Repository: metron Updated Branches: refs/heads/master 828ab7134 -> b081e80c0
METRON-1617: Make threat triage score function with dots as well as colons closes apache/incubator-metron#1062 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/b081e80c Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/b081e80c Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/b081e80c Branch: refs/heads/master Commit: b081e80c07819fdaad0e5014790ddf02b2909c80 Parents: 828ab71 Author: cstella <ceste...@gmail.com> Authored: Fri Jun 15 19:59:13 2018 -0400 Committer: cstella <ceste...@gmail.com> Committed: Fri Jun 15 19:59:13 2018 -0400 ---------------------------------------------------------------------- .../alert-details/alert-details.component.html | 4 +-- .../alert-details/alert-details.component.ts | 22 ++++++++++++++-- .../alerts-list/alerts-list.component.html | 4 +-- .../alerts/alerts-list/alerts-list.component.ts | 13 ++++++---- .../src/app/alerts/alerts-list/query-builder.ts | 5 ++-- .../table-view/table-view.component.html | 18 ++++++------- .../table-view/table-view.component.ts | 19 ++++++++++++-- .../tree-view/tree-view.component.html | 16 ++++++------ .../tree-view/tree-view.component.ts | 27 +++++++++++++++++--- .../meta-alerts/meta-alerts.component.html | 2 +- .../alerts/meta-alerts/meta-alerts.component.ts | 11 +++++--- .../src/app/model/group-request.ts | 2 +- .../src/app/service/global-config.service.ts | 16 +++++++++--- .../metron-alerts/src/app/utils/constants.ts | 3 +-- .../ElasticsearchMetaAlertIntegrationTest.java | 2 ++ 15 files changed, 118 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.html b/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.html index 8b0efae..f8fdc1d 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.html @@ -34,8 +34,8 @@ <div class="col-md-10 px-0"> <div class="form-title row ml-2"> <div class="col px-0"> - <span appAlertSeverity [severity]="alertSource['threat:triage:score']"> </span> - <span> {{ alertSource['threat:triage:score'] }} </span> + <span appAlertSeverity [severity]="getScore(alertSource)"> </span> + <span> {{ getScore(alertSource) }} </span> </div> <div class="px-0" style="width: 205px"> <span [ngClass]="{'editable-text': alertSources.length > 1}" *ngIf="!showEditor" (click)="toggleNameEditor()"> {{ (alertSource.name && alertSource.name.length > 0)? alertSource.name : alertId | centerEllipses:20 }} </span> http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts b/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts index c8d0d7a..c939f04 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts @@ -18,6 +18,7 @@ import { Component, OnInit } from '@angular/core'; import {Router, ActivatedRoute} from '@angular/router'; import * as moment from 'moment/moment'; +import {Observable, Subscription} from 'rxjs/Rx'; import {SearchService} from '../../service/search.service'; import {UpdateService} from '../../service/update.service'; @@ -30,6 +31,7 @@ import {AlertComment} from './alert-comment'; import {AuthenticationService} from '../../service/authentication.service'; import {MetronDialogBox} from '../../shared/metron-dialog-box'; import {META_ALERTS_INDEX, META_ALERTS_SENSOR_TYPE} from '../../utils/constants'; +import { GlobalConfigService } from '../../service/global-config.service'; export enum AlertState { NEW, OPEN, ESCALATE, DISMISS, RESOLVE @@ -71,6 +73,9 @@ export class AlertDetailsComponent implements OnInit { alertFields: string[] = []; alertCommentStr = ''; alertCommentsWrapper: AlertCommentWrapper[] = []; + globalConfig: {} = {}; + globalConfigService: GlobalConfigService; + configSubscription: Subscription; constructor(private router: Router, private activatedRoute: ActivatedRoute, @@ -78,8 +83,9 @@ export class AlertDetailsComponent implements OnInit { private updateService: UpdateService, private alertsService: AlertsService, private authenticationService: AuthenticationService, - private metronDialogBox: MetronDialogBox) { - + private metronDialogBox: MetronDialogBox, + globalConfigService: