Skip to content

Commit 42cbfc8

Browse files
mjabascal10mjabascal10
committed
feat: introduce v11 alert fields for action terminal component
1 parent 29b52f1 commit 42cbfc8

2 files changed

Lines changed: 302 additions & 2 deletions

File tree

frontend/src/app/incident-response/shared/component/action-terminal/action-terminal.component.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import {Component, Input, OnInit} from '@angular/core';
22
import {FormBuilder, FormGroup, Validators} from '@angular/forms';
33
import {NgbActiveModal } from '@ng-bootstrap/ng-bootstrap';
4-
import {ALERT_FIELDS, INCIDENT_AUTOMATION_ALERT_FIELDS} from '../../../../shared/constants/alert/alert-field.constant';
4+
import {V11_ALERT_FIELDS} from '../../../../shared/constants/alert/v11-alert-fields.constants';
55

66
@Component({
77
selector: 'app-action-terminal',
@@ -11,7 +11,7 @@ import {ALERT_FIELDS, INCIDENT_AUTOMATION_ALERT_FIELDS} from '../../../../shared
1111
export class ActionTerminalComponent implements OnInit {
1212
@Input() action: any;
1313
form: FormGroup;
14-
alertFields = ALERT_FIELDS;
14+
alertFields = V11_ALERT_FIELDS;
1515
command: any;
1616

