@SuppressWarnings("unchecked") @Override public Map<String, List<JSONObject>> splitMessage(JSONObject message) { Map<String, List<JSONObject>> streamMessageMap = new HashMap<>(); String sensorType = MessageUtils.getSensorType(message); Map<String, Object> enrichmentFieldMap = getFieldMap(sensorType); Map<String, ConfigHandler> fieldToHandler = getFieldToHandlerMap(sensorType); Set<String> enrichmentTypes = new HashSet<>(enrichmentFieldMap.keySet()); enrichmentTypes.addAll(fieldToHandler.keySet()); for (String enrichmentType : enrichmentTypes) { Object fields = enrichmentFieldMap.get(enrichmentType); ConfigHandler retriever = fieldToHandler.get(enrichmentType); List<JSONObject> enrichmentObject = retriever.getType() .splitByFields( message , fields , field -> getKeyName(enrichmentType, field) , retriever ); for(JSONObject eo : enrichmentObject) { eo.put(Constants.SENSOR_TYPE, sensorType); } streamMessageMap.put(enrichmentType, enrichmentObject); } message.put(getClass().getSimpleName().toLowerCase() + ".splitter.end.ts", "" + System.currentTimeMillis()); return streamMessageMap; }
@Override public Set<String> getStreamIds(JSONObject message) { Set<String> streamIds = new HashSet<>(); String sourceType = MessageUtils.getSensorType(message); if(sourceType == null) { String errorMessage = "Unable to find source type for message: " + message; throw new IllegalStateException(errorMessage); } Map<String, Object> fieldMap = getFieldMap(sourceType); Map<String, ConfigHandler> handlerMap = getFieldToHandlerMap(sourceType); if(fieldMap != null) { for (String enrichmentType : fieldMap.keySet()) { ConfigHandler handler = handlerMap.get(enrichmentType); List<String> subgroups = handler.getType().getSubgroups(handler.getType().toConfig(handler.getConfig())); for(String subgroup : subgroups) { streamIds.add(Joiner.on(":").join(enrichmentType, subgroup)); } } } streamIds.add("message:"); return streamIds; }
@Override public JSONObject joinMessages(Map<String, Tuple> streamMessageMap, MessageGetStrategy messageGetStrategy) { JSONObject ret = super.joinMessages(streamMessageMap, messageGetStrategy); String sourceType = MessageUtils.getSensorType(ret); return ThreatIntelUtils.triage(ret, getConfigurations().getSensorEnrichmentConfig(sourceType), functionResolver, stellarContext); }
String sourceType = MessageUtils.getSensorType(ret); ThreatTriageConfig triageConfig = null; if(config != null) {
String sensorType = MessageUtils.getSensorType(message); message.put(getClass().getSimpleName().toLowerCase() + ".splitter.begin.ts", "" + System.currentTimeMillis());
String sensorType = MessageUtils.getSensorType(message); if(sensorType == null) { handleMissingSensorType(tuple, message);
JSONObject message = generateMessage(input); try { String sourceType = MessageUtils.getSensorType(message); SensorEnrichmentConfig config = getConfigurations().getSensorEnrichmentConfig(sourceType); if(config == null) {