Skip to content

added label to consumer #3300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

added label to consumer #3300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5a0ff97
added label to consumer
rakshak-akto Oct 8, 2025
c5af4e2
removed run-threat-consumer from git
rakshak-akto Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,5 @@ https:
.factorypath
model.onnx
test_scripts/*
run-master.sh
run-master.sh
run-threat-consumer.sh
8 changes: 5 additions & 3 deletions ...detection/src/main/java/com/akto/threat/detection/tasks/MaliciousTrafficDetectorTask.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import com.akto.dto.HttpResponseParams;
import com.akto.dto.RawApi;
import com.akto.dto.RawApiMetadata;
import com.akto.dto.threat_detection_backend.MaliciousEventDto;
import com.akto.dto.api_protection_parse_layer.AggregationRules;
import com.akto.dto.api_protection_parse_layer.Rule;
import com.akto.dto.monitoring.FilterConfig;
Expand Down Expand Up @@ -314,7 +315,7 @@ private void processRecord(HttpResponseParam record) throws Exception {

// Send event to BE.
SampleMaliciousRequest maliciousReq = Utils.buildSampleMaliciousRequest(actor, responseParam,
ipApiRateLimitFilter, metadata, errors, successfulExploit);
ipApiRateLimitFilter, metadata, errors, successfulExploit, MaliciousEventDto.Label.THREAT.name().toLowerCase());
generateAndPushMaliciousEventRequest(ipApiRateLimitFilter, actor, responseParam, maliciousReq,
EventType.EVENT_TYPE_AGGREGATED);

Expand Down Expand Up @@ -374,7 +375,7 @@ private void processRecord(HttpResponseParam record) throws Exception {

SampleMaliciousRequest maliciousReq = null;
if (!isAggFilter || !apiFilter.getInfo().getSubCategory().equalsIgnoreCase("API_LEVEL_RATE_LIMITING")) {
maliciousReq = Utils.buildSampleMaliciousRequest(actor, responseParam, apiFilter, metadata, errors, successfulExploit);
maliciousReq = Utils.buildSampleMaliciousRequest(actor, responseParam, apiFilter, metadata, errors, successfulExploit, MaliciousEventDto.Label.THREAT.name().toLowerCase());
}

if (!isAggFilter) {
Expand All @@ -392,7 +393,7 @@ private void processRecord(HttpResponseParam record) throws Exception {
}
shouldNotify = this.apiCountWindowBasedThresholdNotifier.calcApiCount(apiHitCountKey, responseParam.getTime(), rule);
if (shouldNotify) {
maliciousReq = Utils.buildSampleMaliciousRequest(actor, responseParam, apiFilter, metadata, errors, successfulExploit);
maliciousReq = Utils.buildSampleMaliciousRequest(actor, responseParam, apiFilter, metadata, errors, successfulExploit, MaliciousEventDto.Label.THREAT.name().toLowerCase());
}
} else {
shouldNotify = this.windowBasedThresholdNotifier.shouldNotify(aggKey, maliciousReq, rule);
Expand Down Expand Up @@ -437,6 +438,7 @@ private void generateAndPushMaliciousEventRequest(
.setMetadata(maliciousReq.getMetadata())
.setType("Rule-Based")
.setSuccessfulExploit(maliciousReq.getSuccessfulExploit())
.setLabel(maliciousReq.getLabel())
.build();
MaliciousEventKafkaEnvelope envelope =
MaliciousEventKafkaEnvelope.newBuilder()
Expand Down
7 changes: 4 additions & 3 deletions apps/threat-detection/src/main/java/com/akto/threat/detection/utils/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ public static FilterConfig getipApiRateLimitFilter() {
return ipApiRateLimitFilter;
}

public static SampleMaliciousRequest buildSampleMaliciousRequest(String actor, HttpResponseParams responseParam, FilterConfig apiFilter, RawApiMetadata metadata, List<SchemaConformanceError> errors, boolean successfulExploit) {
public static SampleMaliciousRequest buildSampleMaliciousRequest(String actor, HttpResponseParams responseParam, FilterConfig apiFilter, RawApiMetadata metadata, List<SchemaConformanceError> errors, boolean successfulExploit, String label) {
Metadata.Builder metadataBuilder = Metadata.newBuilder();
if(errors != null && !errors.isEmpty()) {
metadataBuilder.addAllSchemaErrors(errors);
}

SampleMaliciousRequest.Builder maliciousReqBuilder = SampleMaliciousRequest.newBuilder()
.setUrl(responseParam.getRequestParams().getURL())
.setMethod(responseParam.getRequestParams().getMethod())
Expand All @@ -54,7 +54,8 @@ public static SampleMaliciousRequest buildSampleMaliciousRequest(String actor, H
.setApiCollectionId(responseParam.getRequestParams().getApiCollectionId())
.setTimestamp(responseParam.getTime())
.setFilterId(apiFilter.getId())
.setSuccessfulExploit(successfulExploit);
.setSuccessfulExploit(successfulExploit)
.setLabel(label);

metadataBuilder.setCountryCode(metadata.getCountryCode());
maliciousReqBuilder.setMetadata(metadataBuilder.build());
Expand Down
3 changes: 2 additions & 1 deletion protobuf/threat_detection/message/sample_request/v1/message.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,9 @@ message SampleMaliciousRequest {
int32 api_collection_id = 5;
string payload = 6;
string filter_id = 7;
Metadata metadata = 8;
Metadata metadata = 8;
bool successful_exploit = 9;
string label = 10; // Common values: "threat", "guardrail"
}

message SampleRequestKafkaEnvelope {
Expand Down
Loading