1717
constructor(public activeModal: NgbActiveModal,

frontend/src/app/shared/constants/alert/v11-alert-fields.constants.ts

Lines changed: 300 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,300 @@
1+
import {UtmFieldType} from '../../types/table/utm-field.type';
2+
import {
3+
ALERT_CASE_ID_FIELD,
4+
ALERT_CATEGORY_FIELD,
5+
ALERT_FIELDS,
6+
ALERT_GENERATED_BY_FIELD,
7+
ALERT_IMPACT_AVAILABILITY_FIELD,
8+
ALERT_IMPACT_CONFIDENTIALITY_FIELD, ALERT_IMPACT_INTEGRITY_FIELD,
9+
ALERT_INCIDENT_NAME_FIELD,
10+
ALERT_NAME_FIELD,
11+
ALERT_PROTOCOL_FIELD,
12+
ALERT_SENSOR_FIELD,
13+
ALERT_SEVERITY_FIELD_LABEL,
14+
ALERT_TAGS_FIELD,
15+
ALERT_TIMESTAMP_FIELD
16+
} from './alert-field.constant';
17+
import { ElasticDataTypesEnum } from '../../enums/elastic-data-types.enum';
18+
19+
// TARGET
20+
export const ALERT_TARGET_IP_FIELD = 'target.ip';
21+
export const ALERT_TARGET_BYTES_SENT_FIELD = 'target.bytesSent';
22+
export const ALERT_TARGET_BYTES_RECEIVED_FIELD = 'target.bytesReceived';
23+
export const ALERT_TARGET_PACKAGES_SENT_FIELD = 'target.packagesSent';
24+
export const ALERT_TARGET_PACKAGES_RECEIVED_FIELD = 'target.packagesReceived';
25+
export const ALERT_TARGET_URL_FIELD = 'target.url';
26+
export const ALERT_TARGET_DOMAIN_FIELD = 'target.domain';
27+
export const ALERT_TARGET_PORT_FIELD = 'target.port';
28+
export const ALERT_TARGET_CIDR_FIELD = 'target.cidr';
29+
export const ALERT_TARGET_MAC_FIELD = 'target.mac';
30+
export const ALERT_TARGET_HOST_FIELD = 'target.host';
31+
export const ALERT_TARGET_USER_FIELD = 'target.user';
32+
export const ALERT_TARGET_GROUP_FIELD = 'target.group';
33+
34+
// Geolocation
35+
export const ALERT_TARGET_GEOLOCATION_COUNTRY_FIELD = 'target.geolocation.country';
36+
export const ALERT_TARGET_GEOLOCATION_CITY_FIELD = 'target.geolocation.city';
37+
export const ALERT_TARGET_GEOLOCATION_LATITUDE_FIELD = 'target.geolocation.latitude';
38+
export const ALERT_TARGET_GEOLOCATION_LONGITUDE_FIELD = 'target.geolocation.longitude';
39+
export const ALERT_TARGET_GEOLOCATION_ASN_FIELD = 'target.geolocation.asn';
40+
export const ALERT_TARGET_GEOLOCATION_ASO_FIELD = 'target.geolocation.aso';
41+
export const ALERT_TARGET_GEOLOCATION_COUNTRY_CODE_FIELD = 'target.geolocation.countryCode';
42+
export const ALERT_TARGET_GEOLOCATION_ACCURACY_FIELD = 'target.geolocation.accuracy';
43+
44+
// Certificates & Fingerprints
45+
export const ALERT_TARGET_CERTIFICATE_FINGERPRINT_FIELD = 'target.certificateFingerprint';
46+
export const ALERT_TARGET_JA3_FINGERPRINT_FIELD = 'target.ja3Fingerprint';
47+
export const ALERT_TARGET_JARM_FINGERPRINT_FIELD = 'target.jarmFingerprint';
48+
export const ALERT_TARGET_SSH_BANNER_FIELD = 'target.sshBanner';
49+
export const ALERT_TARGET_SSH_FINGERPRINT_FIELD = 'target.sshFingerprint';
50+
51+
// Web & Email
52+
export const ALERT_TARGET_COOKIE_FIELD = 'target.cookie';
53+
export const ALERT_TARGET_JABBER_ID_FIELD = 'target.jabberId';
54+
export const ALERT_TARGET_EMAIL_FIELD = 'target.email';
55+
export const ALERT_TARGET_DKIM_FIELD = 'target.dkim';
56+
export const ALERT_TARGET_DKIM_SIGNATURE_FIELD = 'target.dkimSignature';
57+
export const ALERT_TARGET_EMAIL_ADDRESS_FIELD = 'target.emailAddress';
58+
export const ALERT_TARGET_EMAIL_BODY_FIELD = 'target.emailBody';
59+
export const ALERT_TARGET_EMAIL_DISPLAY_NAME_FIELD = 'target.emailDisplayName';
60+
export const ALERT_TARGET_EMAIL_SUBJECT_FIELD = 'target.emailSubject';
61+
export const ALERT_TARGET_EMAIL_THREAD_INDEX_FIELD = 'target.emailThreadIndex';
62+
export const ALERT_TARGET_EMAIL_XMAILER_FIELD = 'target.emailXMailer';
63+
64+
// WHOIS
65+
export const ALERT_TARGET_WHOIS_REGISTRANT_FIELD = 'target.whoisRegistrant';
66+
export const ALERT_TARGET_WHOIS_REGISTRAR_FIELD = 'target.whoisRegistrar';
67+
68+
// Process
69+
export const ALERT_TARGET_PROCESS_FIELD = 'target.process';
70+
export const ALERT_TARGET_PROCESS_STATE_FIELD = 'target.processState';
71+
export const ALERT_TARGET_COMMAND_FIELD = 'target.command';
72+
export const ALERT_TARGET_WINDOWS_SCHEDULED_TASK_FIELD = 'target.windowsScheduledTask';
73+
export const ALERT_TARGET_WINDOWS_SERVICE_DISPLAY_NAME_FIELD = 'target.windowsServiceDisplayName';
74+
export const ALERT_TARGET_WINDOWS_SERVICE_NAME_FIELD = 'target.windowsServiceName';
75+
76+
// File
77+
export const ALERT_TARGET_FILE_FIELD = 'target.file';
78+
export const ALERT_TARGET_PATH_FIELD = 'target.path';
79+
export const ALERT_TARGET_FILENAME_FIELD = 'target.filename';
80+
export const ALERT_TARGET_SIZE_IN_BYTES_FIELD = 'target.sizeInBytes';
81+
export const ALERT_TARGET_MIME_TYPE_FIELD = 'target.mimeType';
82+
83+
// Hashes
84+
export const ALERT_TARGET_HASH_FIELD = 'target.hash';
85+
export const ALERT_TARGET_AUTHENTIHASH_FIELD = 'target.authentihash';
86+
export const ALERT_TARGET_CDHASH_FIELD = 'target.cdhash';
87+
export const ALERT_TARGET_MD5_FIELD = 'target.md5';
88+
export const ALERT_TARGET_SHA1_FIELD = 'target.sha1';
89+
export const ALERT_TARGET_SHA224_FIELD = 'target.sha224';
90+
export const ALERT_TARGET_SHA256_FIELD = 'target.sha256';
91+
export const ALERT_TARGET_SHA384_FIELD = 'target.sha384';
92+
export const ALERT_TARGET_SHA3224_FIELD = 'target.sha3224';
93+
export const ALERT_TARGET_SHA3256_FIELD = 'target.sha3256';
94+
export const ALERT_TARGET_SHA3384_FIELD = 'target.sha3384';
95+
export const ALERT_TARGET_SHA3512_FIELD = 'target.sha3512';
96+
export const ALERT_TARGET_SHA512_FIELD = 'target.sha512';
97+
export const ALERT_TARGET_SHA512224_FIELD = 'target.sha512224';
98+
export const ALERT_TARGET_SHA512256_FIELD = 'target.sha512256';
99+
export const ALERT_TARGET_HEX_FIELD = 'target.hex';
100+
export const ALERT_TARGET_BASE64_FIELD = 'target.base64';
101+
102+
// System & Vulnerability
103+
export const ALERT_TARGET_OPERATING_SYSTEM_FIELD = 'target.operatingSystem';
104+
export const ALERT_TARGET_CHROME_EXTENSION_FIELD = 'target.chromeExtension';
105+
export const ALERT_TARGET_MOBILE_APP_ID_FIELD = 'target.mobileAppId';
106+
export const ALERT_TARGET_CPE_FIELD = 'target.cpe';
107+
export const ALERT_TARGET_CVE_FIELD = 'target.cve';
108+
109+
// Malware
110+
export const ALERT_TARGET_MALWARE_FIELD = 'target.malware';
111+
export const ALERT_TARGET_MALWARE_FAMILY_FIELD = 'target.malwareFamily';
112+
export const ALERT_TARGET_MALWARE_TYPE_FIELD = 'target.malwareType';
113+
114+
// Keys
115+
export const ALERT_TARGET_PGP_PRIVATE_KEY_FIELD = 'target.pgpPrivateKey';
116+
export const ALERT_TARGET_PGP_PUBLIC_KEY_FIELD = 'target.pgpPublicKey';
117+
118+
// Resources
119+
export const ALERT_TARGET_CONNECTIONS_FIELD = 'target.connections';
120+
export const ALERT_TARGET_USED_CPU_PERCENT_FIELD = 'target.usedCpuPercent';
121+
export const ALERT_TARGET_USED_MEM_PERCENT_FIELD = 'target.usedMemPercent';
122+
export const ALERT_TARGET_TOTAL_CPU_UNITS_FIELD = 'target.totalCpuUnits';
123+
export const ALERT_TARGET_TOTAL_MEM_FIELD = 'target.totalMem';
124+
125+
// ADVERSARY
126+
export const ALERT_ADVERSARY_IP_FIELD = 'adversary.ip';
127+
export const ALERT_ADVERSARY_BYTES_SENT_FIELD = 'adversary.bytesSent';
128+
export const ALERT_ADVERSARY_BYTES_RECEIVED_FIELD = 'adversary.bytesReceived';
129+
export const ALERT_ADVERSARY_PACKAGES_SENT_FIELD = 'adversary.packagesSent';
130+
export const ALERT_ADVERSARY_PACKAGES_RECEIVED_FIELD = 'adversary.packagesReceived';
131+
export const ALERT_ADVERSARY_URL_FIELD = 'adversary.url';
132+
export const ALERT_ADVERSARY_DOMAIN_FIELD = 'adversary.domain';
133+
export const ALERT_ADVERSARY_PORT_FIELD = 'adversary.port';
134+
export const ALERT_ADVERSARY_CIDR_FIELD = 'adversary.cidr';
135+
export const ALERT_ADVERSARY_MAC_FIELD = 'adversary.mac';
136+
export const ALERT_ADVERSARY_HOST_FIELD = 'adversary.host';
137+
export const ALERT_ADVERSARY_USER_FIELD = 'adversary.user';
138+
export const ALERT_ADVERSARY_GROUP_FIELD = 'adversary.group';
139+
140+
// Geolocation
141+
export const ALERT_ADVERSARY_GEOLOCATION_COUNTRY_FIELD = 'adversary.geolocation.country';
142+
export const ALERT_ADVERSARY_GEOLOCATION_CITY_FIELD = 'adversary.geolocation.city';
143+
export const ALERT_ADVERSARY_GEOLOCATION_LATITUDE_FIELD = 'adversary.geolocation.latitude';
144+
