Skip to content

Commit b9ec9bf

Browse files
mjabascal10mjabascal10
committed
feat: add Suricata module integration and database procedures
1 parent 0f2a049 commit b9ec9bf

5 files changed

Lines changed: 257 additions & 2 deletions

File tree

backend/src/main/java/com/park/utmstack/domain/application_modules/enums/ModuleName.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,5 +62,6 @@ public enum ModuleName {
6262
SALESFORCE,
6363
BITDEFENDER,
6464
SOC_AI,
65-
PFSENSE
65+
PFSENSE,
66+
SURICATA,
6667
}

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/ModuleFactory.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ public class ModuleFactory {
6767
private final ModulePfsense modulePfsense;
6868
private final ModuleFortiWeb moduleFortiWeb;
6969
private final ModuleAix moduleAix;
70+
private final ModuleSuricata moduleSuricata;
7071

7172

7273
public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
@@ -129,7 +130,8 @@ public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
129130
ModuleSocAi moduleSocAi,
130131
ModulePfsense modulePfsense,
131132
ModuleFortiWeb moduleFortiWeb,
132-
ModuleAix moduleAix) {
133+
ModuleAix moduleAix,
134+
ModuleSuricata moduleSuricata) {
133135
this.moduleFileIntegrity = moduleFileIntegrity;
134136
this.moduleO365 = moduleO365;
135137
this.moduleAzure = moduleAzure;
@@ -191,6 +193,7 @@ public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
191193
this.modulePfsense = modulePfsense;
192194
this.moduleFortiWeb = moduleFortiWeb;
193195
this.moduleAix = moduleAix;
196+
this.moduleSuricata = moduleSuricata;
194197
}
195198

196199
public IModule getInstance(ModuleName nameShort) {
@@ -316,6 +319,8 @@ public IModule getInstance(ModuleName nameShort) {
316319
return moduleFortiWeb;
317320
if (nameShort.equals(ModuleName.AIX))
318321
return moduleAix;
322+
if (nameShort.equals(ModuleName.SURICATA))
323+
return moduleSuricata;
319324
throw new RuntimeException("Unrecognized module " + nameShort.name());
320325
}
321326
}

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSuricata.java

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
package com.park.utmstack.domain.application_modules.factory.impl;
2+
3+
import com.park.utmstack.domain.application_modules.UtmModule;
4+
import com.park.utmstack.domain.application_modules.enums.ModuleName;
5+
import com.park.utmstack.domain.application_modules.factory.IModule;
6+
import com.park.utmstack.domain.application_modules.types.ModuleConfigurationKey;
7+
import com.park.utmstack.domain.application_modules.types.ModuleRequirement;
8+
import com.park.utmstack.service.application_modules.UtmModuleService;
9+
import org.springframework.stereotype.Component;
10+
11+
import java.util.Collections;
12+
import java.util.List;
13+
14+
@Component
15+
public class ModuleSuricata implements IModule {
16+
private static final String CLASSNAME = "ModuleSuricata";
17+
18+
private final UtmModuleService moduleService;
19+
20+
public ModuleSuricata(UtmModuleService moduleService) {
21+
this.moduleService = moduleService;
22+
}
23+
24+
@Override
25+
public UtmModule getDetails(Long serverId) throws Exception {
26+
final String ctx = CLASSNAME + ".getDetails";
27+
try {
28+
return moduleService.findByServerIdAndModuleName(serverId, ModuleName.SURICATA);
29+
} catch (Exception e) {
30+
throw new Exception(ctx + ": " + e.getMessage());
31+
}
32+
}
33+
34+
@Override
35+
public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception {
36+
return Collections.emptyList();
37+
}
38+
39+
@Override
40+
public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
41+
return Collections.emptyList();
42+
}
43+
}

backend/src/main/resources/config/liquibase/changelog/20250814001_adding_suricata.xml

