Bugfix/10.8.0/macos (#1171)

* feat: Improve installer to add RHELD support

* fix: Update windows ARM collector

* wip

* feat: Add SELinux configuration for RedHat systems

* fix interface agent problem

* add bad gateway page

* complete macos agent

* feat(module-integration): add SOC AI model selection field

* feat(module-integration): add SOC AI model selection field

* feat(module-integration): add SOC AI model selection field

* feat(module-integration): add SOC AI model selection field

* feat(module-integration): update MacOS guide

* wip

* complete macos agent

* feat(module-integration): add SOC AI model selection field

* fix custom bad gateway page creation

* not contains operator grammar(Jose Angel)

* fix(agent-details): show correct agent version and format OS version

* feat(module-integration): add SOC AI model selection field

* Update and publish SOC-AI models

* Update UTMStack Version

* feat(module-integration): add SOC AI model selection field

---------

Co-authored-by: Yadian Llada Lopez <yadian.llada@gmail.com>
Co-authored-by: Osmany Montero <osmontero@icloud.com>
Co-authored-by: Yorjander Hernandez Vergara <yorjaKbayero@gmail.com>

Author: 4 people

.github/workflows/principal-multi-env.yml

@@ -88,7 +88,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix: 
-        service: ['aws', 'backend', 'correlation', 'frontend', 'bitdefender', 'mutate', 'office365', 'log-auth-proxy', 'sophos', 'user-auditor', 'web-pdf'] 
+        service: ['aws', 'backend', 'correlation', 'frontend', 'bitdefender', 'mutate', 'office365', 'log-auth-proxy', 'soc-ai', 'sophos', 'user-auditor', 'web-pdf'] 
     uses: ./.github/workflows/used-runner.yml
     with:
       microservice: ${{ matrix.service }}

.github/workflows/used-runner.yml

@@ -22,7 +22,7 @@ jobs:
         id: get_tech
         run: |
           folder_changed="${{inputs.microservice}}"
-          if [[ "$folder_changed" == "aws" || "$folder_changed" == "correlation" || "$folder_changed" == "bitdefender" || "$folder_changed" == "office365" || "$folder_changed" == "sophos" || "$folder_changed" == "log-auth-proxy" ]]; then
+          if [[ "$folder_changed" == "aws" || "$folder_changed" == "correlation" || "$folder_changed" == "bitdefender" || "$folder_changed" == "office365" || "$folder_changed" == "soc-ai" || "$folder_changed" == "sophos" || "$folder_changed" == "log-auth-proxy" ]]; then
             tech="golang"
           elif [[ "$folder_changed" == "backend" ]]; then
             tech="java-11"

CHANGELOG.md

@@ -1,8 +1,8 @@
-# UTMStack 10.7.3 Release Notes
--- Implemented backend support for filtering compliance reports based on active integrations, optimizing query performance and data retrieval.
--- Introduced new compliance reports aligned with the PCI DSS standard to expand auditing capabilities.
--- Added support for creating and updating tag-based rules with dynamic conditions.
-
-### Bug Fixes
--- Improved exception handling in `automaticReview` to prevent the process from stopping due to errors, ensuring the system continues evaluating alerts even if a specific rule fails.
--- Improved operator selection for more accurate and consistent filtering.
+# UTMStack 10.8.0 Release Notes
+- Updated Soc-AI models and released the code as open source.
+- Added the ability for users to choose which model to use with Soc-AI.
+- Enhanced the prompt sent to OpenAI by including additional contextual details.
+- Added support for RedHat; UTMStack can now be installed on both Ubuntu and RedHat.
+- Improved log delivery from ARM-based agents on Windows, now sending native system logs.
+- Added support for macOS ARM64; agents can now be installed on that platform.
+- Improved agent information displayed in the Sources panel, providing more accurate OS details and agent versions.

backend/src/main/resources/config/liquibase/changelog/20250418001_add_options_module_group_config.xml