GlobalConfigService) { + this.globalConfigService = globalConfigService; } goBack() { @@ -122,6 +128,10 @@ export class AlertDetailsComponent implements OnInit { } ngOnInit() { + this.configSubscription = this.globalConfigService.get().subscribe((config: {}) => { + this.globalConfig = config; + }); + this.activatedRoute.params.subscribe(params => { this.alertId = params['guid']; this.alertSourceType = params['source.type.field']; @@ -131,6 +141,14 @@ export class AlertDetailsComponent implements OnInit { }); }; + ngOnDestroy() { + this.configSubscription.unsubscribe(); + } + + getScore(alertSource) { + return alertSource[this.globalConfig['threat.triage.score.field']]; + } + processOpen() { let tAlert = new Alert(); tAlert.source = this.alertSource; http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html index 611cdaf..adda4ab 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html @@ -80,7 +80,7 @@ </div> <div class="col-xs-12 px-0"> <app-table-view #dataViewComponent - [alerts]="alerts" *ngIf="queryBuilder.groupRequest.groups.length === 0" + [alerts]="alerts" *ngIf="getGroupRequest().groups.length === 0" [queryBuilder]="queryBuilder" [pagination]="pagination" [alertsColumnsToDisplay]="alertsColumnsToDisplay" @@ -90,7 +90,7 @@ (onRefreshData)="onRefreshData($event)" (onShowDetails)="showDetails($event)" (onSelectedAlertsChange)="onSelectedAlertsChange($event)"></app-table-view> - <app-tree-view #dataViewComponent *ngIf="queryBuilder.groupRequest.groups.length !== 0" + <app-tree-view #dataViewComponent *ngIf="getGroupRequest().groups.length !== 0" [alerts]="alerts" [queryBuilder]="queryBuilder" [alertsColumnsToDisplay]="alertsColumnsToDisplay" http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts index a70f2b4..4496e37 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts @@ -36,7 +36,7 @@ import {AlertSearchDirective} from '../../shared/directives/alert-search.directi import {SearchResponse} from '../../model/search-response'; import {ElasticsearchUtils} from '../../utils/elasticsearch-utils'; import {Filter} from '../../model/filter'; -import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants'; +import {TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants'; import {TableViewComponent} from './table-view/table-view.component'; import {Pagination} from '../../model/pagination'; import {META_ALERTS_SENSOR_TYPE, META_ALERTS_INDEX} from '../../utils/constants'; @@ -65,7 +65,6 @@ export class AlertsListComponent implements OnInit, OnDestroy { isMetaAlertPresentInSelectedAlerts = false; timeStampfilterPresent = false; selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false); - threatScoreFieldName = THREAT_SCORE_FIELD_NAME; @ViewChild('table') table: ElementRef; @ViewChild('dataViewComponent') dataViewComponent: TableViewComponent; @@ -118,7 +117,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { addLoadSavedSearchListner() { this.saveSearchService.loadSavedSearch$.subscribe((savedSearch: SaveSearch) => { let queryBuilder = new QueryBuilder(); - queryBuilder.setGroupby(this.queryBuilder.groupRequest.groups.map(group => group.field)); + queryBuilder.setGroupby(this.getGroupRequest().groups.map(group => group.field)); queryBuilder.searchRequest = savedSearch.searchRequest; queryBuilder.filters = savedSearch.filters; this.queryBuilder = queryBuilder; @@ -168,7 +167,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { getColumnNamesForQuery() { let fieldNames = this.alertsColumns.map(columnMetadata => columnMetadata.name); fieldNames = fieldNames.filter(name => !