Lines changed: 204 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,204 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<databaseChangeLog
3+
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
4+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5+
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
6+
7+
<changeSet id="20250814001" author="Manuel">
8+
<createProcedure dbms="postgresql">
9+
<![CDATA[
10+
CREATE OR REPLACE FUNCTION public.register_integration_suricata(srv_id integer)RETURNS void
11+
LANGUAGE plpgsql
12+
AS
13+
$function$
14+
declare
15+
grp_id integer;
16+
mod_id bigint;
17+
18+
begin
19+
INSERT INTO utm_module (pretty_name, module_description, module_active, module_icon, module_name,
20+
server_id, module_category, needs_restart, lite_version, is_activatable)
21+
VALUES ('Suricata',
22+
'Suricata is an open-source based intrusion detection system (IDS) and intrusion prevention system (IPS).',
23+
FALSE,
24+
'suricata.svg',
25+
'SURICATA',
26+
srv_id,
27+
'Device',
28+
FALSE,
29+
TRUE,
30+
TRUE)
31+
ON CONFLICT (module_name, server_id) DO UPDATE SET pretty_name = 'Suricata',
32+
module_icon = 'suricata.svg',
33+
module_name = 'SURICATA',
34+
module_category = 'Device',
35+
module_description = 'Suricata is an open-source based intrusion detection system (IDS) and intrusion prevention system (IPS).',
36+
lite_version = TRUE,
37+
server_id = srv_id;
38+
39+
end;
40+
$function$;
41+
]]>
42+
</createProcedure>
43+
44+
<createProcedure dbms="postgresql">
45+
<![CDATA[
46+
create or replace function register_integrations(srv_id integer, srv_type character varying)
47+
returns void
48+
language plpgsql
49+
as
50+
$$
51+
BEGIN
52+
53+
perform public.register_integration_netflow(srv_id);
54+
55+
perform public.register_integration_window_agent(srv_id);
56+
57+
perform public.register_integration_syslog(srv_id);
58+
59+
perform public.register_integration_vmware(srv_id);
60+
61+
perform public.register_integration_linux_agent(srv_id);
62+
63+
perform public.register_integration_apache(srv_id);
64+
65+
perform public.register_integration_linux_audit_demon(srv_id);
66+
67+
perform public.register_integration_elasticsearch(srv_id);
68+
69+
perform public.register_integration_hap(srv_id);
70+
71+
perform public.register_integration_kafka(srv_id);
72+
73+
perform public.register_integration_kibana(srv_id);
74+
75+
perform public.register_integration_logstash(srv_id);
76+
77+
perform public.register_integration_mongodb(srv_id);
78+
79+
perform public.register_integration_mysql(srv_id);
80+
81+
perform public.register_integration_nats(srv_id);
82+
83+
perform public.register_integration_nginx(srv_id);
84+
85+
perform public.register_integration_osquery(srv_id);
86+
87+
perform public.register_integration_postgresql(srv_id);
88+
89+
perform public.register_integration_redis(srv_id);
90+
91+
perform public.register_integration_traefik(srv_id);
92+
93+
perform public.register_integration_cisco(srv_id);
94+
95+
perform public.register_integration_cisco_meraki(srv_id);
96+
97+
perform public.register_integration_json(srv_id);
98+
99+
perform public.register_integration_iis(srv_id);
100+
101+
perform public.register_integration_kaspersky(srv_id);
102+
103+
perform public.register_integration_eset(srv_id);
104+
105+
perform public.register_integration_sentinel_one(srv_id);
106+
107+
perform public.register_integration_fortigate(srv_id);
108+
109+
perform public.register_integration_sophosxg(srv_id);
110+
111+
perform public.register_integration_macos(srv_id);
112+
113+
114+
IF srv_type = 'aio' THEN
115+
116+
perform public.register_integration_file_integrity(srv_id);
117+
118+
perform public.register_integration_azure(srv_id);
119+
120+
perform public.register_integration_o365(srv_id);
121+
122+
perform public.register_integration_aws(srv_id);
123+
124+
perform public.register_integration_sophos_central(srv_id);
