Merge remote-tracking branch 'origin/release/v11.2.1' into release/v11.2.1

Author: mjabascal10

frontend/src/app/app-management/layout/app-management-sidebar/app-management-sidebar.component.html

@@ -49,15 +49,15 @@
           </span>
     </a>
 
-    <a class="list-group-item"
+   <!-- <a class="list-group-item"
        *appHasAnyAuthority="adminAuth"
        routerLink="/app-management/settings/user-access-audit"
        routerLinkActive="router-link-active">
       <span class="font-weight-semibold">
         <i class="icon-user-block font-size-sm"></i>&nbsp;
        User access audit
       </span>
-    </a>
+    </a>-->
     <ng-container *ngIf="!inSass">
       <a *appHasAnyAuthority="adminAuth"
          class="list-group-item"
@@ -88,14 +88,14 @@
        Health checks
       </span>
     </a>
-    <a *appHasAnyAuthority="adminAuth"
+    <!--<a *appHasAnyAuthority="adminAuth"
        class="list-group-item"
        routerLink="/app-management/settings/app-logs"
        routerLinkActive="router-link-active">
           <span class="font-weight-semibold">
              <i class="icon-meter-slow font-size-sm"></i>&nbsp;
            Application logs</span>
-    </a>
+    </a>-->
     <a *appHasAnyAuthority="adminAuth"
        class="list-group-item"
        routerLink="/app-management/settings/application-theme"

frontend/src/app/rule-management/app-rule/components/add-rule/add-rule.component.html

@@ -221,8 +221,11 @@
 
       <div [hidden]="currentStep != RULE_FORM.STEP2">
         <div class="row mb-3">
-          <div class="col-12">
-            <app-deduplicate-fields [rule]="rule" [formGroup]="ruleForm"></app-deduplicate-fields>
+          <div class="col-6">
+            <app-fields-selector [controlName]="'deduplicateBy'" [rule]="rule" [formGroup]="ruleForm"></app-fields-selector>
+          </div>
+          <div class="col-6">
+            <app-fields-selector [controlName]="'groupBy'" [rule]="rule" [formGroup]="ruleForm"></app-fields-selector>
           </div>
         </div>
         <div class="w-100 alert alert-info alert-styled-right mb-3">

frontend/src/app/rule-management/app-rule/components/add-rule/add-rule.component.ts

@@ -174,6 +174,7 @@ export class AddRuleComponent implements OnInit, OnDestroy {
       definition: [rule ? rule.definition : '', [Validators.required, minWordsValidator(2, 3)]],
       systemOwner: [rule ? rule.systemOwner : false],
       deduplicateBy: [rule ? rule.deduplicateBy || [] : []],
+      groupBy: [rule ? rule.groupBy || [] : []],
       afterEvents: this.fb.array(
         rule && rule.afterEvents && rule.afterEvents.length
           ? rule.afterEvents.map(event => this.buildSearchRequest(event))

…-fields/deduplicate-fields.component.css …s-selector/fields-selector.component.cssfrontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.css renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.css frontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.css renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.css

@@ -1,8 +1,8 @@
 <div class="form-group-select">
-  <label>Deduplicated by:</label>
+  <label> {{ controlName && controlName === 'deduplicateBy' ? 'Deduplicated by:' : 'GroupBy:'}}</label>
   <div [formGroup]="formGroup" class="p-2">
     <ng-select
-      formControlName="deduplicateBy"
+      [formControlName]="controlName"
       [items]="fields$ | async"
       bindLabel="name"
       [multiple]="true"

…fields/deduplicate-fields.component.html …-selector/fields-selector.component.htmlfrontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.html renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.html frontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.html renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.html

