feat(crowdstrike): implement CrowdStrike integration guide and update logs display

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

Author: mjabascal10

frontend/src/app/app-management/app-logs/app-logs.component.html

@@ -4,15 +4,15 @@ <h6 class="card-title mb-0 text-uppercase label-header">
       Application logs
     </h6>
     <div class="d-flex justify-content-center align-items-center">
-      <!--<ng-select (change)="filterBySelect($event,'source')"
+      <ng-select (change)="filterBySelect($event,'source')"
                  [clearable]="true"
                  [items]="sources"
                  [searchable]="false"
                  class="has-minimum-width mr-3"
                  placeholder="Source"
                  style="min-width: 100px"
-      ></ng-select>-->
-      <ng-select (change)="filterBySelect($event,'log.severity')"
+      ></ng-select>
+      <ng-select (change)="filterBySelect($event,'type')"
                  [clearable]="true"
                  [items]="types"
                  [searchable]="false"
@@ -28,78 +28,78 @@ <h6 class="card-title mb-0 text-uppercase label-header">
       </app-elastic-filter-time>
     </div>
   </div>
-    <div class="table-responsive resizable-table-responsive m-h-0">
-      <table class="table text-nowrap">
-        <thead>
-        <tr>
-          <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
-            Date&nbsp;
-          </th>
-          <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
-            Source&nbsp;
-          </th>
-          <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
-            Type&nbsp;
-          </th>
-          <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
-            Preview&nbsp;
-          </th>
-        </tr>
-        </thead>
-        <tbody *ngIf="logs && !loading">
-        <tr (click)="message = log.log.msg" *ngFor="let log of logs" class="cursor-pointer">
-          <td><span>{{log["@timestamp"]| date:'medium':'UTC'}}</span></td>
-          <td>
-            <span>{{'PANEL ( '+ log.dataSource + ' )'}}</span>
-          </td>
-          <td>
-            <span [ngClass]="getClassByType(log.log.severity)"
+  <div class="table-responsive resizable-table-responsive m-h-0">
+    <table class="table text-nowrap">
+      <thead>
+      <tr>
+        <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
+          Date&nbsp;
+        </th>
+        <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
+          Source&nbsp;
+        </th>
+        <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
+          Type&nbsp;
+        </th>
+        <th class="font-weight-semibold text-uppercase cursor-pointer w-25">
+          Preview&nbsp;
+        </th>
+      </tr>
+      </thead>
+      <tbody *ngIf="logs && !loading">
+      <tr (click)="message = log.message" *ngFor="let log of logs" class="cursor-pointer">
+        <td><span>{{log["@timestamp"]| date:'medium':'UTC'}}</span></td>
+        <td>
+          <span>{{log.source}}</span>
+        </td>
+        <td>
+            <span [ngClass]="getClassByType(log.type)"
                   class="p-1 border-1 rounded">
-              {{log.log.severity}}
+              {{log.type}}
             </span>
-          </td>
-          <td>
-            <span [ngClass]="getClassByType(log.log.msg)">
-              {{getPreview(log.log.msg)}}
+        </td>
+        <td>
+            <span [ngClass]="getClassByType(log.type)">
+              {{getPreview(log.message)}}
             </span>
-          </td>
-        </tr>
-        </tbody>
-        <tbody *ngIf="(logs.length===0 && !loading)">
-        <tr>
-          <td colspan="5">
-            <app-no-data-found></app-no-data-found>
-          </td>
-        </tr>
-        </tbody>
-        <tbody *ngIf="loading">
-        <tr>
-          <td colspan="5">
-            <div class="p-5 d-flex  justify-content-center align-items-center text-blue-800">
-              <app-utm-spinner [height]="'35px'"
-                               [label]="'Loading logs'"
-                               [loading]="loading"
-                               [width]="'35px'">
-              </app-utm-spinner>
-            </div>
-          </td>
-        </tr>
-        </tbody>
-      </table>
-    </div>
-    <div *ngIf="logs && logs.length>0" class="py-3">
-      <div class="row justify-content-center">
-        <ngb-pagination
-          (pageChange)="loadPage($event)"
-          [(page)]="page"
-          [boundaryLinks]="true"
-          [collectionSize]="totalItems"
-          [maxSize]="5"
-          [pageSize]="itemsPerPage"
-          [rotate]="true"
-          [size]="'sm'"></ngb-pagination>
-      </div>
+        </td>
+      </tr>
+      </tbody>
+      <tbody *ngIf="(logs.length===0 && !loading)">
+      <tr>
+        <td colspan="5">
+          <app-no-data-found></app-no-data-found>
+        </td>
+      </tr>
+      </tbody>
+      <tbody *ngIf="loading">
+      <tr>
+        <td colspan="5">
+          <div class="p-5 d-flex  justify-content-center align-items-center text-blue-800">
+            <app-utm-spinner [height]="'35px'"
+                             [label]="'Loading logs'"
+                             [loading]="loading"
+                             [width]="'35px'">
+            </app-utm-spinner>
+          </div>
+        </td>
+      </tr>
+      </tbody>
+    </table>
+  </div>
+  <div *ngIf="logs && logs.length>0" class="py-3">
+    <div class="row justify-content-center">
+      <ngb-pagination
+        (pageChange)="loadPage($event)"
+        [(page)]="page"
+        [boundaryLinks]="true"
+        [collectionSize]="totalItems"
+        [maxSize]="5"
+        [pageSize]="itemsPerPage"
+        [rotate]="true"
+        [size]="'sm'"></ngb-pagination>
     </div>
+  </div>
 </div>
 
 <div *ngIf="message" class="utm-right-container">

frontend/src/app/app-management/app-logs/app-logs.component.ts

@@ -27,8 +27,7 @@ export class AppLogsComponent implements OnInit {
   req: { filters: ElasticFilterType[], index: string, top: number } = {
     filters: [
       {field: '@timestamp', operator: ElasticOperatorsEnum.IS_BETWEEN, value: ['now-7d', 'now']},
-      {field: 'log.containerName.keyword', operator: ElasticOperatorsEnum.IS, value: 'utmstack_backend'}
-    ], index: 'v11-log-utmstack-*', top: 100000
+    ], index: 'v11-backend-logs', top: 100000
   };
   sources = ['PANEL', 'AGENT'];
   types = ['ERROR', 'WARNING', 'INFO'];
@@ -58,6 +57,7 @@ export class AppLogsComponent implements OnInit {
   private onSuccess(data, headers) {
     this.totalItems = headers.get('X-Total-Count');
     this.logs = data || [];
+    console.log('Logs loaded:', this.logs);
     this.loading = false;
   }
 

frontend/src/app/app-module/app-module.module.ts

@@ -63,6 +63,7 @@ import {ModuleIntegrationComponent} from './module-integration/module-integratio
 import {ModuleService} from './services/module.service';
 import {AppModuleSharedModule} from './shared/app-module-shared.module';
 import {GuideUtmstackComponent} from "./guides/guide-utmstack/guide-utmstack.component";
+import {GuideCrowdstrikeComponent} from "./guides/guide-crowdstrike/guide-crowdstrike.component";
 
 
 @NgModule({
@@ -121,7 +122,8 @@ import {GuideUtmstackComponent} from "./guides/guide-utmstack/guide-utmstack.com
     InstallLogCollectorComponent,
     AgentInstallSelectorComponent,
     OracleComponent,
-    GuideUtmstackComponent
+    GuideUtmstackComponent,
+    GuideCrowdstrikeComponent
   ],
   imports: [
     CommonModule,

frontend/src/app/app-module/conf/int-generic-group-config/int-generic-group-config.component.html

@@ -87,7 +87,7 @@
             <label [for]="'sectionParam'+integrationConfig.id" class="pb-1 span-small-icon d-flex justify-content-between align-items-center">
           <span>
             <i [ngbTooltip]="'This param is required'"
-               [ngClass]="!checkConfigValue(integrationConfig.confValue)?'text-danger':'text-success'"
+               [ngClass]="integrationConfig.confRequired && !checkConfigValue(integrationConfig.confValue) ? 'text-danger' : 'text-success'"
                class="icon-circle2 mr-1"
                placement="auto"></i>
             {{integrationConfig.confName}}
@@ -147,7 +147,7 @@
             </app-utm-file-upload>
 
             <small
-              *ngIf="integrationConfig.confValue === '' || integrationConfig.confValue === null || integrationConfig.confValue=== undefined"
+              *ngIf="integrationConfig.confRequired && (integrationConfig.confValue === '' || integrationConfig.confValue === null || integrationConfig.confValue=== undefined)"
               class="text-danger">
               Param {{integrationConfig.confName}} is required
             </small>

frontend/src/app/app-module/guides/guide-crowdstrike/crowdstrike.steps.ts

@@ -0,0 +1,62 @@
+import {COLLECTOR_MESSAGE, Step} from '../shared/step';
+
+export const CROWDSTRIKE_STEPS: Step[] = [
+  {
+    id: '1',
+    name: 'Open the main menu. Click the hamburger icon in the top‑left corner labeled "Open menu".' +
+      'Navigate to API management. Select **Support and resources** then **API Clients and Keys**.',
+    content: {
+      id: 'stepContent1',
+      images: [{
+        alt: 'Open menu hamburger top-left',
+        src: '../../../../assets/img/guides/crowdstrike/1.png',
+      }]
+    }
+  },
+  {
+    id: '2',
+    name: 'Create a new API client. Click **Create API Client**, ' +
+      'provide a descriptive client name (used to identify event sources) and select the API scopes required for Event Streams.',
+    content: {
+      id: 'stepContent2',
+      images: [{
+        alt: 'Create API client form with name and scopes',
+        src: '../../../../assets/img/guides/crowdstrike/2.png',
+      }]
+    }
+  },
+  {
+    id: '3',
+    name: 'Generate credentials. Click **Create** to generate the client credentials and endpoint information.',
+    content: {
+      id: 'stepContent3',
+      images: [{
+        alt: 'Create button to generate API credentials',
+        src: '../../../../assets/img/guides/crowdstrike/3.png',
+      }]
+    }
+  },
+  {
+    id: '4',
+    name: 'Record the credentials securely. Note the **Client ID**, **Client Secret** and the **Base URL** for the selected region.',
+    content: {
+      id: 'stepContent4',
+      images: [{
+        alt: 'Screen showing Client ID Client Secret and Base URL',
+        src: '../../../../assets/img/guides/crowdstrike/4.png',
+      }]
+    }
+  },
+  {
+    id: '5',
+    name: 'Insert information in the following inputs.You can add more than one CrowdStrike configuration by clicking on Add tenant button.',
+    content: {
+      id: 'stepContent5'
+    }
+  },
+  {id: '6', name: 'Click on the button shown below, to activate the UTMStack features related to this integration',
+    content: {
+      id: 'stepContent6'
+    }
+  }
+];

frontend/src/app/app-module/guides/guide-crowdstrike/guide-crowdstrike.component.css

@@ -0,0 +1,54 @@
+<div class="w-100 h-100">
+  <div class="card-header d-flex justify-content-between align-items-center">
+    <h4 class="card-title mb-0 text-primary">
+      CROWDSTRIKE FALCON INTEGRATION
+    </h4>
+  </div>
+
+  <div class="card-body">
+    <div class="alert alert-warning alert-styled-right mb-3">
+      The UTMStack AS400 Collector communicate over ports 9000, 9001 and 50051. Please make sure these ports are open.
+    </div>
+    <ol class="setup_list">
+      <app-utm-list [items]="steps">
+        <ng-template stepTemplateRef let-step>
+          <li>
+            <app-step>
+              <span stepNumber>{{step.id}}</span>
+              <div [innerHtml]="step.name"></div>
+              <ng-container *ngIf="step.content">
+
+                <ng-template [ngIf]="step.content['images']">
+                  <app-utm-list [items]="step.content['images']">
+                    <ng-template stepTemplateRef let-image>
+                      <img [alt]="image.alt" class="step-img" [src]="image.src">
+                    </ng-template>
+                  </app-utm-list>
+                </ng-template>
+
+                <ng-template [ngIf]="step.content.id === 'stepContent5'">
+                  <app-int-generic-group-config [moduleId]="integrationId"
+                                                (configValidChange)="configValidChange($event)"
+                                                [serverId]="serverId"></app-int-generic-group-config>
+                </ng-template>
+
+                <ng-template [ngIf]="step.content.id === 'stepContent6'">
+                  <div  class="mt-3">
+                    <app-app-module-activate-button [module]="module.CROWDSTRIKE"
+                                                    [type]="'integration'"
+                                                    [disabled]="configValidity"
+                                                    [serverId]="serverId">
+                    </app-app-module-activate-button>
+                  </div>
+                </ng-template>
+
+              </ng-container>
+            </app-step>
+          </li>
+        </ng-template>
+      </app-utm-list>
+    </ol>
+  </div>
+</div>
+
+

frontend/src/app/app-module/guides/guide-crowdstrike/guide-crowdstrike.component.html

@@ -0,0 +1,28 @@
+import {Component, Input, OnInit} from '@angular/core';
+import {UtmModulesEnum} from '../../shared/enum/utm-module.enum';
+import {Step} from '../shared/step';
+import {CROWDSTRIKE_STEPS} from './crowdstrike.steps';
+
+@Component({
+  selector: 'app-guide-crowdstrike',
+  templateUrl: './guide-crowdstrike.component.html',
+  styleUrls: ['./guide-crowdstrike.component.css']
+})
+export class GuideCrowdstrikeComponent implements OnInit {
+  @Input() integrationId: number;
+  module = UtmModulesEnum;
+  @Input() serverId: number;
+  configValidity = false;
+  steps: Step[] = CROWDSTRIKE_STEPS;
+
+  constructor() {
+  }
+
+  ngOnInit() {
+  }
+
+  configValidChange($event: boolean) {
+    this.configValidity = !$event;
+  }
+
+}

frontend/src/app/app-module/guides/guide-crowdstrike/guide-crowdstrike.component.ts

@@ -176,6 +176,9 @@
         <app-guide-utmstack *ngSwitchCase="moduleEnum.UTMSTACK" [serverId]="serverId"
                          [integrationId]="module.id"></app-guide-utmstack>
 
+      <app-guide-crowdstrike *ngSwitchCase="moduleEnum.CROWDSTRIKE" [serverId]="serverId"
+                             [integrationId]="module.id"></app-guide-crowdstrike>
+
         <app-guide-soc-ai *ngSwitchCase="moduleEnum.SOC_AI" [serverId]="serverId"
                           [integrationId]="module.id"></app-guide-soc-ai>
 

frontend/src/app/app-module/module-integration/module-integration.component.html

@@ -69,5 +69,6 @@ export enum UtmModulesEnum {
   SOC_AI = 'SOC_AI',
   ORACLE = 'ORACLE',
   SURICATA= 'SURICATA',
-  UTMSTACK= 'UTMSTACK'
+  UTMSTACK= 'UTMSTACK',
+  CROWDSTRIKE= 'CROWDSTRIKE',
 }