(name === 'id' || name === 'alert_status')); - fieldNames.push(this.threatScoreFieldName); + fieldNames.push(this.globalConfig['threat.score.field.name']); return fieldNames; } @@ -342,8 +341,12 @@ export class AlertsListComponent implements OnInit, OnDestroy { this.tryStartPolling(); } + getGroupRequest() { + return this.queryBuilder.groupRequest(this.globalConfig['threat.triage.score.field']); + } + setSearchRequestSize() { - if (this.queryBuilder.groupRequest.groups.length === 0) { + if (this.getGroupRequest().groups.length === 0) { this.queryBuilder.searchRequest.from = this.pagination.from; if (this.tableMetaData.size) { this.pagination.size = this.tableMetaData.size; http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts index 9ac5f6e..06e6075 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts @@ -59,8 +59,9 @@ export class QueryBuilder { this.setSearch(this._searchRequest.query); } - get groupRequest(): GroupRequest { + groupRequest(scoreField): GroupRequest { this._groupRequest.query = this.generateSelect(); + this._groupRequest.scoreField = scoreField; return this._groupRequest; } @@ -143,7 +144,7 @@ export class QueryBuilder { } setGroupby(groups: string[]) { - this.groupRequest.groups = groups.map(groupName => new Group(groupName)); + this._groupRequest.groups = groups.map(groupName => new Group(groupName)); } setSort(sortBy: string, order: string) { http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html index 78410af..ab7072c 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html @@ -16,7 +16,7 @@ <thead> <tr> <th width="15" class="dropdown-cell"> </th> - <th width="55"> <metron-config-sorter [type]="'number'" [sortBy]="threatScoreFieldName"> Score </metron-config-sorter> </th> + <th width="55"> <metron-config-sorter [type]="'number'" [sortBy]="threatScoreFieldName()"> Score </metron-config-sorter> </th> <th *ngFor="let column of alertsColumnsToDisplay" [id]="column.name"> <metron-config-sorter [type]="column.type" [sortBy]="column.name" title="{{column.name}}"> {{ column.name | columnNameTranslate | centerEllipses:15 }}</metron-config-sorter> </th> <th width="20" class="icon-cell"></th> <th width="20" class="icon-cell"></th> @@ -29,9 +29,9 @@ <ng-container *ngIf="!alert.source.metron_alert || alert.source.metron_alert.length === 0"> <tr (click)="showDetails($event, alert)" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1}"> <td width="15" class="icon-cell"></td> - <td (click)="addFilter(threatScoreFieldName, alert.source[threatScoreFieldName])"> - <div appAlertSeverity [severity]="alert.source[threatScoreFieldName]"> - <a> {{ alert.source[threatScoreFieldName] ? alert.source[threatScoreFieldName] : '-' }} </a> + <td (click)="addFilter(threatScoreFieldName(), getScore(alert.source))"> + <div appAlertSeverity [severity]="getScore(alert.source)"> + <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a> </div> </td> <td *ngFor="let column of alertsColumnsToDisplay" #cell> @@ -57,8 +57,8 @@ [ngClass]="{'fa-caret-right': metaAlertsDisplayState[alert.id] === metronAlertDisplayState.COLLAPSE, 'fa-caret-down': metaAlertsDisplayState[alert.id] === metronAlertDisplayState.EXPAND}"> </i> </td> - <td (click)="addFilter(threatScoreFieldName, alert.source[threatScoreFieldName])"> - <span appAlertSeverity [severity]="alert.source[threatScoreFieldName]"> <a> {{ alert.source[threatScoreFieldName] ? alert.source[threatScoreFieldName] : '-' }} </a> </span> + <td (click)="addFilter(threatScoreFieldName(), getScore(alert.source))"> + <span appAlertSeverity [severity]="getScore(alert.source)"> <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a> </span> </td> <td [attr.colspan]="alertsColumnsToDisplay.length - 1"> <a (click)="addFilter('guid', alert.id)" [attr.title]="alert.id" style="color:#689AA9"> {{ alert.source['name'] ? alert.source['name'] : alert.id | centerEllipses:20:cell }}</a> @@ -83,9 +83,9 @@ <tr *ngFor="let metaAlerts of alert.source.metron_alert; let metaAlertIndex = index;" (click)="showMetaAlertDetails($event, metaAlerts)" [ngClass]="{'selected' : selectedAlerts.indexOf(metaAlerts) != -1 , 'd-none': metaAlertsDisplayState[alert.id] === metronAlertDisplayState.COLLAPSE}"> <td width="15" class="icon-cell" class="dropdown-cell"></td> - <td (click)="addFilter(threatScoreFieldName, alert.source[threatScoreFieldName])" style="padding-left: 15px"> - <div appAlertSeverity [severity]="metaAlerts[threatScoreFieldName]"> - <a> {{ metaAlerts[threatScoreFieldName] ? metaAlerts[threatScoreFieldName] : '-' }} </a> + <td (click)="addFilter(threatScoreFieldName(), getScore(alert.source))" style="padding-left: 15px"> + <div appAlertSeverity [severity]="getScore(metaAlerts)"> + <a> {{ hasScore(metaAlerts) ? getScore(metaAlerts) : '-' }} </a> </div> </td> <td *ngFor="let column of alertsColumnsToDisplay"> http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.ts index 411baab..10d5ea8 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.ts @@ -51,8 +51,6 @@ export enum MetronAlertDisplayState { export class TableViewComponent implements OnInit, OnChanges, OnDestroy { - threatScoreFieldName = 'threat:triage:score'; - router: Router; searchService: SearchService; updateService: UpdateService; @@ -120,6 +118,23 @@ export class TableViewComponent implements OnInit, OnChanges, OnDestroy { this.configSubscription.unsubscribe(); } + threatScoreFieldName() { + return this.globalConfig['threat.triage.score.field'] + } + + hasScore(alertSource) { + if(alertSource[this.threatScoreFieldName()]) { + return true; + } + else { + return false; + } + } + + getScore(alertSource) { + return alertSource[this.threatScoreFieldName()]; + } + updateExpandedStateForChangedData(expandedMetaAlerts: string[]) { this.alerts.forEach(alert => { if (alert.source.metron_alert && alert.source.metron_alert.length > 0) { http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.html index 582117e..34c0ad7 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.html @@ -38,7 +38,7 @@ <tr> <th> </th> <th class="table-score-col"> - <metron-config-sorter [type]="'number'" [sortBy]="threatScoreFieldName" [sortOnCol]="group.sortEvent.sortBy" [sortOrder]="group.sortEvent.sortOrder"> Score </metron-config-sorter> + <metron-config-sorter [type]="'number'" [sortBy]="threatScoreFieldName()" [sortOnCol]="group.sortEvent.sortBy" [sortOrder]="group.sortEvent.sortOrder"> Score </metron-config-sorter> </th> <th *ngFor="let column of alertsColumnsToDisplay" [id]="column.name"> <metron-config-sorter [type]="column.type" [sortBy]="column.name" title="{{column.name}}" [sortOnCol]="group.sortEvent.sortBy" [sortOrder]="group.sortEvent.sortOrder"> {{ column.name | columnNameTranslate | centerEllipses:15 }}</metron-config-sorter> @@ -52,9 +52,9 @@ <tbody> <ng-container> <tr *ngFor="let alert of group.response.results" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1, 'd-none': !group.expand || !group.show}" (click)="showDetails($event, alert)"> - <td [attr.colspan]="2" (click)="addFilter(threatScoreFieldName, alert.source[threatScoreFieldName])"> - <div appAlertSeverity [severity]="alert.source[threatScoreFieldName]"> - <a> {{ alert.source[threatScoreFieldName] ? alert.source[threatScoreFieldName] : '-' }}</a> + <td [attr.colspan]="2" (click)="addFilter(threatScoreFieldName(), getScore(alert.source))"> + <div appAlertSeverity [severity]="getScore(alert.source)"> + <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }}</a> </div> </td> <td #cell *ngFor="let column of alertsColumnsToDisplay" [attr.data-name]="column.name"> @@ -90,9 +90,9 @@ </tr> <tr *ngFor="let alert of subGroup.response.results" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1, 'd-none': !subGroup.expand || !subGroup.show}" (click)="showDetails($event, alert)"> - <td [attr.colspan]="2" [ngStyle]="{'padding-left.px': (16 * (subGroup.level -1)) + 23}" (click)="addFilter(threatScoreFieldName, alert.source[threatScoreFieldName])"> - <div appAlertSeverity [severity]="alert.source[threatScoreFieldName]"> - <a> {{ alert.source[threatScoreFieldName] ? alert.source[threatScoreFieldName] : '-' }}</a> + <td [attr.colspan]="2" [ngStyle]="{'padding-left.px': (16 * (subGroup.level -1)) + 23}" (click)="addFilter(threatScoreFieldName(), getScore(alert.source))"> + <div appAlertSeverity [severity]="getScore(alert.source)"> + <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }}</a> </div> </td> <td #cell *ngFor="let column of alertsColumnsToDisplay" [attr.data-name]="column.name"> @@ -118,4 +118,4 @@ </div> </div> </div> -</div> \ No newline at end of file +</div> http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts index 7660783..9a7c78c 