@@ -3,20 +3,21 @@ import {FormGroup} from '@angular/forms';
 import {Observable, of} from 'rxjs';
 import {catchError, map} from 'rxjs/operators';
 import {UtmToastService} from '../../../../shared/alert/utm-toast.service';
-import {ALERT_INDEX_PATTERN} from '../../../../shared/constants/main-index-pattern.constant';
+import {ALERT_INDEX_PATTERN, LOG_INDEX_PATTERN} from '../../../../shared/constants/main-index-pattern.constant';
 import {FieldDataService} from '../../../../shared/services/elasticsearch/field-data.service';
 import {ElasticSearchFieldInfoType} from '../../../../shared/types/elasticsearch/elastic-search-field-info.type';
 import {Rule} from '../../../models/rule.model';
 
 
 @Component({
-  selector: 'app-deduplicate-fields',
-  templateUrl: './deduplicate-fields.component.html',
-  styleUrls: ['./deduplicate-fields.component.css']
+  selector: 'app-fields-selector',
+  templateUrl: './fields-selector.component.html',
+  styleUrls: ['./fields-selector.component.css']
 })
-export class DeduplicateFieldsComponent implements OnInit {
+export class FieldsSelectorComponent implements OnInit {
   @Input() formGroup: FormGroup;
   @Input() rule: Rule;
+  @Input() controlName: 'groupBy' | 'deduplicateBy';
 
   fields$: Observable<ElasticSearchFieldInfoType[]>;
   operators =  [
@@ -28,7 +29,7 @@ export class DeduplicateFieldsComponent implements OnInit {
               private fieldDataService: FieldDataService) { }
 
   ngOnInit() {
-    this.fields$ = this.fieldDataService.getFields(ALERT_INDEX_PATTERN).pipe(
+    this.fields$ = this.fieldDataService.getFields(LOG_INDEX_PATTERN).pipe(
       map((fields) => fields || []),
       catchError((error) => {
         this.toastService.showError('Error', 'Failed to load fields');

…e-fields/deduplicate-fields.component.ts …ds-selector/fields-selector.component.tsfrontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.ts renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.ts frontend/src/app/rule-management/app-rule/components/deduplicate-fields/deduplicate-fields.component.ts renamed to frontend/src/app/rule-management/app-rule/components/fields-selector/fields-selector.component.ts

@@ -160,7 +160,6 @@ export class ImportRuleComponent implements OnInit, OnDestroy {
             };
             const {isValid, errors} = this.importRuleService.isValidRule(rule);
 
-            // move null fields (required and not sended) upper than others
             Object.keys(rule).forEach(key => {
               if (rule[key] === null) {
                 rule = {[key]: null, ...rule};

frontend/src/app/rule-management/app-rule/components/import-rules/import-rule.component.ts

@@ -14,7 +14,7 @@ export class ImportRuleService {
   }
 
   private minWordsCheck(value: string, min: number, minLengthPerWord: number): boolean {
-    if (!value) return false;
+    if (!value) { return false; }
     const words = value.trim().split(/\s+/).filter(word => word.length >= minLengthPerWord);
     return words.length >= min;
 
@@ -29,150 +29,151 @@ export class ImportRuleService {
 
     // dataTypes
     if (!Array.isArray(obj.dataTypes) || obj.dataTypes.length === 0) {
-      if(!obj.dataTypes){
-        obj.dataTypes=null
+      if (!obj.dataTypes) {
+        obj.dataTypes = null;
       }
-      errors['dataTypes'] = ['dataTypes are required'];
+      errors.dataTypes = ['dataTypes are required'];
     }
 
     // name
     if (typeof obj.name !== 'string' || obj.name.trim() === '') {
 
-      if(!obj.name){
-        obj.name=null
+      if (!obj.name) {
+        obj.name = null;
       }
-      errors['name'] = ['Name is required'];
+      errors.name = ['Name is required'];
     } else if (!this.minWordsCheck(obj.name, 2, 3)) {
-      errors['name'] = ['Name must contain between 2 and 3 words'];
+      errors.name = ['Name must contain between 2 and 3 words'];
     }
 
