From 423c028792be105269ccf09d3cd271199ba3babc Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Mon, 15 Feb 2021 22:21:58 +0100
Subject: [PATCH] #1766 WIP: Add TTPs section to case details page

---
 frontend/app/index.html                       |   4 +
 frontend/app/scripts/app.js                   |  12 +
 .../controllers/case/CaseProceduresCtrl.js    | 276 +++++++++++++++++
 .../case/procedure/AddProcedureModalCtrl.js   |  75 +++++
 .../scripts/services/api/AttackPatternSrv.js  | 124 +++++++-
 .../app/scripts/services/api/ProcedureSrv.js  |  29 ++
 .../app/scripts/services/ui/CaseTabsSrv.js    |   6 +
 frontend/app/styles/case.css                  |   9 +
 frontend/app/styles/procedure.css             |  80 +++++
 frontend/app/views/app.case.html              |   5 +
 .../app/views/directives/updatable-text.html  |   2 +-
 .../views/partials/case/case.procedures.html  | 289 ++++++++++++++++++
 .../case/procedures/add-procedure.modal.html  |  82 +++++
 .../partials/case/procedures/filters.html     |  39 +++
 .../partials/case/procedures/toolbar.html     |  23 ++
 15 files changed, 1051 insertions(+), 4 deletions(-)
 create mode 100644 frontend/app/scripts/controllers/case/CaseProceduresCtrl.js
 create mode 100644 frontend/app/scripts/controllers/case/procedure/AddProcedureModalCtrl.js
 create mode 100644 frontend/app/scripts/services/api/ProcedureSrv.js
 create mode 100644 frontend/app/styles/procedure.css
 create mode 100644 frontend/app/views/partials/case/case.procedures.html
 create mode 100644 frontend/app/views/partials/case/procedures/add-procedure.modal.html
 create mode 100644 frontend/app/views/partials/case/procedures/filters.html
 create mode 100644 frontend/app/views/partials/case/procedures/toolbar.html

diff --git a/frontend/app/index.html b/frontend/app/index.html
index 61bbbc08cb..13fb45716f 100644
--- a/frontend/app/index.html
+++ b/frontend/app/index.html
@@ -50,6 +50,7 @@
     <link rel="stylesheet" href="styles/dashboard.css"/>
     <link rel="stylesheet" href="styles/case-item.css"/>
     <link rel="stylesheet" href="styles/case-template.css"/>
+    <link rel="stylesheet" href="styles/procedure.css"/>
     <link rel="stylesheet" href="styles/custom-fields.css"/>
     <link rel="stylesheet" href="styles/directives/page-sizer.css"/>
     <link rel="stylesheet" href="styles/directives/user.css"/>
@@ -188,6 +189,7 @@
     <script src="scripts/controllers/case/CaseObservablesCtrl.js"></script>
     <script src="scripts/controllers/case/CaseObservablesExportCtrl.js"></script>
     <script src="scripts/controllers/case/CaseObservablesItemCtrl.js"></script>
+    <script src="scripts/controllers/case/CaseProceduresCtrl.js"></script>
     <script src="scripts/controllers/case/CaseReopenModalCtrl.js"></script>
     <script src="scripts/controllers/case/CaseSharingCtrl.js"></script>
     <script src="scripts/controllers/case/CaseStatsCtrl.js"></script>
@@ -199,6 +201,7 @@
     <script src="scripts/controllers/case/ObservableCreationCtrl.js"></script>
     <script src="scripts/controllers/case/ObservablesStatsCtrl.js"></script>
     <script src="scripts/controllers/case/ObservableUpdateCtrl.js"></script>
+    <script src="scripts/controllers/case/procedure/AddProcedureModalCtrl.js"></script>
     <script src="scripts/controllers/case/share/CaseShareModalCtrl.js"></script>
     <script src="scripts/controllers/case/tasklogs/AddTaskLogModalCtrl.js"></script>
     <script src="scripts/controllers/cortex/CortexInstanceDialogCtrl.js"></script>
@@ -301,6 +304,7 @@
     <script src="scripts/services/api/MispSrv.js"></script>
     <script src="scripts/services/api/ObservableTypeSrv.js"></script>
     <script src="scripts/services/api/OrganisationSrv.js"></script>
+    <script src="scripts/services/api/ProcedureSrv.js"></script>
     <script src="scripts/services/api/ProfileSrv.js"></script>
     <script src="scripts/services/api/TagSrv.js"></script>
     <script src="scripts/services/api/TaskLogSrv.js"></script>
diff --git a/frontend/app/scripts/app.js b/frontend/app/scripts/app.js
index 581b5bf4bd..aa39a7c584 100644
--- a/frontend/app/scripts/app.js
+++ b/frontend/app/scripts/app.js
@@ -513,6 +513,18 @@ angular.module('thehive', [
                     isSuperAdmin: false
                 }
             })
+            .state('app.case.procedures', {
+                url: '/procedures',
+                templateUrl: 'views/partials/case/case.procedures.html',
+                controller: 'CaseProceduresCtrl',
+                controllerAs: '$vm',
+                data: {
+                    tab: 'procedures'
+                },
+                guard: {
+                    isSuperAdmin: false
+                }
+            })
             .state('app.alert-list', {
                 url: 'alert/list',
                 templateUrl: 'views/partials/alert/list.html',
diff --git a/frontend/app/scripts/controllers/case/CaseProceduresCtrl.js b/frontend/app/scripts/controllers/case/CaseProceduresCtrl.js
new file mode 100644
index 0000000000..9aa5021db4
--- /dev/null
+++ b/frontend/app/scripts/controllers/case/CaseProceduresCtrl.js
@@ -0,0 +1,276 @@
+(function() {
+    'use strict';
+    angular.module('theHiveControllers')
+        .controller('CaseProceduresCtrl', CaseProceduresCtrl);
+
+    function CaseProceduresCtrl($scope, $state, $stateParams, $uibModal, ModalUtilsSrv, AttackPatternSrv, FilteringSrv, CaseTabsSrv, ProcedureSrv, PaginatedQuerySrv, NotificationSrv, AppLayoutSrv) {
+        var self = this;
+
+        CaseTabsSrv.activateTab($state.current.data.tab);
+
+        this.caseId = $stateParams.caseId;
+        this.tactics = AttackPatternSrv.tactics.values;
+
+        this.$onInit = function() {
