Examples with VariableResolver org.apache.metron.stellar.dsl.VariableResolver used on opensource projects

Search in sources :

Example 6 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class QueryPcapFilter method test.

@Override
public boolean test(PacketInfo input) {
    Map<String, Object> fields = packetToFields(input);
    VariableResolver resolver = new MapVariableResolver(fields);
    return predicateProcessor.parse(queryString, resolver, StellarFunctions.FUNCTION_RESOLVER(), Context.EMPTY_CONTEXT());
}
Also used : MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver)

Example 7 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class ThreatTriageProcessor method apply.

@Nullable
@Override
public ThreatScore apply(@Nullable Map input) {
    ThreatScore threatScore = new ThreatScore();
    StellarPredicateProcessor predicateProcessor = new StellarPredicateProcessor();
    StellarProcessor processor = new StellarProcessor();
    VariableResolver resolver = new MapVariableResolver(input, sensorConfig.getConfiguration(), threatIntelConfig.getConfig());
    // attempt to apply each rule to the threat
    for (RiskLevelRule rule : threatTriageConfig.getRiskLevelRules()) {
        if (predicateProcessor.parse(rule.getRule(), resolver, functionResolver, context)) {
            // add the rule's score to the overall threat score
            String reason = execute(rule.getReason(), processor, resolver, String.class);
            RuleScore score = new RuleScore(rule, reason);
            threatScore.addRuleScore(score);
        }
    }
    // calculate the aggregate threat score
    Aggregators aggregators = threatTriageConfig.getAggregator();
    List<Number> allScores = threatScore.getRuleScores().stream().map(score -> score.getRule().getScore()).collect(Collectors.toList());
    Double aggregateScore = aggregators.aggregate(allScores, threatTriageConfig.getAggregationConfig());
    threatScore.setScore(aggregateScore);
    return threatScore;
}
Also used : StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore) FunctionResolver(org.apache.metron.stellar.dsl.functions.resolver.FunctionResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) Function(com.google.common.base.Function) RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule) StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) Collectors(java.util.stream.Collectors) SensorEnrichmentConfig(org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig) List(java.util.List) ThreatIntelConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig) RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore) Map(java.util.Map) Aggregators(org.apache.metron.common.aggregator.Aggregators) ThreatTriageConfig(org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig) ConversionUtils(org.apache.metron.stellar.common.utils.ConversionUtils) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor) Nullable(javax.annotation.Nullable) Context(org.apache.metron.stellar.dsl.Context) ThreatScore(org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) RiskLevelRule(org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule) Aggregators(org.apache.metron.common.aggregator.Aggregators) RuleScore(org.apache.metron.common.configuration.enrichment.threatintel.RuleScore) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) StellarPredicateProcessor(org.apache.metron.stellar.common.StellarPredicateProcessor) Nullable(javax.annotation.Nullable)

Example 8 with VariableResolver

use of org.apache.metron.stellar.dsl.VariableResolver in project metron by apache.

the class DefaultStellarShellExecutor method executeStellar.

/**
 * Executes Stellar expressions.
 * @param expression The expression to execute.
 */
private StellarResult executeStellar(String expression) {
    StellarResult result;
    try {
        // execute the stellar expression
        VariableResolver variableResolver = new MapVariableResolver(getVariables());
        Object exprResult = new StellarProcessor().parse(expression, variableResolver, functionResolver, context);
        result = success(exprResult);
    } catch (Throwable t) {
        result = error(t);
    }
    return result;
}
Also used : StellarProcessor(org.apache.metron.stellar.common.StellarProcessor) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) MapVariableResolver(org.apache.metron.stellar.dsl.MapVariableResolver) VariableResolver(org.apache.metron.stellar.dsl.VariableResolver)

Aggregations

VariableResolver (org.apache.metron.stellar.dsl.VariableResolver)8 MapVariableResolver (org.apache.metron.stellar.dsl.MapVariableResolver)7 StellarProcessor (org.apache.metron.stellar.common.StellarProcessor)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Context (org.apache.metron.stellar.dsl.Context)2 JSONObject (org.json.simple.JSONObject)2 Function (com.google.common.base.Function)1 List (java.util.List)1 ExecutionException (java.util.concurrent.ExecutionException)1 Collectors (java.util.stream.Collectors)1 Nullable (javax.annotation.Nullable)1 Aggregators (org.apache.metron.common.aggregator.Aggregators)1 SensorEnrichmentConfig (org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig)1 ConfigHandler (org.apache.metron.common.configuration.enrichment.handler.ConfigHandler)1 RiskLevelRule (org.apache.metron.common.configuration.enrichment.threatintel.RiskLevelRule)1 RuleScore (org.apache.metron.common.configuration.enrichment.threatintel.RuleScore)1 ThreatIntelConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatIntelConfig)1 ThreatScore (org.apache.metron.common.configuration.enrichment.threatintel.ThreatScore)1 ThreatTriageConfig (org.apache.metron.common.configuration.enrichment.threatintel.ThreatTriageConfig)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial