fix nil pointer in soc ai

Author: Kbayero

installer/updater/window.go

@@ -27,7 +27,6 @@ func UpdateWindowConfig() {
 
 func IsInMaintenanceWindow() bool {
 	if windowConfig == "" {
-		config.Logger().Info("Maintenance window config not set in backend, presuming 24/7 maintenance window")
 		return true
 	}
 

plugins/soc-ai/alert.go

@@ -35,18 +35,20 @@ func cleanAlerts(alert schema.AlertFields) schema.AlertFields {
 
 		if alert.LastEvent.Log != nil {
 			for key, val := range alert.LastEvent.Log {
-				if val == nil || val.GetKind() == nil || val.GetKind().(*structpb.Value_StringValue) == nil {
+				switch v := val.Kind.(type) {
+				case *structpb.Value_StringValue:
+					original := v.StringValue
+					cleaned := original
+					for _, pattern := range configurations.SensitivePatterns {
+						re := regexp.MustCompile(pattern.Regexp)
+						cleaned = re.ReplaceAllString(cleaned, pattern.FakeValue)
+					}
+					if cleaned != original {
+						alert.LastEvent.Log[key] = structpb.NewStringValue(cleaned)
+					}
+				default:
 					continue
 				}
-				original := val.GetStringValue()
-				cleaned := original
-				for _, pattern := range configurations.SensitivePatterns {
-					re := regexp.MustCompile(pattern.Regexp)
-					cleaned = re.ReplaceAllString(cleaned, pattern.FakeValue)
-				}
-				if cleaned != original {
-					alert.LastEvent.Log[key] = structpb.NewStringValue(cleaned)
-				}
 			}
 		}
 	}

plugins/soc-ai/configurations/config.go

@@ -20,6 +20,7 @@ var (
 type Config struct {
 	Backend                   string
 	InternalKey               string
+	Openseach                 string
 	APIKey                    string
 	ChangeAlertStatus         bool
 	AutomaticIncidentCreation bool
@@ -51,12 +52,11 @@ func UpdateGPTConfigurations() {
 		os.Exit(1)
 	}
 
-	internalKey := pluginConfig.Get("internalKey").String()
-	backendUrl := pluginConfig.Get("backend").String()
-	config.Backend = backendUrl
-	config.InternalKey = internalKey
+	config.Backend = pluginConfig.Get("internalKey").String()
+	config.InternalKey = pluginConfig.Get("backend").String()
+	config.Openseach = pluginConfig.Get("opensearch").String()
 
-	client := moduleConf.NewUTMClient(internalKey, backendUrl)
+	client := moduleConf.NewUTMClient(config.InternalKey, config.Backend)
 
 	for {
 		if err := utils.ConnectionChecker(GPT_API_ENDPOINT); err != nil {

plugins/soc-ai/configurations/const.go

@@ -1,14 +1,6 @@
 package configurations
 
-import (
-	"path/filepath"
-
-	"github.com/utmstack/UTMStack/plugins/soc-ai/utils"
-)
-
 const (
-	SOC_AI_SERVER_PORT                  = "8080"
-	SOC_AI_SERVER_ENDPOINT              = "/process"
 	API_ALERT_ENDPOINT                  = "/api/elasticsearch/search"
 	API_ALERT_STATUS_ENDPOINT           = "/api/utm-alerts/status"
 	API_INCIDENT_ENDPOINT               = "/api/utm-incidents"
@@ -65,16 +57,3 @@ var (
 	GPT_FALSE_POSITIVE  = "This alert is categorized as a potential false positive due to two key factors. Firstly, it originates from an automated system, which may occasionally produce alerts without direct human validation. Additionally, the absence of any correlated logs further raises suspicion, as a genuine incident typically leaves a trail of relevant log entries. Hence, the combination of its system-generated nature and the lack of associated logs suggests a likelihood of being a false positive rather than a genuine security incident."
 	CORRELATION_CONTEXT = "\n\nThe current alert has historical correlation with previous alerts:\n%s"
 )
-
-func GetOpenSearchHost() string {
-	return "http://" + utils.Getenv("OPENSEARCH_HOST", true)
-}
-
-func GetOpenSearchPort() string {
-	return utils.Getenv("OPENSEARCH_PORT", true)
-}
-
-func GetAlertsDBPath() string {
-	path, _ := utils.GetMyPath()
-	return filepath.Join(path, "database", "alerts.sqlite3")
-}

plugins/soc-ai/elastic/index.go

@@ -19,7 +19,7 @@ func ElasticQuery(index string, query interface{}, op string) error {
 	case "update":
 		endp = configurations.ELASTIC_UPDATE_BY_QUERY_ENDPOINT
 	}
-	url := configurations.GetOpenSearchHost() + ":" + configurations.GetOpenSearchPort() + "/" + index + endp
+	url := fmt.Sprintf("%s/%s%s", configurations.GetConfig().Openseach, index, endp)
 	headers := map[string]string{
 		"Content-Type": "application/json",
 	}
@@ -78,7 +78,7 @@ func IndexStatus(id, status, op string) error {
 }
 
 func CreateIndexIfNotExist(index string) error {
-	url := configurations.GetOpenSearchHost() + ":" + configurations.GetOpenSearchPort() + "/" + index
+	url := fmt.Sprintf("%s/%s", configurations.GetConfig().Openseach, index)
 	headers := map[string]string{
 		"Content-Type": "application/json",
 	}