Google Git
Sign in
apache / metron / b71ddceeefb4efc677f800c66ca65fae46f4a45a / . / metron-platform / metron-common / src / test / java / org / apache / metron / common / configuration / SensorEnrichmentUpdateConfigTest.java
blob: 7ed515cea9979062da225a49df226fcd9de0d33d [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.metron.common.configuration;
import org.adrianwalker.multilinestring.Multiline;
import org.apache.metron.common.Constants;
import org.apache.metron.common.configuration.enrichment.SensorEnrichmentConfig;
import org.apache.metron.common.configuration.enrichment.SensorEnrichmentUpdateConfig;
import org.apache.metron.common.utils.JSONUtils;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
public class SensorEnrichmentUpdateConfigTest {
/**
{
"enrichment" : {
"fieldMap": {
"geo": ["ip_dst_addr", "ip_src_addr"],
"host": ["host"]
}
},
"threatIntel": {
"fieldMap": {
"hbaseThreatIntel": ["ip_dst_addr", "ip_src_addr"]
},
"fieldToTypeMap": {
"ip_dst_addr" : [ "malicious_ip" ]
,"ip_src_addr" : [ "malicious_ip" ]
},
"triageConfig" : {
"riskLevelRules" : [
{
"rule" : "not(IN_SUBNET(ip_dst_addr, '192.168.0.0/24'))",
"score" : 10
}
],
"aggregator" : "MAX"
}
}
}
*/
@Multiline
public static String sourceConfigStr;
/**
{
"zkQuorum" : "localhost:2181"
,"sensorToFieldList" : {
"bro" : {
"type" : "THREAT_INTEL"
,"fieldToEnrichmentTypes" : {
"ip_src_addr" : [ "playful" ]
,"ip_dst_addr" : [ "playful" ]
}
}
}
}
*/
@Multiline
public static String threatIntelConfigStr;
@Test
public void testThreatIntel() throws Exception {
SensorEnrichmentConfig broSc = (SensorEnrichmentConfig) ConfigurationType.ENRICHMENT.deserialize(sourceConfigStr);
SensorEnrichmentUpdateConfig threatIntelConfig = JSONUtils.INSTANCE.load(threatIntelConfigStr, SensorEnrichmentUpdateConfig.class);
final Map<String, SensorEnrichmentConfig> finalEnrichmentConfig = new HashMap<>();
SensorEnrichmentUpdateConfig.SourceConfigHandler scHandler = new SensorEnrichmentUpdateConfig.SourceConfigHandler() {
@Override
public SensorEnrichmentConfig readConfig(String sensor) throws Exception {
if(sensor.equals("bro")) {
return JSONUtils.INSTANCE.load(sourceConfigStr, SensorEnrichmentConfig.class);
}
else {
throw new IllegalStateException("Tried to retrieve an unexpected sensor: " + sensor);
}
}
@Override
public void persistConfig(String sensor, SensorEnrichmentConfig config) throws Exception {
finalEnrichmentConfig.put(sensor, config);
}
};
SensorEnrichmentUpdateConfig.updateSensorConfigs(scHandler, threatIntelConfig.getSensorToFieldList());
assertNotNull(finalEnrichmentConfig.get("bro"));
assertNotSame(finalEnrichmentConfig.get("bro"), broSc);
assertEquals(
((List<String>)
finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_THREAT_INTEL))
.size(),
2,
finalEnrichmentConfig.get("bro").toJSON());
assertEquals(1, finalEnrichmentConfig.get("bro").getThreatIntel().getTriageConfig().getRiskLevelRules().size());
assertTrue(
((List<String>)
finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_THREAT_INTEL))
.contains("ip_src_addr"),
finalEnrichmentConfig.get("bro").toJSON());
assertTrue(
((List<String>)
finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_THREAT_INTEL))
.contains("ip_dst_addr"),
finalEnrichmentConfig.get("bro").toJSON());
assertEquals(finalEnrichmentConfig.get("bro").getThreatIntel().getFieldToTypeMap().keySet().size()
, 2
, finalEnrichmentConfig.get("bro").toJSON());
assertEquals(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_src_addr")))
