Skip to content
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ <h5 class="card-title mb-0 text-uppercase label-header">Incident Response Audit<
<div class="card-header p-2 w-100 d-flex justify-content-between">
<div class="d-flex flex-grow-1">

<ng-select (change)="selectType($event)"
<ng-select [(ngModel)]="selectedOriginType"
(change)="selectType($event)"
[clearable]="true"
[items]="appliedTypes"
[loadingText]="'Loading types....'"
Expand All @@ -19,9 +20,16 @@ <h5 class="card-title mb-0 text-uppercase label-header">Incident Response Audit<
[loading]="!appliedTypes">
</ng-select>

<div class="w-25 ml-3">
<div class="w-25 ml-3" *ngIf="agentSelectVisible">
<app-utm-agent-select (agentSelect)="onAgentSelect($event)" [onlyWithCommands]="true"></app-utm-agent-select>
</div>

<button type="button"
class="btn btn-sm btn-outline-secondary ml-3"
[disabled]="!hasActiveFilters()"
(click)="clearFilters()">
Clear filters
</button>
</div>
</div>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,13 @@ export class IncidentResponseViewComponent implements OnInit, OnDestroy {
appliedTypes = [
{label: 'Alert', key: IncidentOriginTypeEnum.ALERT},
{label: 'Incident', key: IncidentOriginTypeEnum.INCIDENT},
{label: 'Incident response', key: IncidentOriginTypeEnum.INCIDENT_RESPONSE},
{label: 'Incident response (manual run)', key: IncidentOriginTypeEnum.INCIDENT_RESPONSE},
{label: 'SOAR flow (automation)', key: IncidentOriginTypeEnum.INCIDENT_RESPONSE_AUTOMATION},
{label: 'SOAR console', key: IncidentOriginTypeEnum.SOAR_CONSOLE},
{label: 'User execution', key: IncidentOriginTypeEnum.USER_EXECUTION},
];
selectedOriginType: IncidentOriginTypeEnum | null = null;
agentSelectVisible = true;

constructor(private incidentResponseJobService: IncidentResponseJobService,
private agentManagerService: UtmAgentManagerService,
Expand Down Expand Up @@ -158,6 +162,24 @@ export class IncidentResponseViewComponent implements OnInit, OnDestroy {
this.requestParams.searchQuery = this.convertParamMapToQueryParam();
this.getAgentCommandList();
}

hasActiveFilters(): boolean {
return this.paramMap.size > 0;
}

clearFilters() {
if (!this.hasActiveFilters()) {
return;
}
this.paramMap.clear();
this.selectedOriginType = null;
this.requestParams.searchQuery = '';
this.requestParams.pageNumber = 1;
this.page = 1;
this.agentSelectVisible = false;
setTimeout(() => this.agentSelectVisible = true);
this.getAgentCommandList();
}
}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,8 @@ export class PlaybookBuilderComponent implements OnInit, OnDestroy {
this.formRule.get('excludedAgents').setValue(this.rule.excludedAgents);
this.formRule.get('agentType').setValue(this.rule.excludedAgents.length === 0 && this.rule.defaultAgent !== '');
this.formRule.get('defaultAgent').setValue(this.rule.defaultAgent);
this.rule.actions.forEach(action => this.workflowService.addActions(action));
const actionsWithConditional = this.workflowService.inferConditionals(this.rule.command, this.rule.actions);
actionsWithConditional.forEach(action => this.workflowService.addActions(action));

},
error => {
Expand Down Expand Up @@ -203,9 +204,16 @@ export class PlaybookBuilderComponent implements OnInit, OnDestroy {
}
}

syncCommandFromActions() {
const actions = this.workflowService.getActions();
this.formRule.get('actions').setValue(actions);
this.formRule.get('command').setValue(this.workflowService.buildCommand(actions));
}

saveRule() {
const action = 'created';
const actionError = 'creating';
this.syncCommandFromActions();
this.incidentResponseRuleService.create(this.formRule.value)
.subscribe(() => {
this.utmToastService.showSuccessBottom('Flow ' + action + ' successfully');
Expand All @@ -216,7 +224,7 @@ export class PlaybookBuilderComponent implements OnInit, OnDestroy {
editRule() {
const action = 'edited';
const actionError = 'editing';
this.formRule.get('command').setValue(this.command);
this.syncCommandFromActions();
this.incidentResponseRuleService.update(this.formRule.value).subscribe(() => {
this.utmToastService.showSuccessBottom('Flow ' + action + ' successfully');
this.router.navigate(['soar/flows']);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ <h4 class="panel-title m-0">Flow Actions</h4>

<div class="workflow-timeline mb-3">

<div *ngFor="let action of workflow; let first = first" class="action-wrapper d-flex flex-column w-100">
<div *ngFor="let action of workflow; let first = first; let i = index" class="action-wrapper d-flex flex-column w-100">
<!-- Action block -->
<div class="action-block cursor-pointer d-flex flex-column w-100 p-2" style="height: 120px;">

