Examples with VariableResolver org.apache.metron.stellar.dsl.VariableResolver used on opensource projects

Search in sources :

Example 1 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class StellarAdapter method enrich.

@Override
public JSONObject enrich(CacheKey value) {
    Context stellarContext = (Context) value.getConfig().getConfiguration().get(STELLAR_CONTEXT_CONF);
    ConfigHandler handler = getHandler.apply(value.getConfig());
    Map<String, Object> globalConfig = value.getConfig().getConfiguration();
    Map<String, Object> sensorConfig = value.getConfig().getEnrichment().getConfig();
    if (handler == null) {
        _LOG.trace("Stellar ConfigHandler is null.");
        return new JSONObject();
    }
    Long slowLogThreshold = null;
    if (_PERF_LOG.isDebugEnabled()) {
        slowLogThreshold = ConversionUtils.convert(globalConfig.getOrDefault(STELLAR_SLOW_LOG, STELLAR_SLOW_LOG_DEFAULT), Long.class);
    }
    // Ensure that you clone the message, because process will modify the message.  If the message object is modified
    // then cache misses will happen because the cache will be modified.
    Map<String, Object> message = new HashMap<>(value.getValue(Map.class));
    VariableResolver resolver = new MapVariableResolver(message, sensorConfig, globalConfig);
    StellarProcessor processor = new StellarProcessor();
    JSONObject enriched = process(message, handler, value.getField(), slowLogThreshold, processor, resolver, stellarContext);
    _LOG.trace("Stellar Enrichment Success: {}", enriched);
    return enriched;
}
Also used : Context(org.apache.metron.stellar.dsl.Context) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) JSONObject(org.json.simple.JSONObject) HashMap(java.util.HashMap) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) JSONObject(org.json.simple.JSONObject) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) HashMap(java.util.HashMap) Map(java.util.Map) ConfigHandler(org.apache.metron.common.configuration.enrichment.handler.ConfigHandler)

Example 2 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class HdfsWriter method getHdfsPathExtension.

public String getHdfsPathExtension(String sourceType, String stellarFunction, JSONObject message) {
    // If no function is provided, just use the sourceType directly
    if (stellarFunction == null || stellarFunction.trim().isEmpty()) {
        return sourceType;
    }
    // processor is a StellarProcessor();
    VariableResolver resolver = new MapVariableResolver(message);
    Object objResult = stellarProcessor.parse(stellarFunction, resolver, StellarFunctions.FUNCTION_RESOLVER(), Context.EMPTY_CONTEXT());
    if (objResult != null && !(objResult instanceof String)) {
        throw new IllegalArgumentException("Stellar Function <" + stellarFunction + "> did not return a String value. Returned: " + objResult);
    }
    return objResult == null ? "" : (String) objResult;
}
Also used : MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) JSONObject(org.json.simple.JSONObject) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)

Example 3 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class DefaultStellarStatefulExecutor method execute.

/**
 * Execute a Stellar expression.
 *
 * @param expression     The expression to execute.
 * @param transientState Additional state available to the expression.  This most often represents
 *                       the values available to the expression from an individual message. The state
 *                       maps a variable name to a variable's value.
 */
private Object execute(String expression, Map<String, Object> transientState) {
    VariableResolver variableResolver = new MapVariableResolver(state, transientState);
    StellarProcessor processor = new StellarProcessor();
    return processor.parse(expression, variableResolver, functionResolver, context);
}
Also used : MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)

Example 4 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class LambdaExpression method apply.

public Object apply(List<Object> variableArgs) {
    Map<String, Object> lambdaVariables = new HashMap<>();
    int i = 0;
    for (; i < Math.min(variables.size(), variableArgs.size()); ++i) {
        lambdaVariables.put(variables.get(i), variableArgs.get(i));
    }
    for (; i < variables.size(); ++i) {
        lambdaVariables.put(variables.get(i), null);
    }
    VariableResolver variableResolver = new DefaultVariableResolver(variable -> lambdaVariables.getOrDefault(variable, state.variableResolver.resolve(variable)), variable -> true);
    StellarCompiler.ExpressionState localState = new StellarCompiler.ExpressionState(state.context, state.functionResolver, variableResolver);
    return apply(localState);
}
Also used : HashMap(java.util.HashMap) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) DefaultVariableResolver(org.apache.metron.stellar.dsl.DefaultVariableResolver)

Example 5 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class FixedPcapFilter method test.

@Override
public boolean test(PacketInfo pi) {
    Map<String, Object> fields = packetToFields(pi);
    VariableResolver resolver = new MapVariableResolver(fields);
    String srcAddrIn = (String) resolver.resolve(Constants.Fields.SRC_ADDR.getName());
    Integer srcPortIn = (Integer) resolver.resolve(Constants.Fields.SRC_PORT.getName());
    String dstAddrIn = (String) resolver.resolve(Constants.Fields.DST_ADDR.getName());
    Integer dstPortIn = (Integer) resolver.resolve(Constants.Fields.DST_PORT.getName());
    String protocolIn = "" + resolver.resolve(Constants.Fields.PROTOCOL.getName());
    if (!doHeaderFiltering || testHeader(srcAddrIn, srcPortIn, dstAddrIn, dstPortIn, protocolIn)) {
        // if we don't do header filtering *or* if we have tested the header and decided it's a match
        if (packetFilter != null) {
            // and we have a packet filter, then we need to filter the packet
            byte[] data = (byte[]) resolver.resolve(PcapHelper.PacketFields.PACKET_DATA.getName());
            try {
                return ByteArrayMatchingUtil.INSTANCE.match(packetFilter, data);
            } catch (ExecutionException e) {
                throw new IllegalStateException("Unable to perform binary filter: " + packetFilter + " on " + DatatypeConverter.printHexBinary(data), e);
            }
        } else if (!doHeaderFiltering) {
            // pass the test
            return true;
        } else {
            // and if we *are* doing header filtering and not packet filtering, then we want to pass the test
            return true;
        }
    } else {
        // in this case we're doing header filtering and we failed the header filter test.
        return false;
    }
}
Also used : MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) ExecutionException(java.util.concurrent.ExecutionException)

Aggregations

VariableResolver (org.apache.metron.stellar.dsl.VariableResolver)8 MapVariableResolver (org.apache.metron.stellar.dsl.MapVariableResolver)7 StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Context (org.apache.metron.stellar.dsl.Context)2 JSONObject (org.json.simple.JSONObject)2 Function (com.google.common.base.Function)1 List (java.util.List)1 ExecutionException (java.util.concurrent.ExecutionException)1 Collectors (java.util.stream.Collectors)1 Nullable (javax.annotation.Nullable)1 Aggregators (org.apache.metron.common.aggregator.Aggregators)1 SensorEnrichmentConfig (org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)1 ConfigHandler (org.apache.metron.common.configuration.enrichment.handler.ConfigHandler)1 RiskLevelRule (org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule)1 RuleScore (org.apache.metron.common.configuration.enrichment.threatintel.RuleScore)1 ThreatIntelConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)1 ThreatScore (org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore)1 ThreatTriageConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial