#110 add operations as result of active response

TheHive-Project · Jun 21, 2018 · d409944 · d409944
1 parent e6552e1
commit d409944
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 2 deletions.
diff --git a/app/org/thp/cortex/controllers/JobCtrl.scala b/app/org/thp/cortex/controllers/JobCtrl.scala
@@ -108,7 +108,8 @@ class JobCtrl @Inject() (
           "summary" -> Json.parse(report.summary()),
           "full" -> Json.parse(report.full()),
           "success" -> true,
-          "artifacts" -> artifacts)
+          "artifacts" -> artifacts,
+          "operations" -> Json.parse(report.operations()))
       case JobStatus.Failure ⇒
         val errorMessage = job.errorMessage().getOrElse("")
         Future.successful(Json.obj(

diff --git a/app/org/thp/cortex/models/Report.scala b/app/org/thp/cortex/models/Report.scala
@@ -9,6 +9,7 @@ import org.elastic4play.models.{ AttributeDef, EntityDef, AttributeFormat ⇒ F,
 trait ReportAttributes { _: AttributeDef ⇒
   val full = attribute("full", F.textFmt, "Full content of the report", O.readonly)
   val summary = attribute("summary", F.textFmt, "Summary of the report", O.readonly)
+  val operations = attribute("operations", F.textFmt, "Update operations applied at the end of the job", "[]", O.unaudited)
 }
 
 @Singleton

diff --git a/app/org/thp/cortex/services/JobSrv.scala b/app/org/thp/cortex/services/JobSrv.scala
@@ -352,9 +352,11 @@ class JobSrv(
             val fullReport = (report \ "full").as[JsObject].toString
             val summaryReport = (report \ "summary").as[JsObject].toString
             val artifacts = (report \ "artifacts").asOpt[Seq[JsObject]].getOrElse(Nil)
+            val operations = (report \ "operations").asOpt[Seq[JsObject]].getOrElse(Nil)
             val reportFields = Fields.empty
               .set("full", fullReport)
               .set("summary", summaryReport)
+              .set("operations", JsArray(operations).toString)
             createSrv[ReportModel, Report, Job](reportModel, job, reportFields)
               .flatMap { report ⇒
                 Future.traverse(artifacts) { artifact ⇒

diff --git a/test/resources/analyzers/echoAnalyzer/echoAnalyzer.sh b/test/resources/analyzers/echoAnalyzer/echoAnalyzer.sh
@@ -18,6 +18,10 @@ cat << EOF
 			"dataType": ${DATATYPE}
 		}
 	],
-	"full": ${ARTIFACT}
+	"full": ${ARTIFACT},
+	"operations": [
+		{ "type": "AddTagToCase", "tag": "From Action Operation" },
+		{ "type": "CreateTask", "title": "task created by action", "description": "yop !" }
+	]
 }
 EOF