POC Code

This page provide link and details about POC Java code.

POC code can be find on Github here: https://github.com/NybbleHub/BOTES-Enrichment

Code details

Code contains few comments but let's explain some parts

AsyncDataStream

The following line is used to create an asynchronous DataStream :

DataStream<String> enrichmentStreamFile = AsyncDataStream.unorderedWait
    (logsStreamFile, new AsyncRedisFileEnrichment(), 
    5000, TimeUnit.MILLISECONDS).setParallelism(4);

Asynchronous DataStream options/parameters are the following :

  • unorderedwait: with this mode, results of async functions are emitted as soon as the async requests finish. So order will maybe not conserved.

  • logsStreamFile: it's the source DataStream used to create the new AsyncDataSteam.

  • new AsyncRedisFileEnrichment(): It's the asynchronous function which wil be called for processing logic on stream.

  • 5000, TimeUnit.MILLISECONDS: Time after an asynchronous call is declared as timed out.

  • setParallelism: set the parallelism for the asynchronous function.

AsynHttpRequest

AsyncHttpClient onypheAsyncClient = asyncHttpClient();
Future<Response> onypheGetRequest = onypheAsyncClient.prepareGet(
    "https://www.onyphe.io/api/ip/" + onypheQueryIP + "?apikey=" + onypheAPIKey).execute();

onypheGetBody = mapper.readValue(onypheGetRequest.get().getResponseBody(), ObjectNode.class);
if (!onypheGetBody.has("results")) {
    return "{}";
} else {
    if (!onypheGetBody.get("results").hasNonNull(1)) {
        return "{}";
    } else {
        onypheResult = processOnypheGetResult(onypheGetBody);
        return onypheResult;
    }
}

Purpose of this code is to make asynchronous API call to get result on an IP or File hash.

  • Line 1: Create AsyncHttpClient

  • Line 2: Launch a request on Onyphe API to get result on IP address.

  • Line 5: Get the result of API call from Response Body.

  • Line 6 -11: Check if response contains results or if response is not null (In case of no more credits to call API).

  • Line 12-13: Call "processOnypheGetResult" function to extract relevant information from Onyphe (JSON) results and return a new JSON with fields formatted to be compliant with ECS format.

Comments this section if you want more details on specific parts of code.

PreviousPOC PrerequisitesNextPOC Enhancement

Last updated

Was this helpful?