[Feature][core] Add Intelligence Indicator Lookup Function

author: gujinkai <[email protected]> 2024-04-07 15:13:08 +0800
committer: gujinkai <[email protected]> 2024-04-09 16:44:13 +0800
commit: 5bc3249133d2a237564bf6998235b6d5cc800b9b (patch)
tree: 2bc63c5ccbd73adeb100e6d2098d678964b66fd9 /groot-examples
parent: 5f6ab13295c03c3ca536271f42768e02e662d419 (diff)
3 files changed, 14 insertions, 42 deletions
diff --git a/groot-examples/cn-udf-example/src/main/resources/example/cn_grootstream_job_template.yaml b/groot-examples/cn-udf-example/src/main/resources/example/cn_grootstream_job_template.yaml
index 392e6a8..1e4224f 100644
--- a/groot-examples/cn-udf-example/src/main/resources/example/cn_grootstream_job_template.yaml
+++ b/groot-examples/cn-udf-example/src/main/resources/example/cn_grootstream_job_template.yaml
@@ -43,11 +43,6 @@ processing_pipelines:
           precision: seconds
 
       - function: EVAL
-        output_fields: [ ingestion_time ]
-        parameters:
-          value_expression: recv_time
-
-      - function: EVAL
         output_fields: [ domain ]
         parameters:
           value_expression: server_fqdn
@@ -234,34 +229,27 @@ processing_pipelines:
           kb_name: cn_ioc_malware
           option: DOMAIN_TO_MALWARE
 
-      - function: CN_USER_DEFINE_TAG_LOOKUP
+      - function: CN_INTELLIGENCE_INDICATOR_LOOKUP
         lookup_fields: [ client_ip ]
         output_fields: [ client_ip_tags ]
         parameters:
-          kb_name: cn_ip_tag_user_define
+          kb_name: cn_intelligence_indicator
           option: IP_TO_TAG
 
-      - function: CN_USER_DEFINE_TAG_LOOKUP
+      - function: CN_INTELLIGENCE_INDICATOR_LOOKUP
         lookup_fields: [ server_ip ]
         output_fields: [ server_ip_tags ]
         parameters:
-          kb_name: cn_ip_tag_user_define
+          kb_name: cn_intelligence_indicator
           option: IP_TO_TAG
 
-      - function: CN_USER_DEFINE_TAG_LOOKUP
+      - function: CN_INTELLIGENCE_INDICATOR_LOOKUP
         lookup_fields: [ domain ]
         output_fields: [ domain_tags ]
         parameters:
-          kb_name: cn_domain_tag_user_define
+          kb_name: cn_intelligence_indicator
           option: DOMAIN_TO_TAG
 
-      - function: CN_USER_DEFINE_TAG_LOOKUP
-        lookup_fields: [ app ]
-        output_fields: [ app_tags ]
-        parameters:
-          kb_name: cn_app_tag_user_define
-          option: APP_TO_TAG
-
       - function: GENERATE_STRING_ARRAY
         lookup_fields: [ client_idc_renter,client_ip_tags ]
         output_fields: [ client_ip_tags ]
diff --git a/groot-examples/cn-udf-example/src/main/resources/grootstream.yaml b/groot-examples/cn-udf-example/src/main/resources/grootstream.yaml
index 558030c..492d438 100644
--- a/groot-examples/cn-udf-example/src/main/resources/grootstream.yaml
+++ b/groot-examples/cn-udf-example/src/main/resources/grootstream.yaml
@@ -84,17 +84,11 @@ grootstream:
       files:
         - 7
 
-    - name: cn_ip_tag_user_define
+    - name: cn_intelligence_indicator
       fs_type: http
-      fs_path: http://192.168.44.55:9999/v1/knowledge_base?category=cn_ip_tag_user_defined
-
-    - name: cn_domain_tag_user_define
-      fs_type: http
-      fs_path: http://192.168.44.55:9999/v1/knowledge_base?category=cn_domain_tag_user_defined
-
-    - name: cn_app_tag_user_define
-      fs_type: http
-      fs_path: http://192.168.44.55:9999/v1/knowledge_base?category=cn_app_tag_user_defined
+      fs_path: http://192.168.44.55:9999/v1/knowledge_base
+      files:
+        - 16
 
     - name: cn_rule
       fs_type: http
@@ -103,6 +97,4 @@ grootstream:
         token: 1a653ea0-d39b-4246-94b0-1ba95db4b6a7
 
   properties:
-    hos.path: http://192.168.44.12:8089
-    hos.bucket.name.traffic_file: traffic_file_bucket
-    hos.bucket.name.troubleshooting_file: troubleshooting_file_bucket
-\ No newline at end of file
+    scheduler.knowledge_base.update.interval.minutes: 5
+\ No newline at end of file
diff --git a/groot-examples/cn-udf-example/src/main/resources/udf.plugins b/groot-examples/cn-udf-example/src/main/resources/udf.plugins
index 22804f6..0545bec 100644
--- a/groot-examples/cn-udf-example/src/main/resources/udf.plugins
+++ b/groot-examples/cn-udf-example/src/main/resources/udf.plugins
@@ -1,18 +1,9 @@
+com.geedgenetworks.core.udf.SnowflakeId
+com.geedgenetworks.core.udf.UnixTimestampConverter
 com.geedgenetworks.core.udf.AsnLookup
-com.geedgenetworks.core.udf.CurrentUnixTimestamp
-com.geedgenetworks.core.udf.DecodeBase64
-com.geedgenetworks.core.udf.Domain
-com.geedgenetworks.core.udf.Drop
 com.geedgenetworks.core.udf.Eval
-com.geedgenetworks.core.udf.FromUnixTimestamp
 com.geedgenetworks.core.udf.GenerateStringArray
 com.geedgenetworks.core.udf.GeoIpLookup
-com.geedgenetworks.core.udf.JsonExtract
-com.geedgenetworks.core.udf.PathCombine
-com.geedgenetworks.core.udf.Rename
-com.geedgenetworks.core.udf.SnowflakeId
-com.geedgenetworks.core.udf.StringJoiner
-com.geedgenetworks.core.udf.UnixTimestampConverter
 com.geedgenetworks.core.udf.cn.L7ProtocolAndAppExtract
 com.geedgenetworks.core.udf.cn.IdcRenterLookup
 com.geedgenetworks.core.udf.cn.LinkDirectionLookup
@@ -28,3 +19,4 @@ com.geedgenetworks.core.udf.cn.IocLookup
 com.geedgenetworks.core.udf.cn.UserDefineTagLookup
 com.geedgenetworks.core.udf.cn.FieldsMerge
 com.geedgenetworks.core.udf.cn.ArrayElementsPrepend
+com.geedgenetworks.core.udf.cn.IntelligenceIndicatorLookup
+\ No newline at end of file
author	gujinkai <[email protected]>	2024-04-07 15:13:08 +0800
committer	gujinkai <[email protected]>	2024-04-09 16:44:13 +0800
commit	5bc3249133d2a237564bf6998235b6d5cc800b9b (patch)
tree	2bc63c5ccbd73adeb100e6d2098d678964b66fd9 /groot-examples
parent	5f6ab13295c03c3ca536271f42768e02e662d419 (diff)