125+
126+
perform public.register_integration_gcp(srv_id);
127+
128+
perform public.register_integration_fire_power(srv_id);
129+
130+
perform public.register_integration_mikrotik(srv_id);
131+
132+
perform public.register_integration_palo_alto(srv_id);
133+
134+
perform public.register_integration_cisco_switch(srv_id);
135+
136+
perform public.register_integration_sonic_wall(srv_id);
137+
138+
perform public.register_integration_deceptive_bytes(srv_id);
139+
140+
perform public.register_integration_github(srv_id);
141+
142+
perform public.register_integration_bitdefender(srv_id);
143+
144+
perform public.register_integration_soc_ai(srv_id);
145+
146+
perform public.register_integration_suricata(srv_id);
147+
148+
END IF;
149+
150+
perform public.update_module_dependencies();
151+
END;
152+
$$;
153+
]]>
154+
</createProcedure>
155+
<createProcedure dbms="postgresql">
156+
do
157+
$$
158+
begin
159+
perform public.execute_register_integration_function();
160+
end;
161+
$$
162+
language plpgsql;
163+
</createProcedure>
164+
<sql dbms="postgresql" splitStatements="true" stripComments="true">
165+
<![CDATA[
166+
INSERT INTO utm_logstash_filter (id, logstash_filter, filter_name, filter_group_id, system_owner, module_name, is_active, filter_version)
167+
VALUES (1528, '', 'suricata', null, true, 'SURICATA', false, '2.0.0');
168+
]]>
169+
</sql>
170+
<sql dbms="postgresql" splitStatements="true" stripComments="true">
171+
<![CDATA[
172+
INSERT INTO utm_logstash_pipeline (id, pipeline_id, pipeline_name, parent_pipeline, pipeline_status, module_name, system_owner, pipeline_description, pipeline_internal, events_in, events_filtered, events_out, reloads_successes, reloads_failures, reloads_last_failure_timestamp, reloads_last_error, reloads_last_success_timestamp)
173+
VALUES (58, 'suricata', 'Suricata', null, 'up', 'SURICATA', true, null, false, 0, 0, 0, 0, 0, null, null, null);
174+
175+
INSERT INTO utm_group_logstash_pipeline_filters (filter_id, pipeline_id, relation)
176+
VALUES (1528, 58, 'PIPELINE_FILTER');
177+
178+
INSERT INTO utm_logstash_input (id, pipeline_id, input_pretty_name, input_plugin, input_with_ssl, system_owner)
179+
VALUES (71, 58, 'HTTP', 'http', false, true);
180+
181+
INSERT INTO utm_logstash_input_configuration (id, input_id, conf_key, conf_value, conf_type, conf_required, conf_validation_regex, system_owner)
182+
VALUES (71, 71, 'http_port', '7019', 'port', true, '^((6553[0-5])|(655[0-2][0-9])|(65[0-4][0-9]{2})|(6[0-4][0-9]{3})|([1-5][0-9]{4})|([0-5]{0,5})|([0-9]{1,4}))$', true);
183+
184+
INSERT INTO utm_index_pattern (id, pattern, pattern_module, pattern_system, is_active)
185+
VALUES (68,'log-suricata-*', 'SURICATA', true, true);
186+
187+
INSERT INTO utm_data_source_config (data_type, data_type_name, system_owner, included)
188+
VALUES ( 'suricata', 'Suricata', true, true);
189+
190+
INSERT INTO utm_menu (id, name, url, parent_id, type, dashboard_id, position, menu_active, menu_action, menu_icon, module_name_short)
191+
VALUES (266, 'Suricata', 'discover/log-analyzer?patternId=63&indexPattern=log-suricata-*', 200, 1, null, 66, false, false, null, 'SURICATA');
192+
193+
INSERT INTO utm_menu_authority (menu_id, authority_name)
194+
VALUES ( 266, 'ROLE_USER');
195+
196+
INSERT INTO utm_menu_authority (menu_id, authority_name)
197+
VALUES ( 266, 'ROLE_ADMIN');
198+
199+
]]>
200+
201+
202+
</sql>
203+
</changeSet>
204+
</databaseChangeLog>

backend/src/main/resources/config/liquibase/master.xml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,5 +107,7 @@
107107

108108
<include file="/config/liquibase/changelog/20250605001_update_typos_config_report_status _values.xml" relativeToChangelogFile="false"/>
109109

110+
<include file="/config/liquibase/changelog/20250814001_adding_suricata.xml" relativeToChangelogFile="false"/>
111+
110112

111113
</databaseChangeLog>

0 commit comments

Comments
 (0)