@@ -27,20 +27,22 @@
                          'select',
                          true,
                          '[
-                           { "value": "gpt-4", "label": "GPT-4 (Default)" },
-                           { "value": "gpt-4-0613", "label": "GPT-4 (0613)" },
-                           { "value": "gpt-4-32k", "label": "GPT-4 32K" },
-                           { "value": "gpt-4-32k-0613", "label": "GPT-4 32K (0613)" },
-                           { "value": "gpt-4-turbo", "label": "GPT-4 Turbo" },
-                           { "value": "gpt-4o", "label": "GPT-4 Omni" },
-                           { "value": "gpt-4o-mini", "label": "GPT-4 Omni Mini" },
-                           { "value": "gpt-4.1", "label": "GPT-4.1" },
-                           { "value": "gpt-4.1-mini", "label": "GPT-4.1 Mini" },
-                           { "value": "gpt-4.1-nano", "label": "GPT-4.1 Nano" },
-                           { "value": "gpt-3.5-turbo", "label": "GPT-3.5 Turbo" },
-                           { "value": "gpt-3.5-turbo-0613", "label": "GPT-3.5 Turbo (0613)" },
-                           { "value": "gpt-3.5-turbo-16k", "label": "GPT-3.5 Turbo 16K" },
-                           { "value": "gpt-3.5-turbo-16k-0613", "label": "GPT-3.5 Turbo 16K (0613)" }
+                           { "value": "gpt-4.1", "label": "GPT-4.1 Model" },
+                           { "value": "gpt-4.1-mini", "label": "GPT-4.1 Mini Model" },
+                           { "value": "gpt-4.1-nano", "label": "GPT-4.1 Nano Model" },
+                           { "value": "gpt-4o", "label": "GPT-4 Omni Model" },
+                           { "value": "gpt-4o-mini", "label": "GPT-4 Omni Mini Model" },
+                           { "value": "gpt-4-turbo", "label": "GPT-4 Turbo Model" },
+                           { "value": "gpt-4-0614", "label": "GPT-4 Model (0614)" },
+                           { "value": "gpt-4-0125-preview", "label": "GPT-4 Model (0125 Preview)" },
+                           { "value": "gpt-3.5-turbo", "label": "GPT-3.5 Turbo Model" },
+                           { "value": "gpt-3.5-turbo-instruct", "label": "GPT-3.5 Turbo Instruct Model" },
+                           { "value": "gpt-3.5-turbo-1106", "label": "GPT-3.5 Turbo Model (1106)" },
+                           { "value": "o1", "label": "O1 Model" },
+                           { "value": "o1-pro", "label": "O1 Pro Model" },
+                           { "value": "o3", "label": "O3 Model" },
+                           { "value": "o3-mini", "label": "O3 Mini Model" },
+                           { "value": "o4-mini", "label": "O4 Mini Model" }
                          ]'
                      );
 

correlation/cache/operators.go

@@ -88,7 +88,7 @@ func compare(operator, val1, val2 string) bool {
 		return !lowerEqual(val1, val2)
 	case "contains":
 		return contain(val1, val2)
-	case "not contain":
+	case "not contain", "not contains":
 		return !contain(val1, val2)
 	case "in":
 		return in(val1, val2)

frontend/src/app/shared/components/utm/util/utm-agent-detail/utm-agent-detail.component.html

@@ -56,9 +56,13 @@
     <app-assets-apply-note *ngIf="asset" [asset]="asset" class="ml-2"></app-assets-apply-note>
   </div>
   <div class="agent-details w-100 d-flex justify-content-start mb-2" *ngIf="agent.version">
-    <span class="text-blue-800 font-weight-light has-minimum-width">OS Version:</span>&nbsp;
+    <span class="text-blue-800 font-weight-light has-minimum-width">Agent Version:</span>&nbsp;
     {{agent.version}}
   </div>
+  <div class="agent-details w-100 d-flex justify-content-start mb-2" *ngIf="agent.osMajorVersion && agent.osMinorVersion">
+    <span class="text-blue-800 font-weight-light has-minimum-width">OS Version:</span>&nbsp;
+    {{agent.osMajorVersion + '.' + agent.osMinorVersion}}
+  </div>
   <div class="agent-details w-100 d-flex justify-content-start mb-2" *ngIf="agent.lastSeen">
     <span class="text-blue-800 font-weight-light has-minimum-width">Last seen:</span>&nbsp;
     {{agent.lastSeen}}