     // adversary
     if (typeof obj.adversary !== 'string' || obj.adversary.trim() === '') {
-      if(!obj.adversary){
-        obj.adversary=null
+      if (!obj.adversary) {
+        obj.adversary = null;
       }
-      errors['adversary'] = ['Adversary is required'];
-    }else if(!['origin','target'].includes(obj.adversary) ){
-      errors['adversary'] = ['Adversary must be one of these: "origin", "target"'];
+      errors.adversary = ['Adversary is required'];
+    } else if (!['origin', 'target'].includes(obj.adversary) ) {
+      errors.adversary = ['Adversary must be one of these: "origin", "target"'];
     }
 
     // confidentiality
     if (typeof obj.confidentiality !== 'number') {
-      if(!obj.confidentiality){
-        obj.confidentiality=null
-      errors['confidentiality'] = ['Confidentiality is required'];
-      }else{
-      errors['confidentiality'] = ['Confidentiality must be a number'];
+      if (!obj.confidentiality) {
+        obj.confidentiality = null;
+        errors.confidentiality = ['Confidentiality is required'];
+      } else {
+      errors.confidentiality = ['Confidentiality must be a number'];
       }
     } else if (obj.confidentiality < 0 || obj.confidentiality > 3) {
-      errors['confidentiality'] = ['Confidentiality must be between 0 and 3'];
+      errors.confidentiality = ['Confidentiality must be between 0 and 3'];
     }
 
     // integrity
     if (typeof obj.integrity !== 'number') {
-      if(!obj.integrity){
-        obj.integrity=null
-      errors['integrity'] = ['Integrity is required'];
-      }else{
-      errors['integrity'] = ['Integrity must be a number'];
+      if (!obj.integrity) {
+        obj.integrity = null;
+        errors.integrity = ['Integrity is required'];
+      } else {
+      errors.integrity = ['Integrity must be a number'];
       }
     } else if (obj.integrity < 0 || obj.integrity > 3) {
-      errors['integrity'] = ['Integrity must be between 0 and 3'];
+      errors.integrity = ['Integrity must be between 0 and 3'];
     }
 
     // availability
     if (typeof obj.availability !== 'number') {
 
-      if(!obj.availability){
-        obj.availability=null
-      errors['availability'] = ['Availability is required'];
-      }else{
-      errors['availability'] = ['Availability must be a number'];
+      if (!obj.availability) {
+        obj.availability = null;
+        errors.availability = ['Availability is required'];
+      } else {
+      errors.availability = ['Availability must be a number'];
       }
     } else if (obj.availability < 0 || obj.availability > 3) {
-      errors['availability'] = ['Availability must be between 0 and 3'];
+      errors.availability = ['Availability must be between 0 and 3'];
     }
 
     // category
     if (typeof obj.category !== 'string' || obj.category.trim() === '') {
 
-      if(!obj.category){
-        obj.category=null
+      if (!obj.category) {
+        obj.category = null;
       }
-      errors['category'] = ['Category is required'];
+      errors.category = ['Category is required'];
     } else if (!this.minWordsCheck(obj.category, 1, 3)) {
-      errors['category'] = ['Category must contain between 1 and 3 words'];
+      errors.category = ['Category must contain between 1 and 3 words'];
     }
 
     // technique
     if (typeof obj.technique !== 'string' || obj.technique.trim() === '') {
 
-      if(!obj.technique){
-        obj.technique=null
+      if (!obj.technique) {
+        obj.technique = null;
       }
-      errors['technique'] = ['Technique is required'];
+      errors.technique = ['Technique is required'];
     } else if (!this.minWordsCheck(obj.technique, 1, 3)) {
-      errors['technique'] = ['Technique must contain between 1 and 3 words'];
+      errors.technique = ['Technique must contain between 1 and 3 words'];
     }
 
     // description
     if (typeof obj.description !== 'string' || obj.description.trim() === '') {
-      if(!obj.description){
-        obj={description:null,...obj}
+      if (!obj.description) {
+        obj = {description: null, ...obj};
       }
-      errors['description'] = ['Description is required'];
+      errors.description = ['Description is required'];
     } else if (!this.minWordsCheck(obj.description, 2, 3)) {
-      errors['description'] = ['Description must contain between 2 and 3 words'];
+      errors.description = ['Description must contain between 2 and 3 words'];
     }
 
