POC Code

This page provide link and details about POC Java code.

POC code can be find on Github here: https://github.com/NybbleHub/BOTES-Enrichment

Code details

Code contains few comments but let's explain some parts

AsyncDataStream

The following line is used to create an asynchronous DataStream :

DataStream<String> enrichmentStreamFile = AsyncDataStream.unorderedWait
    (logsStreamFile, new AsyncRedisFileEnrichment(), 
    5000, TimeUnit.MILLISECONDS).setParallelism(4);

Asynchronous DataStream options/parameters are the following :

unorderedwait: with this mode, results of async functions are emitted as soon as the async requests finish. So order will maybe not conserved.
logsStreamFile: it's the source DataStream used to create the new AsyncDataSteam.
new AsyncRedisFileEnrichment(): It's the asynchronous function which wil be called for processing logic on stream.
5000, TimeUnit.MILLISECONDS: Time after an asynchronous call is declared as timed out.
setParallelism: set the parallelism for the asynchronous function.

AsynHttpRequest

AsyncHttpClient onypheAsyncClient = asyncHttpClient();
Future<Response> onypheGetRequest = onypheAsyncClient.prepareGet(
    "https://www.onyphe.io/api/ip/" + onypheQueryIP + "?apikey=" + onypheAPIKey).execute();

onypheGetBody = mapper.readValue(onypheGetRequest.get().getResponseBody(), ObjectNode.class);
if (!onypheGetBody.has("results")) {
    return "{}";
} else {
    if (!onypheGetBody.get("results").hasNonNull(1)) {
        return "{}";
    } else {
        onypheResult = processOnypheGetResult(onypheGetBody);
        return onypheResult;
    }
}

Purpose of this code is to make asynchronous API call to get result on an IP or File hash.

Line 1: Create AsyncHttpClient
Line 2: Launch a request on Onyphe API to get result on IP address.
Line 5: Get the result of API call from Response Body.
Line 6 -11: Check if response contains results or if response is not null (In case of no more credits to call API).
Line 12-13: Call "processOnypheGetResult" function to extract relevant information from Onyphe (JSON) results and return a new JSON with fields formatted to be compliant with ECS format.

Comments this section if you want more details on specific parts of code.

PreviousPOC Prerequisites NextPOC Enhancement

Last updated 5 years ago

Was this helpful?

Code details

Code contains few comments but let's explain some parts

AsyncDataStream

The following line is used to create an asynchronous DataStream :

DataStream<String> enrichmentStreamFile = AsyncDataStream.unorderedWait
    (logsStreamFile, new AsyncRedisFileEnrichment(), 
    5000, TimeUnit.MILLISECONDS).setParallelism(4);

Asynchronous DataStream options/parameters are the following :

unorderedwait: with this mode, results of async functions are emitted as soon as the async requests finish. So order will maybe not conserved.

logsStreamFile: it's the source DataStream used to create the new AsyncDataSteam.

new AsyncRedisFileEnrichment(): It's the asynchronous function which wil be called for processing logic on stream.

5000, TimeUnit.MILLISECONDS: Time after an asynchronous call is declared as timed out.

setParallelism: set the parallelism for the asynchronous function.

AsynHttpRequest

AsyncHttpClient onypheAsyncClient = asyncHttpClient();
Future<Response> onypheGetRequest = onypheAsyncClient.prepareGet(
    "https://www.onyphe.io/api/ip/" + onypheQueryIP + "?apikey=" + onypheAPIKey).execute();

onypheGetBody = mapper.readValue(onypheGetRequest.get().getResponseBody(), ObjectNode.class);
if (!onypheGetBody.has("results")) {
    return "{}";
} else {
    if (!onypheGetBody.get("results").hasNonNull(1)) {
        return "{}";
    } else {
        onypheResult = processOnypheGetResult(onypheGetBody);
        return onypheResult;
    }
}

Purpose of this code is to make asynchronous API call to get result on an IP or File hash.

Line 1: Create AsyncHttpClient

Line 2: Launch a request on Onyphe API to get result on IP address.

Line 5: Get the result of API call from Response Body.

Line 6 -11: Check if response contains results or if response is not null (In case of no more credits to call API).

Line 12-13: Call "processOnypheGetResult" function to extract relevant information from Onyphe (JSON) results and return a new JSON with fields formatted to be compliant with ECS format.

Comments this section if you want more details on specific parts of code.