BroMessageFilter.java

package com.opensoc.filters;

import java.io.Serializable;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.apache.commons.configuration.Configuration;
import org.json.simple.JSONObject;

import com.opensoc.parser.interfaces.MessageFilter;

public class BroMessageFilter implements MessageFilter,Serializable {

	/**
	 * Filter protocols based on whitelists and blacklists
	 */
	
	private static final long serialVersionUID = -3824683649114625033L;
	private String _key;
	private final Set<String> _known_protocols;

	 /**
	 * @param  filter  Commons configuration for reading properties files
	 * @param  key Key in a JSON mesage where the protocol field is located
	 */
	
	@SuppressWarnings({ "unchecked", "rawtypes" })
	public BroMessageFilter(Configuration conf, String key) {
		_key = key;
		_known_protocols = new HashSet<String>();
		List known_protocols = conf.getList("source.known.protocols");
		_known_protocols.addAll(known_protocols);
	}

	 /**
	 * @param  message  JSON representation of a message with a protocol field
	 * @return      False if message if filtered and True if message is not filtered
	 */
	
	public boolean emitTuple(JSONObject message) {
		return _known_protocols.contains(message.get(_key));
	}
}