.size(),
2,
finalEnrichmentConfig.get("bro").toJSON());
assertTrue(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_src_addr")))
.contains("playful"),
finalEnrichmentConfig.get("bro").toJSON());
assertTrue(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_src_addr")))
.contains("malicious_ip"),
finalEnrichmentConfig.get("bro").toJSON());
assertEquals(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_dst_addr")))
.size(),
2,
finalEnrichmentConfig.get("bro").toJSON());
assertTrue(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_dst_addr")))
.contains("playful"),
finalEnrichmentConfig.get("bro").toJSON());
assertTrue(
((List<String>)
(finalEnrichmentConfig
.get("bro")
.getThreatIntel()
.getFieldToTypeMap()
.get("ip_dst_addr")))
.contains("malicious_ip"),
finalEnrichmentConfig.get("bro").toJSON());
}
/**
{
"zkQuorum" : "localhost:2181"
,"sensorToFieldList" : {
"bro" : {
"type" : "ENRICHMENT"
,"fieldToEnrichmentTypes" : {
"ip_src_addr" : [ "playful" ]
,"ip_dst_addr" : [ "playful" ]
}
}
}
}
*/
@Multiline
public static String enrichmentConfigStr;
@Test
public void testEnrichment() throws Exception {
SensorEnrichmentConfig broSc = JSONUtils.INSTANCE.load(sourceConfigStr, SensorEnrichmentConfig.class);
SensorEnrichmentUpdateConfig config = JSONUtils.INSTANCE.load(enrichmentConfigStr, SensorEnrichmentUpdateConfig.class);
final Map<String, SensorEnrichmentConfig> outputScs = new HashMap<>();
SensorEnrichmentUpdateConfig.SourceConfigHandler scHandler = new SensorEnrichmentUpdateConfig.SourceConfigHandler() {
@Override
public SensorEnrichmentConfig readConfig(String sensor) throws Exception {
if(sensor.equals("bro")) {
return JSONUtils.INSTANCE.load(sourceConfigStr, SensorEnrichmentConfig.class);
}
else {
throw new IllegalStateException("Tried to retrieve an unexpected sensor: " + sensor);
}
}
@Override
public void persistConfig(String sensor, SensorEnrichmentConfig config) throws Exception {
outputScs.put(sensor, config);
}
};
SensorEnrichmentUpdateConfig.updateSensorConfigs(scHandler, config.getSensorToFieldList());
assertNotNull(outputScs.get("bro"));
assertNotSame(outputScs.get("bro"), broSc);
assertEquals(
((List<String>)
outputScs
.get("bro")
.getEnrichment()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_ENRICHMENT))
.size(),
2,
outputScs.get("bro").toJSON());
assertTrue(
((List<String>)
outputScs
.get("bro")
.getEnrichment()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_ENRICHMENT))
.contains("ip_src_addr"),
outputScs.get("bro").toJSON());
assertTrue(
((List<String>)
outputScs
.get("bro")
.getEnrichment()
.getFieldMap()
.get(Constants.SIMPLE_HBASE_ENRICHMENT))
.contains("ip_dst_addr"),
outputScs.get("bro").toJSON());
assertEquals(
outputScs.get("bro").getEnrichment().getFieldToTypeMap().keySet().size(),
2,
outputScs.get("bro").toJSON());
assertEquals(
((List<String>)
(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr")))
.size(),
1,
outputScs.get("bro").toJSON());
assertEquals(
((List<String>)
(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_src_addr")))
.get(0),
"playful",
outputScs.get("bro").toJSON());
assertEquals(
((List<String>)
(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_dst_addr")))
.size(),
1,
outputScs.get("bro").toJSON());
assertEquals(
((List<String>)
(outputScs.get("bro").getEnrichment().getFieldToTypeMap().get("ip_dst_addr")))
.get(0),
"playful",
outputScs.get("bro").toJSON());
}
}