org.graylog.plugins.threatintel.functions.global.GlobalLookupResult Maven / Gradle / Ivy
/*
* Copyright (C) 2020 Graylog, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the Server Side Public License, version 1,
* as published by MongoDB, Inc.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* Server Side Public License for more details.
*
* You should have received a copy of the Server Side Public License
* along with this program. If not, see
* .
*/
package org.graylog.plugins.threatintel.functions.global;
import com.google.common.collect.ForwardingMap;
import com.google.common.collect.ImmutableMap;
import java.util.List;
import java.util.Map;
public class GlobalLookupResult extends ForwardingMap {
public static final String RESULTS_KEY = "threat_indicated";
private final ImmutableMap results;
private GlobalLookupResult(ImmutableMap fields) {
this.results = fields;
}
static GlobalLookupResult fromMatches(List matches, String prefix) {
ImmutableMap.Builder fields = new ImmutableMap.Builder<>();
// False matrch
if(matches.isEmpty()) {
fields.put(prefixedField(prefix, RESULTS_KEY), false);
return new GlobalLookupResult(fields.build());
}
fields.put(prefixedField(prefix, RESULTS_KEY), true);
for (String match : matches) {
// threat_indicated_spamhaus => true
fields.put(prefixedField(prefix, RESULTS_KEY) + "_" + match, true);
}
return new GlobalLookupResult(fields.build());
}
public Map getResults() {
return results;
}
private static String prefixedField(String prefix, String field) {
return prefix + "_" + field;
}
@Override
protected Map delegate() {
return getResults();
}
} © 2015 - 2024 Weber Informatics LLC | Privacy Policy