From a79b8ac26b9524f835606896a9d1454dd8cba139 Mon Sep 17 00:00:00 2001 From: Surya Sashank Nistala <snistala@amazon.com> Date: Mon, 16 Oct 2023 18:17:41 -0700 Subject: [PATCH] test udpate detector disabling threat intel Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --- .../transport/TransportIndexDetectorAction.java | 1 + .../resthandler/DetectorMonitorRestApiIT.java | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java index 3eb0a5112..414591fe4 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java @@ -691,6 +691,7 @@ private void addThreatIntelBasedDocLevelQueries(Detector detector, List<DocLevel try { if (detector.getThreatIntelEnabled()) { + log.debug("threat intel enabled for detector {} . adding threat intel based doc level queries.", detector.getName()); List<LogType.IocFields> iocFieldsList = logTypeService.getIocFieldsList(detector.getDetectorType()); if (iocFieldsList == null || iocFieldsList.isEmpty()) { diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java index a4a38274f..0939a5520 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorMonitorRestApiIT.java @@ -1078,7 +1078,6 @@ public void testCreateDetectorWiththreatIntelEnabled_updateDetectorWithThreatInt DetectorInput input = new DetectorInput("windows detector for security analytics", List.of("windows"), detectorRules, Collections.emptyList()); Detector detector = randomDetectorWithInputsAndThreatIntel(List.of(input), true); - Response createResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector)); String request = "{\n" + @@ -1137,8 +1136,7 @@ public void testCreateDetectorWiththreatIntelEnabled_updateDetectorWithThreatInt ArrayList<String> docs = (ArrayList<String>) docLevelQueryResults.get(threatIntelDocLevelQueryId); assertEquals(docs.size(), 3); - detector.setThreatIntelEnabled(false); - Response updateResponse = makeRequest(client(), "PUT", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId, Collections.emptyMap(), toHttpEntity(detector)); + Response updateResponse = makeRequest(client(), "PUT", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId, Collections.emptyMap(), toHttpEntity(randomDetectorWithInputsAndThreatIntel(List.of(input), true))); assertEquals("Update detector failed", RestStatus.OK, restStatus(updateResponse));