installer/types/compose.go

@@ -507,7 +507,7 @@ func (c *Compose) Populate(conf *Config, stack *StackConfig) *Compose {
 
 	socAIMem := stack.ServiceResources["socai"].AssignedMemory
 	c.Services["socai"] = Service{
-		Image: utils.Str("ghcr.io/utmstack/soc-ai/soc-ai:" + conf.Branch),
+		Image: utils.Str("ghcr.io/utmstack/utmstack/soc-ai:" + conf.Branch),
 		DependsOn: []string{
 			"node1",
 			"backend",

installer/utils/os.go

@@ -49,6 +49,11 @@ func CreatePathIfNotExist(path string) error {
 }
 
 func WriteToFile(fileName string, body string) error {
+	filePath := filepath.Dir(fileName)
+	if err := CreatePathIfNotExist(filePath); err != nil {
+		return fmt.Errorf("error creating directory for file %s: %v", fileName, err)
+	}
+
 	file, err := os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, os.ModePerm)
 
 	if err != nil {

soc-ai/Dockerfile

@@ -0,0 +1,13 @@
+FROM ubuntu:24.04
+
+COPY soc-ai /app/
+
+RUN apt-get update && \
+    apt-get install -y ca-certificates jq wget && \
+    update-ca-certificates && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+EXPOSE 8080
+
+CMD ["/app/soc-ai"]

soc-ai/configurations/config.go

@@ -0,0 +1,71 @@
+package configurations
+
+import (
+	"time"
+
+	UTMStackConfigurationClient "github.com/utmstack/config-client-go"
+	"github.com/utmstack/config-client-go/enum"
+	"github.com/utmstack/soc-ai/utils"
+)
+
+var (
+	gptConfig GPTConfig
+)
+
+type GPTConfig struct {
+	APIKey                    string
+	ChangeAlertStatus         bool
+	AutomaticIncidentCreation bool
+	Model                     string
+	ModuleActive              bool
+}
+
+func GetGPTConfig() *GPTConfig {
+	return &gptConfig
+}
+
+func UpdateGPTConfigurations() {
+	intKey := GetInternalKey()
+	panelServ := GetPanelServiceName()
+	client := UTMStackConfigurationClient.NewUTMClient(intKey, panelServ)
+
+	for {
+		if err := utils.ConnectionChecker(GPT_API_ENDPOINT); err != nil {
+			utils.Logger.ErrorF("Failed to establish internet connection: %v", err)
+		}
+
+		tempModuleConfig, err := client.GetUTMConfig(enum.SOCAI)
+		if err != nil && err.Error() != "" && err.Error() != " " {
+			utils.Logger.LogF(100, "Error while getting GPT configuration: %v", err)
+			time.Sleep(TIME_FOR_GET_CONFIG * time.Second)
+			continue
+		}
+
+		gptConfig.ModuleActive = tempModuleConfig.ModuleActive
+
+		if gptConfig.ModuleActive && tempModuleConfig != nil && len(tempModuleConfig.ConfigurationGroups) > 0 {
+			for _, config := range tempModuleConfig.ConfigurationGroups[0].Configurations {
+				switch config.ConfKey {
+				case "utmstack.socai.key":
+					if config.ConfValue != "" && config.ConfValue != " " {
+						gptConfig.APIKey = config.ConfValue
+					}
+				case "utmstack.socai.incidentCreation":
+					if config.ConfValue != "" && config.ConfValue != " " {
+						gptConfig.AutomaticIncidentCreation = config.ConfValue == "true"
+					}
+				case "utmstack.socai.changeAlertStatus":
+					if config.ConfValue != "" && config.ConfValue != " " {
+						gptConfig.ChangeAlertStatus = config.ConfValue == "true"
+					}
+				case "utmstack.socai.model":
+					if config.ConfValue != "" && config.ConfValue != " " {
+						gptConfig.Model = config.ConfValue
+					}
+				}
+			}
+		}
+
+		time.Sleep(TIME_FOR_GET_CONFIG * time.Second)
+	}
+}