Example 16 with Context
use of org.apache.metron.stellar.dsl.Context in project metron by apache.
the class GetProfileTest method testMissingContext.
/**
* Initialization should fail if the required context values are missing.
*/
@Test(expected = IllegalStateException.class)
public void testMissingContext() {
Context empty = Context.EMPTY_CONTEXT();
// 'unset' the context that was created during setup()
executor.setContext(empty);
// force re-initialization with no context
SingletonFunctionResolver.getInstance().initialize(empty);
// validate - function should be unable to initialize
String expr = "PROFILE_GET('profile1', 'entity1', PROFILE_FIXED(1000, 'SECONDS'), groups)";
run(expr, List.class);
}Example 17 with Context
use of org.apache.metron.stellar.dsl.Context in project metron by apache.
the class StellarMaaSIntegrationTest method setup.
@BeforeClass
public static void setup() throws Exception {
UnitTestHelper.setJavaLoggingLevel(WebApplicationImpl.class, Level.WARNING);
MockDGAModel.start(8282);
testZkServer = new TestingServer(true);
zookeeperUrl = testZkServer.getConnectString();
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
client = CuratorFrameworkFactory.newClient(zookeeperUrl, retryPolicy);
client.start();
context = new Context.Builder().with(Context.Capabilities.ZOOKEEPER_CLIENT, () -> client).build();
MaaSConfig config = ConfigUtil.INSTANCE.read(client, "/metron/maas/config", new MaaSConfig(), MaaSConfig.class);
discoverer = new ServiceDiscoverer(client, config.getServiceRoot());
discoverer.start();
endpointUrl = new URL("http://localhost:8282");
ModelEndpoint endpoint = new ModelEndpoint();
{
endpoint.setName("dga");
endpoint.setContainerId("0");
Endpoint ep = new Endpoint();
ep.setUrl(endpointUrl.toString());
endpoint.setEndpoint(ep);
endpoint.setVersion("1.0");
}
;
ServiceInstanceBuilder<ModelEndpoint> builder = ServiceInstance.<ModelEndpoint>builder().address(endpointUrl.getHost()).id("0").name("dga").port(endpointUrl.getPort()).registrationTimeUTC(System.currentTimeMillis()).serviceType(ServiceType.STATIC).payload(endpoint);
final ServiceInstance<ModelEndpoint> instance = builder.build();
discoverer.getServiceDiscovery().registerService(instance);
// wait til the endpoint is installed...
for (int i = 0; i < 10; ++i) {
try {
Object o = discoverer.getEndpoint("dga");
if (o != null) {
break;
}
} catch (Exception e) {
}
Thread.sleep(1000);
}
}
Also used :
TestingServer(org.apache.curator.test.TestingServer)
Context(org.apache.metron.stellar.dsl.Context)
ModelEndpoint(org.apache.metron.maas.config.ModelEndpoint)
ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry)
MaaSConfig(org.apache.metron.maas.config.MaaSConfig)
URL(java.net.URL)
Endpoint(org.apache.metron.maas.config.Endpoint)
ModelEndpoint(org.apache.metron.maas.config.ModelEndpoint)
Endpoint(org.apache.metron.maas.config.Endpoint)
ModelEndpoint(org.apache.metron.maas.config.ModelEndpoint)
RetryPolicy(org.apache.curator.RetryPolicy)
ServiceDiscoverer(org.apache.metron.maas.discovery.ServiceDiscoverer)
Example 18 with Context
use of org.apache.metron.stellar.dsl.Context in project metron by apache.
the class ThreatTriageProcessor method apply.
@Nullable
@Override
public ThreatScore apply(@Nullable Map input) {
ThreatScore threatScore = new ThreatScore();
StellarPredicateProcessor predicateProcessor = new StellarPredicateProcessor();
StellarProcessor processor = new StellarProcessor();
VariableResolver resolver = new MapVariableResolver(input, sensorConfig.getConfiguration(), threatIntelConfig.getConfig());
// attempt to apply each rule to the threat
for (RiskLevelRule rule : threatTriageConfig.getRiskLevelRules()) {
if (predicateProcessor.parse(rule.getRule(), resolver, functionResolver, context)) {
// add the rule's score to the overall threat score
String reason = execute(rule.getReason(), processor, resolver, String.class);
RuleScore score = new RuleScore(rule, reason);
threatScore.addRuleScore(score);
}
}
// calculate the aggregate threat score
Aggregators aggregators = threatTriageConfig.getAggregator();
List<Number> allScores = threatScore.getRuleScores().stream().map(score -> score.getRule().getScore()).collect(Collectors.toList());
Double aggregateScore = aggregators.aggregate(allScores, threatTriageConfig.getAggregationConfig());
threatScore.setScore(aggregateScore);
return threatScore;
}
Also used :
StellarProcessor(org.apache.metron.stellar.common.StellarProcessor)
ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore)
FunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver)
VariableResolver(org.apache.metron.stellar.dsl.VariableResolver)
Function(com.google.common.base.Function)
RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule)
StellarProcessor(org.apache.metron.stellar.common.StellarProcessor)
Collectors(java.util.stream.Collectors)
SensorEnrichmentConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)
List(java.util.List)
ThreatIntelConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)
RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore)
Map(java.util.Map)
Aggregators(org.apache.metron.common.aggregator.Aggregators)
ThreatTriageConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig)
ConversionUtils(org.apache.metron.stellar.common.utils.ConversionUtils)
MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)
StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor)
Nullable(javax.annotation.Nullable)
Context(org.apache.metron.stellar.dsl.Context)
ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore)
MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)
RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule)
Aggregators(org.apache.metron.common.aggregator.Aggregators)
RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore)
VariableResolver(org.apache.metron.stellar.dsl.VariableResolver)
MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)
StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor)
Nullable(javax.annotation.Nullable)
Example 19 with Context
use of org.apache.metron.stellar.dsl.Context in project metron by apache.
the class SimpleHBaseEnrichmentFunctionsTest method setup.
