.util.Optional)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 Multiline (org.adrianwalker.multilinestring.Multiline)2 Constants (org.apache.metron.common.Constants)2 JSONUtils (org.apache.metron.common.utils.JSONUtils)2 ALERT_FIELD (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD)2 METAALERT_FIELD (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD)2 METAALERT_TYPE (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial