feat(panel): add manual alert analysis endpoint with SSL support

Author: Kbayero

backend/pom.xml

@@ -285,7 +285,7 @@
         <dependency>
             <groupId>com.utmstack</groupId>
             <artifactId>opensearch-connector</artifactId>
-            <version>1.0.4</version>
+            <version>1.0.5</version>
         </dependency>
         <dependency>
             <groupId>jakarta.json</groupId>

backend/src/main/java/com/park/utmstack/service/soc_ai/SocAIService.java

@@ -1,101 +1,97 @@
 package com.park.utmstack.service.soc_ai;
 
 import com.google.gson.Gson;
-import com.park.utmstack.domain.UtmAlertSocaiProcessingRequest;
-import com.park.utmstack.domain.application_modules.enums.ModuleName;
-import com.park.utmstack.service.UtmAlertSocaiProcessingRequestService;
+import com.park.utmstack.config.Constants;
+import com.park.utmstack.domain.shared_types.alert.UtmAlert;
 import com.park.utmstack.service.application_modules.UtmModuleService;
 import okhttp3.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.scheduling.annotation.Async;
-import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 
-import java.util.List;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
 
 @Service
 public class SocAIService {
     private static final String CLASSNAME = "SocAIService";
     private final Logger log = LoggerFactory.getLogger(SocAIService.class);
-    private final String SOCAI_PROCESS_URL;
+    private final String SOCAI_BASE_URL;
+    private final String SOCAI_ANALYZE_ENDPOINT = "/api/v1/analyze";
+    private final OkHttpClient httpClient;
 
-    private final UtmAlertSocaiProcessingRequestService socaiProcessingRequestService;
     private final UtmModuleService moduleService;
 
-    public SocAIService(UtmAlertSocaiProcessingRequestService socaiProcessingRequestService,
-                        UtmModuleService moduleService) {
-        this.socaiProcessingRequestService = socaiProcessingRequestService;
+    public SocAIService(UtmModuleService moduleService) {
         this.moduleService = moduleService;
-        SOCAI_PROCESS_URL = System.getenv("SOC_AI_BASE_URL");
+        SOCAI_BASE_URL = System.getenv("SOC_AI_BASE_URL");
+        this.httpClient = createTrustAllClient();
     }
 
-
-    public void sendData(Object data) {
-        final String ctx = CLASSNAME + ".sendData";
+    /**
+     * Sends a complete alert to SOC-AI for analysis
+     */
+    public void analyzeAlert(UtmAlert alert) {
+        final String ctx = CLASSNAME + ".analyzeAlert";
         try {
-            OkHttpClient client = new OkHttpClient.Builder()
-                .connectTimeout(10, TimeUnit.SECONDS)
-                .writeTimeout(10, TimeUnit.SECONDS)
-                .readTimeout(30, TimeUnit.SECONDS)
-                .build();
+            if (!StringUtils.hasText(SOCAI_BASE_URL)) {
+                throw new RuntimeException("SOC_AI_BASE_URL environment variable is not configured");
+            }
+
+            String internalKey = System.getenv(Constants.ENV_INTERNAL_KEY);
+            if (!StringUtils.hasText(internalKey)) {
+                throw new RuntimeException("INTERNAL_KEY environment variable is not configured");
+            }
+
             MediaType mediaType = MediaType.parse("application/json; charset=utf-8");
-            RequestBody body = RequestBody.create(new Gson().toJson(data), mediaType);
-            Request request = new Request.Builder().url(SOCAI_PROCESS_URL).post(body)
-                .addHeader("Content-Type", "application/json").build();
+            RequestBody body = RequestBody.create(new Gson().toJson(alert), mediaType);
 
-            try (Response rs = client.newCall(request).execute()) {
-                if (!rs.isSuccessful())
-                    throw new Exception(ctx + "Unexpected response: " + rs);
+            String url = SOCAI_BASE_URL + SOCAI_ANALYZE_ENDPOINT;
+            Request request = new Request.Builder()
+                .url(url)
+                .post(body)
+                .addHeader("Content-Type", "application/json")
+                .addHeader("X-Internal-Key", internalKey)
+                .build();
+
+            try (Response rs = httpClient.newCall(request).execute()) {
+                if (!rs.isSuccessful()) {
+                    String responseBody = rs.body() != null ? rs.body().string() : "No response body";
+                    throw new Exception("Unexpected response: " + rs.code() + " - " + responseBody);
+                }
             }
         } catch (Exception e) {
             log.error(ctx + ": " + e.getLocalizedMessage());
             throw new RuntimeException(ctx + ": " + e.getLocalizedMessage());
         }
     }
 
-    /*@Scheduled(fixedDelay = 30000)*/
-    public void sendRequests() {
-        final String ctx = CLASSNAME + ".sendRequests";
+    private OkHttpClient createTrustAllClient() {
         try {
-            if (!moduleService.isModuleActive(ModuleName.SOC_AI))
-                return;
+            TrustManager[] trustAllCerts = new TrustManager[]{
+                new X509TrustManager() {
+                    public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
+                    public void checkClientTrusted(X509Certificate[] certs, String authType) {}
+                    public void checkServerTrusted(X509Certificate[] certs, String authType) {}
+                }
+            };
 
-            if (!StringUtils.hasText(SOCAI_PROCESS_URL)) {
-                log.error(ctx + ": Environment variable SOC_AI_BASE_URL is missing or does not have a value");
-                return;
-            }
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
 
-            Page<UtmAlertSocaiProcessingRequest> requests = socaiProcessingRequestService.findAll(PageRequest.of(0, 20));
-            if (!requests.hasContent())
-                return;
-            List<String> ids = requests.getContent().stream().map(UtmAlertSocaiProcessingRequest::getAlertId)
-                .collect(Collectors.toList());
-            try {
-                sendData(ids);
-                socaiProcessingRequestService.delete(ids);
-            } catch (Exception e) {
-                log.error(ctx + ": " + e.getLocalizedMessage());
-            }
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    @Async
-    public void requestSocAiProcess(List<String> alertIds) {
-        final String ctx = CLASSNAME + ".requestSocAiProcess";
-        try {
-            List<UtmAlertSocaiProcessingRequest> ids = alertIds.stream().map(UtmAlertSocaiProcessingRequest::new)
-                .collect(Collectors.toList());
-            socaiProcessingRequestService.saveAll(ids);
+            return new OkHttpClient.Builder()
+                .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0])
+                .hostnameVerifier((hostname, session) -> true)
+                .connectTimeout(10, TimeUnit.SECONDS)
+                .writeTimeout(10, TimeUnit.SECONDS)
+                .readTimeout(30, TimeUnit.SECONDS)
+                .build();
         } catch (Exception e) {
-            throw new RuntimeException(ctx + ": " + e.getLocalizedMessage());
+            throw new RuntimeException("Failed to create SSL client: " + e.getMessage());
         }
     }
 }

backend/src/main/java/com/park/utmstack/web/rest/soc_ai/UtmSocAiResource.java

@@ -1,6 +1,7 @@
 package com.park.utmstack.web.rest.soc_ai;
 
 import com.park.utmstack.domain.application_events.enums.ApplicationEventType;
+import com.park.utmstack.domain.shared_types.alert.UtmAlert;
 import com.park.utmstack.service.application_events.ApplicationEventService;
 import com.park.utmstack.service.soc_ai.SocAIService;
 import com.park.utmstack.web.rest.AccountResource;
@@ -25,23 +26,42 @@ public class UtmSocAiResource {
 
     private final ApplicationEventService applicationEventService;
     private final SocAIService socAIService;
+
     public UtmSocAiResource(SocAIService socAIService, ApplicationEventService applicationEventService) {
         this.socAIService = socAIService;
         this.applicationEventService = applicationEventService;
     }
 
-    @PostMapping("/alerts")
-    public ResponseEntity<Object> sendData(@RequestBody String[] alertsId) {
-        final String ctx = CLASSNAME + ".sendAlertsIds";
+    /**
+     * POST /api/soc-ai/analyze : Submit an alert for SOC-AI analysis
+     *
+     * @param alert the complete alert object to analyze
+     * @return status of the submission
+     */
+    @PostMapping("/analyze")
+    public ResponseEntity<Object> analyzeAlert(@RequestBody UtmAlert alert) {
+        final String ctx = CLASSNAME + ".analyzeAlert";
         try {
-            socAIService.sendData(alertsId);
-            return ResponseEntity.ok().body(Map.of("status", "success", "message", "Processing successful"));
+            if (alert == null || alert.getId() == null) {
+                return ResponseEntity.badRequest().body(Map.of("status", "error", "message", "Alert ID is required"));
+            }
+
+            socAIService.analyzeAlert(alert);
+            return ResponseEntity.accepted().body(Map.of(
+                "status", "queued",
+                "alertId", alert.getId(),
+                "message", "Alert queued for SOC-AI analysis"
+            ));
         } catch (Exception e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);
             applicationEventService.createEvent(msg, ApplicationEventType.ERROR);
 
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("status", "error", "message", msg));
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of(
+                "status", "error",
+                "message", msg
+            ));
         }
     }
+
 }

frontend/src/app/data-management/alert-management/shared/components/alert-soc-ai/alert-soc-ai.component.html

@@ -52,6 +52,19 @@
     <span class="font-weight-semibold">Info! </span>
     <span>The SOC-AI integration did not analyze this alert due to inactivity or a processing error.</span>
   </div>
+  <button class="btn btn-primary" (click)="processAlert()" [disabled]="loadingProcess || !alert">
+    <i class="icon-brain mr-1" *ngIf="!loadingProcess"></i>
+    <i class="icon-spinner2 spinner mr-1" *ngIf="loadingProcess"></i>
+    {{ loadingProcess ? 'Analyzing...' : 'Analyze with SOC-AI' }}
+  </button>
 </div>
 
+<!-- Re-analyze button when analysis is completed -->
+<div *ngIf="socAiResponse && socAiResponse.status === indexSocAiStatus.Completed && !loading" class="mt-3">
+  <button class="btn btn-outline-primary btn-sm" (click)="processAlert()" [disabled]="loadingProcess || !alert">
+    <i class="icon-refresh mr-1" *ngIf="!loadingProcess"></i>
+    <i class="icon-spinner2 spinner mr-1" *ngIf="loadingProcess"></i>
+    {{ loadingProcess ? 'Re-analyzing...' : 'Re-analyze' }}
+  </button>
+</div>
 

frontend/src/app/data-management/alert-management/shared/components/alert-soc-ai/alert-soc-ai.component.ts

@@ -5,6 +5,7 @@ import {LOG_INDEX_PATTERN, SOC_AI_INDEX_PATTERN} from '../../../../../shared/con
 import {ElasticOperatorsEnum} from '../../../../../shared/enums/elastic-operators.enum';
 import {ElasticDataService} from '../../../../../shared/services/elasticsearch/elastic-data.service';
 import {ElasticFilterType} from '../../../../../shared/types/filter/elastic-filter.type';
+import {UtmAlertType} from '../../../../../shared/types/alert/utm-alert.type';
 import {AlertSocAiService} from '../../services/alert-soc-ai.service';
 import {IndexSocAiStatus, SocAiType} from './soc-ai.type';
 
@@ -15,6 +16,7 @@ import {IndexSocAiStatus, SocAiType} from './soc-ai.type';
 })
 export class AlertSocAiComponent implements OnInit, OnDestroy {
   @Input() alertID: string;
+  @Input() alert: UtmAlertType;
   @Input() socAiActive: boolean;
   socAiResponse: SocAiType;
   indexSocAiStatus = IndexSocAiStatus;
@@ -75,9 +77,15 @@ export class AlertSocAiComponent implements OnInit, OnDestroy {
   }
 
   processAlert() {
+    if (!this.alert) {
+      this.utmToastService.showError('Error', 'Alert data is not available.');
+      return;
+    }
+
     this.loadingProcess = true;
-    this.alertSocAiService.processAlertBySoc([this.alertID])
+    this.alertSocAiService.analyzeAlert(this.alert)
       .subscribe((res) => {
+          this.utmToastService.showSuccessBottom('Alert submitted for SOC-AI analysis');
           setTimeout(() => {
             this.loadingProcess = false;
             this.getSocAiResponse();

frontend/src/app/data-management/alert-management/shared/components/alert-view-detail/alert-view-detail.component.html

@@ -198,7 +198,7 @@
   </div>
 
   <div class="w-100 mt-3" *ngIf="view === alertDetailTabEnum.SOC_AI">
-    <app-alert-soc-ai [alertID]="alert.id" [socAiActive]="socAi"></app-alert-soc-ai>
+    <app-alert-soc-ai [alertID]="alert.id" [alert]="alert" [socAiActive]="socAi"></app-alert-soc-ai>
   </div>
 
   <div class="w-100 mt-3" *ngIf="view=== alertDetailTabEnum.TAGS && relatedTagsRules">

frontend/src/app/data-management/alert-management/shared/services/alert-soc-ai.service.ts

@@ -2,6 +2,7 @@ import {HttpClient, HttpResponse} from '@angular/common/http';
 import {Injectable} from '@angular/core';
 import {Observable} from 'rxjs';
 import {SERVER_API_URL} from '../../../../app.constants';
+import {UtmAlertType} from '../../../../shared/types/alert/utm-alert.type';
 
 
 @Injectable({
@@ -14,8 +15,12 @@ export class AlertSocAiService {
   constructor(private http: HttpClient) {
   }
 
-  processAlertBySoc(alertId: string[]): Observable<HttpResponse<any>> {
-    return this.http.post<HttpResponse<any>>(this.resourceUrl + '/alerts', alertId, {observe: 'response'});
+  /**
+   * Submit an alert for SOC-AI analysis
+   * @param alert The complete alert object to analyze
+   */
+  analyzeAlert(alert: UtmAlertType): Observable<HttpResponse<any>> {
+    return this.http.post<any>(this.resourceUrl + '/analyze', alert, {observe: 'response'});
   }
 
 }