export const ALERT_ADVERSARY_GEOLOCATION_LONGITUDE_FIELD = 'adversary.geolocation.longitude';
145+
export const ALERT_ADVERSARY_GEOLOCATION_ASN_FIELD = 'adversary.geolocation.asn';
146+
export const ALERT_ADVERSARY_GEOLOCATION_ASO_FIELD = 'adversary.geolocation.aso';
147+
export const ALERT_ADVERSARY_GEOLOCATION_COUNTRY_CODE_FIELD = 'adversary.geolocation.countryCode';
148+
export const ALERT_ADVERSARY_GEOLOCATION_ACCURACY_FIELD = 'adversary.geolocation.accuracy';
149+
150+
// Certificates & Fingerprints
151+
export const ALERT_ADVERSARY_CERTIFICATE_FINGERPRINT_FIELD = 'adversary.certificateFingerprint';
152+
export const ALERT_ADVERSARY_JA3_FINGERPRINT_FIELD = 'adversary.ja3Fingerprint';
153+
export const ALERT_ADVERSARY_JARM_FINGERPRINT_FIELD = 'adversary.jarmFingerprint';
154+
export const ALERT_ADVERSARY_SSH_BANNER_FIELD = 'adversary.sshBanner';
155+
export const ALERT_ADVERSARY_SSH_FINGERPRINT_FIELD = 'adversary.sshFingerprint';
156+
157+
// Web & Email
158+
export const ALERT_ADVERSARY_COOKIE_FIELD = 'adversary.cookie';
159+
export const ALERT_ADVERSARY_JABBER_ID_FIELD = 'adversary.jabberId';
160+
export const ALERT_ADVERSARY_EMAIL_FIELD = 'adversary.email';
161+
export const ALERT_ADVERSARY_DKIM_FIELD = 'adversary.dkim';
162+
export const ALERT_ADVERSARY_DKIM_SIGNATURE_FIELD = 'adversary.dkimSignature';
163+
export const ALERT_ADVERSARY_EMAIL_ADDRESS_FIELD = 'adversary.emailAddress';
164+
export const ALERT_ADVERSARY_EMAIL_BODY_FIELD = 'adversary.emailBody';
165+
export const ALERT_ADVERSARY_EMAIL_DISPLAY_NAME_FIELD = 'adversary.emailDisplayName';
166+
export const ALERT_ADVERSARY_EMAIL_SUBJECT_FIELD = 'adversary.emailSubject';
167+
export const ALERT_ADVERSARY_EMAIL_THREAD_INDEX_FIELD = 'adversary.emailThreadIndex';
168+
export const ALERT_ADVERSARY_EMAIL_XMAILER_FIELD = 'adversary.emailXMailer';
169+
170+
// WHOIS
171+
export const ALERT_ADVERSARY_WHOIS_REGISTRANT_FIELD = 'adversary.whoisRegistrant';
172+
export const ALERT_ADVERSARY_WHOIS_REGISTRAR_FIELD = 'adversary.whoisRegistrar';
173+
174+
// Process
175+
export const ALERT_ADVERSARY_PROCESS_FIELD = 'adversary.process';
176+
export const ALERT_ADVERSARY_PROCESS_STATE_FIELD = 'adversary.processState';
177+
export const ALERT_ADVERSARY_COMMAND_FIELD = 'adversary.command';
178+
export const ALERT_ADVERSARY_WINDOWS_SCHEDULED_TASK_FIELD = 'adversary.windowsScheduledTask';
179+
export const ALERT_ADVERSARY_WINDOWS_SERVICE_DISPLAY_NAME_FIELD = 'adversary.windowsServiceDisplayName';
180+
export const ALERT_ADVERSARY_WINDOWS_SERVICE_NAME_FIELD = 'adversary.windowsServiceName';
181+
182+
// File
183+
export const ALERT_ADVERSARY_FILE_FIELD = 'adversary.file';
184+
export const ALERT_ADVERSARY_PATH_FIELD = 'adversary.path';
185+
export const ALERT_ADVERSARY_FILENAME_FIELD = 'adversary.filename';
186+
export const ALERT_ADVERSARY_SIZE_IN_BYTES_FIELD = 'adversary.sizeInBytes';
187+
export const ALERT_ADVERSARY_MIME_TYPE_FIELD = 'adversary.mimeType';
188+
189+
// Hashes
190+
export const ALERT_ADVERSARY_HASH_FIELD = 'adversary.hash';
191+
export const ALERT_ADVERSARY_AUTHENTIHASH_FIELD = 'adversary.authentihash';
192+
export const ALERT_ADVERSARY_CDHASH_FIELD = 'adversary.cdhash';
193+
export const ALERT_ADVERSARY_MD5_FIELD = 'adversary.md5';
194+
export const ALERT_ADVERSARY_SHA1_FIELD = 'adversary.sha1';
195+
export const ALERT_ADVERSARY_SHA224_FIELD = 'adversary.sha224';
196+
export const ALERT_ADVERSARY_SHA256_FIELD = 'adversary.sha256';
197+
export const ALERT_ADVERSARY_SHA384_FIELD = 'adversary.sha384';
198+
export const ALERT_ADVERSARY_SHA3224_FIELD = 'adversary.sha3224';
199+
export const ALERT_ADVERSARY_SHA3256_FIELD = 'adversary.sha3256';
200+
export const ALERT_ADVERSARY_SHA3384_FIELD = 'adversary.sha3384';
201+
export const ALERT_ADVERSARY_SHA3512_FIELD = 'adversary.sha3512';
202+
export const ALERT_ADVERSARY_SHA512_FIELD = 'adversary.sha512';
203+
export const ALERT_ADVERSARY_SHA512224_FIELD = 'adversary.sha512224';
204+
export const ALERT_ADVERSARY_SHA512256_FIELD = 'adversary.sha512256';
205+
export const ALERT_ADVERSARY_HEX_FIELD = 'adversary.hex';
