Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cogburn/public id on duplicate #457

Merged
merged 5 commits into from
May 1, 2024
Merged

Cogburn/public id on duplicate #457

merged 5 commits into from
May 1, 2024

Conversation

coreyogburn
Copy link
Contributor

Smarter Duplicate functionality. Instead of removing metadata and leaving the source unchanged, we're updating the metadata and the source so there's no half-integrity detections in ES, i.e. every detection should have ExtractDetails called on it before going into ES, no more exceptions.

Added a mock to Userstore for testing. Updated existing tests. Added new test.

Also, while testing something with Detectionstore.GetDetectionByPublicId I noticed that our getByPublicId handler wasn't using this helper function. Refactored to use it for consistency.

Ran go mod tidy

coreyogburn added 4 commits May 1, 2024 10:54
@coreyogburn
Smart Duplicate - ElastAlert
ac33cb5 
Smarter Duplicate functionality in ElastAlert. Instead of removing metadata and leaving the source unchanged, we're updating the metadata and the source so there's no half-integrity detections in ES, i.e. every detection should have ExtractDetails called on it before going into ES, no exceptions.

Other engines stubbed for now to meet the interface change. WIP.

Added a mock to Userstore for testing. Updated existing tests. Added new test.

Also, while testing something with `Detectionstore.GetDetectionByPublicId` I noticed that our `getByPublicId` handler wasn't using this helper function. Refactored to use it for consistency.

Ran `go mod tidy`
@coreyogburn
Smart Duplicate - Suricata
334eb4c 
The same additions added to ElastAlert, but this time Suricata.
@coreyogburn
Smart Duplicate - Strelka
9b72687 
Ditto
@coreyogburn
Cleanup of Constants
f8dbb8d
@coreyogburn coreyogburn force-pushed the cogburn/publicId-on-duplicate branch from 9d21133 to f8dbb8d Compare May 1, 2024 16:55
@coreyogburn
Requested Changes
e3e1659 
Move common detection functions and constants to a new top-level detections package.

Use UPPER_SNAKE case for constants.

Test generateUnusedPublicId functions.

Break up Suricata DuplicateDetection for extra logic around setting title, publicId.
@coreyogburn coreyogburn merged commit bf76869 into 2.4/dev May 1, 2024
3 checks passed
@coreyogburn coreyogburn deleted the cogburn/publicId-on-duplicate branch May 1, 2024 18:59
@github-actions github-actions bot locked and limited conversation to collaborators May 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jertel jertel jertel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coreyogburn @jertel