@Before
public void setup() throws Exception {
final MockHTable hbaseTable = (MockHTable) MockHBaseTableProvider.addToCache(hbaseTableName, cf);
EnrichmentHelper.INSTANCE.load(hbaseTable, cf, new ArrayList<LookupKV<EnrichmentKey, EnrichmentValue>>() {
{
for (int i = 0; i < 5; ++i) {
add(new LookupKV<>(new EnrichmentKey(ENRICHMENT_TYPE, "indicator" + i), new EnrichmentValue(ImmutableMap.of("key" + i, "value" + i))));
}
}
});
context = new Context.Builder().with(Context.Capabilities.GLOBAL_CONFIG, () -> ImmutableMap.of(SimpleHBaseEnrichmentFunctions.TABLE_PROVIDER_TYPE_CONF, MockHBaseTableProvider.class.getName())).build();
}
Also used :
Context(org.apache.metron.stellar.dsl.Context)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
MockHTable(org.apache.metron.hbase.mock.MockHTable)
EnrichmentKey(org.apache.metron.enrichment.converter.EnrichmentKey)
EnrichmentValue(org.apache.metron.enrichment.converter.EnrichmentValue)
Before(org.junit.Before)
Example 20 with Context
use of org.apache.metron.stellar.dsl.Context in project metron by apache.
the class StellarCompiler method exitVariable.
@Override
public void exitVariable(StellarParser.VariableContext ctx) {
final FrameContext.Context context = getArgContext();
expression.tokenDeque.push(new Token<>((tokenDeque, state) -> {
String varName = ctx.getText();
if (state.context.getActivityType().equals(ActivityType.PARSE_ACTIVITY) && !state.variableResolver.exists(varName)) {
// when parsing, missing variables are an error!
throw new ParseException(String.format("variable: %s is not defined", varName));
}
tokenDeque.push(new Token<>(state.variableResolver.resolve(varName), Object.class, context));
}, DeferredFunction.class, context));
expression.variablesUsed.add(ctx.getText());
}
Also used :
ArithmeticEvaluator(org.apache.metron.stellar.common.evaluators.ArithmeticEvaluator)
HashMap(java.util.HashMap)
FunctionMarker(org.apache.metron.stellar.dsl.FunctionMarker)
Deque(java.util.Deque)
StellarParser(org.apache.metron.stellar.common.generated.StellarParser)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Pair(org.apache.commons.lang3.tuple.Pair)
Map(java.util.Map)
StringEscapeUtils(org.apache.commons.lang3.StringEscapeUtils)
LinkedList(java.util.LinkedList)
Context(org.apache.metron.stellar.dsl.Context)
FunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver)
VariableResolver(org.apache.metron.stellar.dsl.VariableResolver)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
ActivityType(org.apache.metron.stellar.dsl.Context.ActivityType)
Set(java.util.Set)
StellarFunction(org.apache.metron.stellar.dsl.StellarFunction)
ComparisonExpressionWithOperatorEvaluator(org.apache.metron.stellar.common.evaluators.ComparisonExpressionWithOperatorEvaluator)
StellarBaseListener(org.apache.metron.stellar.common.generated.StellarBaseListener)
String.format(java.lang.String.format)
Serializable(java.io.Serializable)
List(java.util.List)
NumberLiteralEvaluator(org.apache.metron.stellar.common.evaluators.NumberLiteralEvaluator)
ConversionUtils(org.apache.metron.stellar.common.utils.ConversionUtils)
Token(org.apache.metron.stellar.dsl.Token)
ArrayDeque(java.util.ArrayDeque)
ParseException(org.apache.metron.stellar.dsl.ParseException)
Joiner(com.google.common.base.Joiner)
Token(org.apache.metron.stellar.dsl.Token)
ParseException(org.apache.metron.stellar.dsl.ParseException)
Aggregations
Context (org.apache.metron.stellar.dsl.Context)27
Test (org.junit.Test)15
HashMap (java.util.HashMap)14
Map (java.util.Map)12
StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)9
List (java.util.List)8
ArrayList (java.util.ArrayList)6
DefaultVariableResolver (org.apache.metron.stellar.dsl.DefaultVariableResolver)6
ImmutableMap (com.google.common.collect.ImmutableMap)5
StellarFunctions (org.apache.metron.stellar.dsl.StellarFunctions)5
Assert (org.junit.Assert)5
ImmutableList (com.google.common.collect.ImmutableList)3
MapVariableResolver (org.apache.metron.stellar.dsl.MapVariableResolver)3
VariableResolver (org.apache.metron.stellar.dsl.VariableResolver)3
Before (org.junit.Before)3
Collectors (java.util.stream.Collectors)2
StellarPredicateProcessor (org.apache.metron.stellar.common.StellarPredicateProcessor)2
ConversionUtils (org.apache.metron.stellar.common.utils.ConversionUtils)2
ParseException (org.apache.metron.stellar.dsl.ParseException)2
FunctionResolver (org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver)2