Expand All @@ -130,7 +130,7 @@ <h4 class="panel-title m-0">Flow Actions</h4>
<app-action-conditional
*ngIf="!first"
[option]="action.conditional"
(optionChange)="updateAction(action, $event)">
(optionChange)="updateAction(action, i, $event)">
</app-action-conditional>
<div style="min-height: 37px" class="d-flex flex-column justify-content-start icon-cross2 font-size-xs cursor-pointer ml-2"
(click)="removeAction(action)">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -157,8 +157,8 @@ export class ActionBuilderComponent implements OnInit, OnDestroy {

}

updateAction(action: any, $event: { key: ActionConditionalEnum; value: string }) {
this.workflowActionsService.updateAction({
updateAction(action: any, index: number, $event: { key: ActionConditionalEnum; value: string }) {
this.workflowActionsService.updateAction(index, {
...action,
conditional: $event
});
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import {Component, Input, OnInit} from '@angular/core';
import {Observable} from 'rxjs';
import {filter, tap} from 'rxjs/operators';
import {IncidentOriginTypeEnum} from '../../../../shared/enums/incident-response/incident-origin-type.enum';
import {AgentType} from '../../../../shared/types/agent/agent.type';
import {IncidentCommandType} from '../../../../shared/types/incident/incident-command.type';
import {AgentSidebarService} from '../agent-sidebar/agent-sidebar.service';
Expand All @@ -25,7 +26,7 @@ export class InteractiveConsoleComponent implements OnInit {
this.websocketCommand = {
command: '',
originId: agent.id.toString(),
originType: 'SOAR-CONSOLE',
originType: IncidentOriginTypeEnum.SOAR_CONSOLE,
reason: 'Interactive console command',
};
}));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,60 @@ export class WorkflowActionsService {
actions$ = this.actionsBehaviorSubject.asObservable();

readonly command$: Observable<string> = this.actions$.pipe(
map(actions => {
if (actions.length === 1) {
return actions[0].command;
map(actions => this.buildCommand(actions))
);

buildCommand(actions: IncidentResponseActionTemplate[] = this.getActions()): string {
if (!actions || actions.length === 0) {
return '';
}

if (actions.length === 1) {
return actions[0].command;
}

return actions.map((action, index) => {
const operator = index === 0 ? ''
: action.conditional.key === ActionConditionalEnum.SUCCESS ? '&&'
: action.conditional.key === ActionConditionalEnum.FAILURE ? '||'
: ';';

return `${operator} ${action.command}`.trim();
}).join(' ').trim();
}

inferConditionals(command: string, actions: IncidentResponseActionTemplate[]): IncidentResponseActionTemplate[] {
if (!actions || actions.length === 0) {
return actions || [];
}

if (!command || actions.length === 1) {
return [{ ...actions[0], conditional: { key: ActionConditionalEnum.ALWAYS, value: ';' } }];
}

const result: IncidentResponseActionTemplate[] = [];
let cursor = 0;

actions.forEach((action, index) => {
const idx = command.indexOf(action.command, cursor);

if (index === 0 || idx === -1) {
result.push({ ...action, conditional: { key: ActionConditionalEnum.ALWAYS, value: ';' } });
} else {
const gap = command.slice(cursor, idx).trim();
const conditional = gap === '&&' ? { key: ActionConditionalEnum.SUCCESS, value: '&&' }
: gap === '||' ? { key: ActionConditionalEnum.FAILURE, value: '||' }
: { key: ActionConditionalEnum.ALWAYS, value: ';' };
result.push({ ...action, conditional });
}

return actions.map((action, index) => {
const operator = index === 0 ? ''
: action.conditional.key === ActionConditionalEnum.SUCCESS ? '&&'
: action.conditional.key === ActionConditionalEnum.FAILURE ? '||'
: ';';
if (idx !== -1) {
cursor = idx + action.command.length;
}
});

return `${operator} ${action.command}`.trim();
}).join(' ').trim();
})
);
return result;
}

addActions(action: any) {
const actions = this.actionsBehaviorSubject.value ? this.actionsBehaviorSubject.value : [];
Expand All @@ -38,18 +77,16 @@ export class WorkflowActionsService {
}]);
}

updateAction(action: any) {
const actions = this.actionsBehaviorSubject.value ? this.actionsBehaviorSubject.value : [];

const index = actions.findIndex((act: any) => act.id === action.id);
updateAction(index: number, action: any) {
const actions = this.getActions();
if (index < 0 || index >= actions.length) {
return;
}

const newActions = [...actions];
newActions[index] = {
...action,
};
newActions[index] = { ...action };

this.actionsBehaviorSubject.next(newActions);

}

deleteAction(action: any) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ export enum IncidentOriginTypeEnum {
DATA_SOURCE = 'DATA_SOURCES',
INCIDENT = 'INCIDENT',
INCIDENT_RESPONSE = 'INCIDENT_RESPONSE',
INCIDENT_RESPONSE_AUTOMATION = 'INCIDENT_RESPONSE_AUTOMATION'
INCIDENT_RESPONSE_AUTOMATION = 'INCIDENT_RESPONSE_AUTOMATION',
SOAR_CONSOLE = 'SOAR-CONSOLE'
}
Loading