ensure ioc types are part of ioc_types

Signed-off-by: Joanne Wang <[email protected]>
jowg-amazon · Jul 3, 2024 · 32add0f · 32add0f
1 parent f511eea
commit 32add0f
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/.../opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java b/.../opensearch/securityanalytics/threatIntel/service/SATIFSourceConfigManagementService.java
@@ -3,6 +3,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchException;
+import org.opensearch.OpenSearchStatusException;
 import org.opensearch.action.delete.DeleteResponse;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
@@ -18,6 +19,7 @@
 import org.opensearch.commons.authuser.User;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.common.bytes.BytesReference;
+import org.opensearch.core.rest.RestStatus;
 import org.opensearch.core.xcontent.NamedXContentRegistry;
 import org.opensearch.core.xcontent.ToXContent;
 import org.opensearch.core.xcontent.XContentBuilder;
@@ -197,7 +199,24 @@ public void downloadAndSaveIOCs(SATIFSourceConfig saTifSourceConfig,
                 stix2IOCFetchService.downloadAndIndexIOCs(saTifSourceConfig, actionListener);
                 break;
             case IOC_UPLOAD:
-                stix2IOCFetchService.onlyIndexIocs(saTifSourceConfig, stix2IOCList, actionListener);
+                List<STIX2IOC> validStix2IocList = new ArrayList<>();
+                // If the IOC received is not a type listed for the config, do not add it to the queue
+                for (STIX2IOC stix2IOC: stix2IOCList) {
+                    if (saTifSourceConfig.getIocTypes().contains(stix2IOC.getType().name())) {
+                        validStix2IocList.add(stix2IOC);
+                    } else {
+                        log.error("{} is not a supported Ioc type for tif source config {}. Skipping IOC {}: of type {} value {}",
+                                stix2IOC.getType().name(), saTifSourceConfig.getId(),
+                                stix2IOC.getId(), stix2IOC.getType(), stix2IOC.getValue()
+                        );
+                    }
+                }
+                if (validStix2IocList.isEmpty()) {
+                    log.error("No supported IOCs to index");
+                    actionListener.onFailure(new OpenSearchStatusException("No compatible Iocs were uploaded for config " + saTifSourceConfig.getName(), RestStatus.BAD_REQUEST));
+                    return;
+                }
+                stix2IOCFetchService.onlyIndexIocs(saTifSourceConfig, validStix2IocList, actionListener);
                 break;
         }
     }