Skip to content

[Backport 2.x] add mitre attack based auto-correlations support in correlation engine#540

Merged
sbcd90 merged 2 commits into2.xfrom
backport/backport-532-to-2.x
Sep 6, 2023
Merged

[Backport 2.x] add mitre attack based auto-correlations support in correlation engine#540
sbcd90 merged 2 commits into2.xfrom
backport/backport-532-to-2.x

Conversation

@opensearch-trigger-bot
Copy link
Copy Markdown
Contributor

@opensearch-trigger-bot opensearch-trigger-bot bot commented Sep 6, 2023

Backport 32d5aa1 from #532

@sbcd90 @github-actions
add mitre attack based auto-correlations support in correlation engine (
d1e8fdf 
#532)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
(cherry picked from commit 32d5aa1)
@sbcd90
add mitre attack based auto-correlations support in correlation engine
b5040cd 
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Sep 6, 2023
edited
Loading

Codecov Report

Merging #540 (b5040cd) into 2.x (11aeb97) will decrease coverage by 0.31%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##                2.x     #540      +/-   ##
============================================
- Coverage     25.78%   25.48%   -0.31%     
  Complexity      940      940              
============================================
  Files           252      253       +1     
  Lines         10770    10897     +127     
  Branches       1197     1223      +26     
============================================
  Hits           2777     2777              
- Misses         7746     7873     +127     
  Partials        247      247
Files Changed Coverage Δ
...arch/securityanalytics/correlation/JoinEngine.java 0.00% <0.00%> (ø)
...ics/transport/TransportCorrelateFindingAction.java 0.00% <0.00%> (ø)
...h/securityanalytics/util/AutoCorrelationsRepo.java 0.00% <0.00%> (ø)

@sbcd90 sbcd90 merged commit bf2b219 into 2.x Sep 6, 2023
@github-actions github-actions bot deleted the backport/backport-532-to-2.x branch September 6, 2023 20:33
riysaxen-amzn pushed a commit to riysaxen-amzn/security-analytics that referenced this pull request Feb 20, 2024
@opensearch-trigger-bot @amsiglan
[Backport main] Correlation engine ux (opensearch-project#537)
804f872 
* Correlation engine ux (opensearch-project#524)

* wip

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* completed rules page; added placeholder for findings flyout tabs

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* reverted change to show empty table

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* updated rule type

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* updated create correlation rule page

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* correlation page wip

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* Correlation store and API services

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Correlation store and API services

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Correlation store and API services

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Correlation store and API services

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Correlation store and API services

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* updated correlations page

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* updated store interfaces

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* fixed correlation store

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* added api for all correlations

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* added filter support for correlations

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* using apis; added validation

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* Implemented logic to populate correlations tables data.

Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

* restricted to AND

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* log type clearable

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* code cleanup

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* fixed API issue

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* updated snapshots

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* ux improvements

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* code cleanup

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* removed redundant code

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* removed unwanted param

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* connected refresh

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

---------

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>
Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>
Co-authored-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Co-authored-by: AWSHurneyt <hurneyt@amazon.com>
(cherry picked from commit f565a923c6bfec1b8a69128d21e5d823a50cb142)

* Removed duplicate import for EuiSpacer (opensearch-project#538) (opensearch-project#540)

* removed duplicate import



* updated snapshots



---------

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

* Pinned babel traverse and core (opensearch-project#539) (opensearch-project#544)

* pinned babel traverse and core



* removed cyclic dependency



* added types for vis



* refactored code



---------

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

---------

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>
Co-authored-by: Amardeepsingh Siglani <amardeep7194@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sbcd90