     // definition
     if (typeof obj.definition !== 'string' || obj.definition.trim() === '') {
-      if(!obj.definition){
-        obj.definition=null
+      if (!obj.definition) {
+        obj.definition = null;
       }
-      errors['definition'] = ['Definition is required'];
+      errors.definition = ['Definition is required'];
     } else if (!this.minWordsCheck(obj.definition, 2, 3)) {
-      errors['definition'] = ['Definition must contain between 2 and 3 words'];
+      errors.definition = ['Definition must contain between 2 and 3 words'];
     }
 
     // references
     if (!Array.isArray(obj.references)) {
-      if(!obj.references){
-        obj.references=null
-        errors['references'] = ['References is required'];
-      }else{
-        errors['references'] = ['References must be an array'];
+      if (!obj.references) {
+        obj.references = null;
+        errors.references = ['References is required'];
+      } else {
+        errors.references = ['References must be an array'];
       }
     } else {
       const invalidRefs = obj.references.filter((ref: any) => typeof ref !== 'string' || !this.isValidURL(ref));
       if (invalidRefs.length > 0) {
-        errors['references'] = ['All references must be valid URLs'];
+        errors.references = ['All references must be valid URLs'];
       }
     }
 
 
     const allowedFields = [
-      "id",
-      "dataTypes",
-      "impact",
-      "where",
-      "afterEvents",
-      "name",
-      "adversary",
-      "confidentiality",
-      "integrity",
-      "availability",
+      'id',
+      'dataTypes',
+      'impact',
+      'where',
+      'afterEvents',
+      'name',
+      'adversary',
+      'confidentiality',
+      'integrity',
+      'availability',
       'references',
-      "category",
-      "technique",
-      "description",
-      "definition",
-      "systemOwner",
-      "deduplicateBy"
+      'category',
+      'technique',
+      'description',
+      'definition',
+      'systemOwner',
+      'deduplicateBy',
+      'groupBy'
     ];
 
-    Object.keys(obj).filter(key=>!allowedFields.includes(key)).forEach(key=>{
-      errors[key]=[`uknowed field: ${key}`]
+    Object.keys(obj).filter(key => !allowedFields.includes(key)).forEach(key => {
+      errors[key] = [`uknowed field: ${key}`];
     });
 
 

frontend/src/app/rule-management/app-rule/components/import-rules/import-rule.service.ts

@@ -74,6 +74,7 @@ export interface Rule {
     isLoading: boolean;
     afterEvents: SearchRequest[];
     deduplicateBy?: string[];
+    groupBy?: string[];
 }
 
 export interface Expression {

frontend/src/app/rule-management/models/rule.model.ts

@@ -29,7 +29,7 @@ import {AppRuleComponent} from './app-rule/app-rule.component';
 import {AddAfterEventComponent} from './app-rule/components/add-after-event/add-after-event.component';
 import {AddRuleComponent} from './app-rule/components/add-rule/add-rule.component';
 import {AddVariableComponent} from './app-rule/components/add-variable/add-variable.component';
-import {DeduplicateFieldsComponent} from './app-rule/components/deduplicate-fields/deduplicate-fields.component';
+import {FieldsSelectorComponent} from './app-rule/components/fields-selector/fields-selector.component';
 import {ExpressionConsoleComponent} from './app-rule/components/expression-console/expression-console.component';
 import {ImportRuleComponent} from './app-rule/components/import-rules/import-rule.component';
 import {ImportRuleService} from './app-rule/components/import-rules/import-rule.service';
@@ -71,7 +71,7 @@ import {RuleDetailComponent} from "./app-rule/components/rule-list/components/ru
       AddReferenceComponent,
       AddVariableComponent,
       AddAfterEventComponent,
-      DeduplicateFieldsComponent,
+      FieldsSelectorComponent,
       ExpressionConsoleComponent,
       RuleDetailComponent