206+
export const ALERT_ADVERSARY_BASE64_FIELD = 'adversary.base64';
207+
208+
// System & Vulnerability
209+
export const ALERT_ADVERSARY_OPERATING_SYSTEM_FIELD = 'adversary.operatingSystem';
210+
export const ALERT_ADVERSARY_CHROME_EXTENSION_FIELD = 'adversary.chromeExtension';
211+
export const ALERT_ADVERSARY_MOBILE_APP_ID_FIELD = 'adversary.mobileAppId';
212+
export const ALERT_ADVERSARY_CPE_FIELD = 'adversary.cpe';
213+
export const ALERT_ADVERSARY_CVE_FIELD = 'adversary.cve';
214+
215+
// Malware
216+
export const ALERT_ADVERSARY_MALWARE_FIELD = 'adversary.malware';
217+
export const ALERT_ADVERSARY_MALWARE_FAMILY_FIELD = 'adversary.malwareFamily';
218+
export const ALERT_ADVERSARY_MALWARE_TYPE_FIELD = 'adversary.malwareType';
219+
220+
// Keys
221+
export const ALERT_ADVERSARY_PGP_PRIVATE_KEY_FIELD = 'adversary.pgpPrivateKey';
222+
export const ALERT_ADVERSARY_PGP_PUBLIC_KEY_FIELD = 'adversary.pgpPublicKey';
223+
224+
// Resources
225+
export const ALERT_ADVERSARY_CONNECTIONS_FIELD = 'adversary.connections';
226+
export const ALERT_ADVERSARY_USED_CPU_PERCENT_FIELD = 'adversary.usedCpuPercent';
227+
export const ALERT_ADVERSARY_USED_MEM_PERCENT_FIELD = 'adversary.usedMemPercent';
228+
export const ALERT_ADVERSARY_TOTAL_CPU_UNITS_FIELD = 'adversary.totalCpuUnits';
229+
export const ALERT_ADVERSARY_TOTAL_MEM_FIELD = 'adversary.totalMem';
230+
231+
232+
233+
234+
export const V11_ALERT_FIELDS: UtmFieldType[] = [
235+
// Core alert fields
236+
{ label: 'Alert Name', field: ALERT_NAME_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
237+
{ label: 'Alert ID', field: ALERT_CASE_ID_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
238+
{ label: 'Severity', field: ALERT_SEVERITY_FIELD_LABEL, type: ElasticDataTypesEnum.STRING, visible: false },
239+
{ label: 'Protocol', field: ALERT_PROTOCOL_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
240+
{ label: 'Category', field: ALERT_CATEGORY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
241+
{ label: 'Sensor', field: ALERT_SENSOR_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
242+
{ label: 'Generated By', field: ALERT_GENERATED_BY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
243+
{ label: 'Tags', field: ALERT_TAGS_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
244+
{ label: 'Time', field: ALERT_TIMESTAMP_FIELD, type: ElasticDataTypesEnum.DATE, visible: false },
245+
{ label: 'Incident Name', field: ALERT_INCIDENT_NAME_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
246+
{ label: 'Impact Availability', field: ALERT_IMPACT_AVAILABILITY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
247+
{ label: 'Impact Confidentiality', field: ALERT_IMPACT_CONFIDENTIALITY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
248+
{ label: 'Impact Integrity', field: ALERT_IMPACT_INTEGRITY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
249+
250+
// Adversary fields
251+
{ label: 'Adversary IP', field: ALERT_ADVERSARY_IP_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
252+
{ label: 'Adversary Host', field: ALERT_ADVERSARY_HOST_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
253+
{ label: 'Adversary User', field: ALERT_ADVERSARY_USER_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
254+
{ label: 'Adversary Group', field: ALERT_ADVERSARY_GROUP_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
255+
{ label: 'Adversary Domain', field: ALERT_ADVERSARY_DOMAIN_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
256+
{ label: 'Adversary MAC', field: ALERT_ADVERSARY_MAC_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
257+
{ label: 'Adversary Port', field: ALERT_ADVERSARY_PORT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
258+
{ label: 'Adversary URL', field: ALERT_ADVERSARY_URL_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
259+
{ label: 'Adversary CIDR', field: ALERT_ADVERSARY_CIDR_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
260+
{ label: 'Adversary Bytes Sent', field: ALERT_ADVERSARY_BYTES_SENT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
261+