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts @@ -121,7 +121,7 @@ export class TreeViewComponent extends TableViewComponent implements OnInit, OnC } getGroups() { - let groupRequest = this.queryBuilder.groupRequest; + let groupRequest = this.getGroupRequest(); groupRequest.query = this.queryBuilder.generateSelect(); this.searchService.groups(groupRequest).subscribe(groupResponse => { @@ -162,7 +162,7 @@ export class TreeViewComponent extends TableViewComponent implements OnInit, OnC } initTopGroups() { - let groupByFields = this.queryBuilder.groupRequest.groups.map(group => group.field); + let groupByFields = this.getGroupRequest().groups.map(group => group.field); let currentTopGroupKeys = this.groupResponse.groupResults.map(groupResult => groupResult.key); let previousTopGroupKeys = this.topGroups.map(group => group.key); @@ -392,7 +392,7 @@ export class TreeViewComponent extends TableViewComponent implements OnInit, OnC if (this.canCreateMetaAlert(searchResponse.total)) { let metaAlert = new MetaAlertCreateRequest(); metaAlert.alerts = this.createGetRequestArray(searchResponse); - metaAlert.groups = this.queryBuilder.groupRequest.groups.map(grp => grp.field); + metaAlert.groups = this.getGroupRequest().groups.map(grp => grp.field); this.metaAlertService.create(metaAlert).subscribe(() => { setTimeout(() => this.onRefreshData.emit(true), 1000); @@ -402,6 +402,27 @@ export class TreeViewComponent extends TableViewComponent implements OnInit, OnC }); } + hasScore(alertSource) { + if(alertSource[this.threatScoreFieldName()]) { + return true; + } + else { + return false; + } + } + + getScore(alertSource) { + return alertSource[this.threatScoreFieldName()]; + } + + threatScoreFieldName() { + return this.globalConfig['threat.triage.score.field']; + } + + getGroupRequest() { + return this.queryBuilder.groupRequest(this.threatScoreFieldName()); + } + createMetaAlert($event, group: TreeGroupData, index: number) { if (this.canCreateMetaAlert(group.total)) { let confirmationMsg = 'Do you wish to create a meta alert with ' + http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html b/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html index 46b1d7d..a9298e0 100644 --- a/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.html @@ -33,7 +33,7 @@ </label> </div> <div class="col-11 px-0"> - <span class="severity" appAlertSeverity [severity]="alert.source['threat:triage:score']"></span><sup> {{ alert.source['threat:triage:score'] }} </sup> + <span class="severity" appAlertSeverity [severity]="getScore(alert)"></span><sup> {{ getScore(alert) }} </sup> <div class="px-0 guid-name-container"> <div [ngClass]="{'selected': selectedMetaAlert===alert.source.guid}"> {{(alert.source.name && alert.source.name.length > 0) ? alert.source.name : alert.source.guid | centerEllipses:20 }} ({{ alert.source.alert.length }})</div> <span class="pull-left sub-text"> {{ (alert.source.alert_status && alert.source.alert_status.length > 0) ? alert.source.alert_status : 'NEW' }} </span> http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts b/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts index 762d56c..c1997b6 100644 --- a/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/meta-alerts/meta-alerts.component.ts @@ -63,18 +63,23 @@ export class MetaAlertsComponent implements OnInit, OnDestroy { searchRequest.size = 999; searchRequest.facetFields = []; searchRequest.indices = [META_ALERTS_SENSOR_TYPE]; - searchRequest.sort = [new SortField('threat:triage:score', 'desc')]; - - this.searchService.search(searchRequest).subscribe(resp => this.searchResponse = resp); this.configSubscription = this.globalConfigService.get().subscribe((config: {}) => { this.globalConfig = config; }); + + searchRequest.sort = [new SortField(this.globalConfig['threat.triage.score.field'], 'desc')]; + + this.searchService.search(searchRequest).subscribe(resp => this.searchResponse = resp); } ngOnDestroy() { this.configSubscription.unsubscribe(); } + getScore(alert) { + return alert.source[this.globalConfig['threat.triage.score.field']]; + } + addAlertToMetaAlert() { let getRequest = this.metaAlertService.selectedAlerts.map(alert => new GetRequest(alert.source.guid, alert.source[this.globalConfig['source.type.field']], alert.index)); http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/model/group-request.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/model/group-request.ts b/metron-interface/metron-alerts/src/app/model/group-request.ts index cdd52c3..760a550 100644 --- a/metron-interface/metron-alerts/src/app/model/group-request.ts +++ b/metron-interface/metron-alerts/src/app/model/group-request.ts @@ -21,6 +21,6 @@ import {INDEXES} from '../utils/constants'; export class GroupRequest { indices: string[] = INDEXES; query: string; - scoreField = 'threat:triage:score'; + scoreField: string; groups: Group[] = []; } http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/service/global-config.service.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/service/global-config.service.ts b/metron-interface/metron-alerts/src/app/service/global-config.service.ts index b84cd42..c80d65a 100644 --- a/metron-interface/metron-alerts/src/app/service/global-config.service.ts +++ b/metron-interface/metron-alerts/src/app/service/global-config.service.ts @@ -33,15 +33,23 @@ export class GlobalConfigService { return this.http.get(this.url , new RequestOptions({headers: new Headers(this.defaultHeaders)})) .map((res: Response): any => { let body = res.json(); - let globalConfig = this.setDefaultSourceType(body); + let globalConfig = this.setDefaults(body); return globalConfig || {}; }) .catch(HttpUtil.handleError); } - private setDefaultSourceType(globalConfig) { - if(!globalConfig['source.type.field']) { - return Object.assign({}, globalConfig, {'source.type.field': 'source:type'}); + private setDefaults(globalConfig) { + let missingSourceTypeField = !globalConfig['source.type.field']; + let missingThreatScoreField = !globalConfig['threat.triage.score.field']; + if(missingSourceTypeField || missingThreatScoreField) { + let sourceTypeField = missingSourceTypeField?'source:type':globalConfig['source.type.field']; + let threatScoreField = missingThreatScoreField?'threat:triage:score':globalConfig['threat.triage.score.field']; + return Object.assign({}, globalConfig, + {'source.type.field': sourceTypeField + , 'threat.triage.score.field' : threatScoreField + } + ); } else { return globalConfig; } http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-interface/metron-alerts/src/app/utils/constants.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/utils/constants.ts b/metron-interface/metron-alerts/src/app/utils/constants.ts index b7a9298..ea50b14 100644 --- a/metron-interface/metron-alerts/src/app/utils/constants.ts +++ b/metron-interface/metron-alerts/src/app/utils/constants.ts @@ -27,7 +27,6 @@ export const ALERTS_SAVED_SEARCH = 'metron-alerts-saved-search'; export const ALERTS_TABLE_METADATA = 'metron-alerts-table-metadata'; export const ALERTS_COLUMN_NAMES = 'metron-alerts-column-names'; -export let THREAT_SCORE_FIELD_NAME = 'threat:triage:score'; export let TIMESTAMP_FIELD_NAME = 'timestamp'; export let ALL_TIME = 'all-time'; @@ -37,4 +36,4 @@ export let CUSTOMM_DATE_RANGE_LABEL = 'Date Range'; export let TREE_SUB_GROUP_SIZE = 5; export let INDEXES = environment.indices ? environment.indices.split(',') : []; -export let MAX_ALERTS_IN_META_ALERTS = 350; \ No newline at end of file +export let MAX_ALERTS_IN_META_ALERTS = 350; http://git-wip-us.apache.org/repos/asf/metron/blob/b081e80c/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java index adc1a27..933fa2a 100644 --- a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java +++ b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java @@ -44,6 +44,8 @@ import java.util.Map; import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; + +import com.google.common.collect.ImmutableList; import org.adrianwalker.multilinestring.Multiline; import org.apache.metron.common.Constants; import org.apache.metron.common.utils.JSONUtils;