{ label: 'Adversary Bytes Received', field: ALERT_ADVERSARY_BYTES_RECEIVED_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
262+
{ label: 'Adversary Packages Sent', field: ALERT_ADVERSARY_PACKAGES_SENT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
263+
{ label: 'Adversary Packages Received', field: ALERT_ADVERSARY_PACKAGES_RECEIVED_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
264+
265+
// Adversary geolocation
266+
{ label: 'Adversary Country', field: ALERT_ADVERSARY_GEOLOCATION_COUNTRY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
267+
{ label: 'Adversary City', field: ALERT_ADVERSARY_GEOLOCATION_CITY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
268+
{ label: 'Adversary Latitude', field: ALERT_ADVERSARY_GEOLOCATION_LATITUDE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
269+
{ label: 'Adversary Longitude', field: ALERT_ADVERSARY_GEOLOCATION_LONGITUDE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
270+
{ label: 'Adversary ASN', field: ALERT_ADVERSARY_GEOLOCATION_ASN_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
271+
{ label: 'Adversary ASO', field: ALERT_ADVERSARY_GEOLOCATION_ASO_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
272+
{ label: 'Adversary Country Code', field: ALERT_ADVERSARY_GEOLOCATION_COUNTRY_CODE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
273+
{ label: 'Adversary Geolocation Accuracy', field: ALERT_ADVERSARY_GEOLOCATION_ACCURACY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
274+
275+
// Target fields
276+
{ label: 'Target IP', field: ALERT_TARGET_IP_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
277+
{ label: 'Target Host', field: ALERT_TARGET_HOST_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
278+
{ label: 'Target User', field: ALERT_TARGET_USER_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
279+
{ label: 'Target Group', field: ALERT_TARGET_GROUP_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
280+
{ label: 'Target Domain', field: ALERT_TARGET_DOMAIN_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
281+
{ label: 'Target MAC', field: ALERT_TARGET_MAC_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
282+
{ label: 'Target Port', field: ALERT_TARGET_PORT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
283+
{ label: 'Target URL', field: ALERT_TARGET_URL_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
284+
{ label: 'Target CIDR', field: ALERT_TARGET_CIDR_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
285+
{ label: 'Target Bytes Sent', field: ALERT_TARGET_BYTES_SENT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
286+
{ label: 'Target Bytes Received', field: ALERT_TARGET_BYTES_RECEIVED_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
287+
{ label: 'Target Packages Sent', field: ALERT_TARGET_PACKAGES_SENT_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
288+
{ label: 'Target Packages Received', field: ALERT_TARGET_PACKAGES_RECEIVED_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
289+
290+
// Target geolocation
291+
{ label: 'Target Country', field: ALERT_TARGET_GEOLOCATION_COUNTRY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
292+
{ label: 'Target City', field: ALERT_TARGET_GEOLOCATION_CITY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
293+
{ label: 'Target Latitude', field: ALERT_TARGET_GEOLOCATION_LATITUDE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
294+
{ label: 'Target Longitude', field: ALERT_TARGET_GEOLOCATION_LONGITUDE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
295+
{ label: 'Target ASN', field: ALERT_TARGET_GEOLOCATION_ASN_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
296+
{ label: 'Target ASO', field: ALERT_TARGET_GEOLOCATION_ASO_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
297+
{ label: 'Target Country Code', field: ALERT_TARGET_GEOLOCATION_COUNTRY_CODE_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
298+
{ label: 'Target Geolocation Accuracy', field: ALERT_TARGET_GEOLOCATION_ACCURACY_FIELD, type: ElasticDataTypesEnum.STRING, visible: false },
299+
];
300+

0 commit comments

Comments
 (0)