+            self.filtering = new FilteringSrv('procedure', 'procedure.list', {
+                version: 'v1',
+                defaults: {
+                    showFilters: true,
+                    showStats: false,
+                    pageSize: 15,
+                    sort: ['-occurDate'],
+                },
+                defaultFilter: []
+            });
+
+            self.filtering.initContext(self.caseId)
+                .then(function() {
+                    self.load();
+
+                    $scope.$watchCollection('$vm.list.pageSize', function (newValue) {
+                        self.filtering.setPageSize(newValue);
+                    });
+                });
+        };
+
+        this.addProcedure = function() {
+            var modalInstance = $uibModal.open({
+                animation: true,
+                // keyboard: false,
+                // backdrop: 'static',
+                templateUrl: 'views/partials/case/procedures/add-procedure.modal.html',
+                controller: 'AddProcedureModalCtrl',
+                controllerAs: '$modal',
+                size: 'lg',
+                resolve: {
+                    caseId: function() {
+                        return self.caseId;
+                    }
+                }
+            });
+
+            return modalInstance.result
+                .then(function() {
+                    self.load();
+                });
+        };
+
+        this.updateDescription = function(procedure) {
+            ProcedureSrv.update(procedure._id, {
+                description: procedure.description
+            }).then(function(response) {
+                console.log(response);
+            }).catch(function(err) {
+                NotificationSrv.error('ProcedureCtrl', err.data, err.status);
+            });
+        };
+
+        // $scope.state = {
+        //     isNewTask: false,
+        //     showGrouped: !!AppLayoutSrv.layout.groupTasks
+        // };
+        // $scope.newTask = {
+        //     status: 'Waiting'
+        // };
+        // $scope.taskResponders = null;
+        // $scope.collapseOptions = {};
+
+        // $scope.getAssignableUsers = function(taskId) {
+        //     return [
+        //         {_name: 'getTask', idOrName: taskId},
+        //         {_name: 'assignableUsers'}
+        //     ];
+        // };
+
+        this.load = function() {
+            self.list = new PaginatedQuerySrv({
+                name: 'case-procedures',
+                root: self.caseId,
+                // objectType: 'case_task',
+                version: 'v1',
+                scope: $scope,
+                sort: self.filtering.context.sort,
+                loadAll: false,
+                pageSize: self.filtering.context.pageSize,
+                filter: self.filtering.buildQuery(),
+                operations: [
+                    {'_name': 'getCase', "idOrName": self.caseId},
+                    {'_name': 'procedures'}
+                ],
+                extraData: ['pattern']
+            });
+        };
+
+        self.showPattern = function(patternId) {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'views/partials/admin/attack/view.html',
+                controller: 'AttackPatternDialogCtrl',
+                controllerAs: '$modal',
+                size: 'max',
+                resolve: {
+                    pattern: function() {
+                        return AttackPatternSrv.get(patternId);
+                    }
+                }
+            });
+        };
+
+        this.toggleFilters = function () {
+            this.filtering.toggleFilters();
+        };
+
+
+        this.filter = function () {
+            self.filtering.filter().then(this.applyFilters);
+        };
+
+        this.clearFilters = function () {
+            this.filtering.clearFilters()
+                .then(self.search);
+        };
+
+        this.addFilter = function (field, value) {
+            self.filtering.addFilter(field, value).then(this.applyFilters);
+        };
+
+        this.removeFilter = function (index) {
+            self.filtering.removeFilter(index)
+                .then(self.search);
+        };
+
+        this.search = function () {
+            self.load();
+            self.filtering.storeContext();
+        };
+
+        this.addFilterValue = function (field, value) {
+            this.filtering.addFilterValue(field, value);
+            this.search();
+        };
+
+        self.filterBy = function(field, value) {
+            self.filtering.clearFilters()
+                .then(function() {
+                    self.addFilterValue(field, value);
+                });
+        };
+
+        self.sortByField = function(field) {
+            var context = this.filtering.context;
+            var currentSort = Array.isArray(context.sort) ? context.sort[0] : context.sort;
+            var sort = null;
+
+            if(currentSort.substr(1) !== field) {
+                sort = ['+' + field];
+            } else {
+                sort = [(currentSort === '+' + field) ? '-'+field : '+'+field];
+            }
+
+            self.list.sort = sort;
+            self.list.update();
+            self.filtering.setSort(sort);
+        };
+
+        // $scope.filterMyTasks = function() {
+        //     $scope.filtering.clearFilters()
+        //         .then(function() {
+        //             var currentUser = AuthenticationSrv.currentUser;
+        //             $scope.filtering.addFilter({
+        //                 field: 'assignee',
+        //                 type: 'user',
+        //                 value: {
+        //                     list: [{
+        //                         text: currentUser.login,
+        //                         label: currentUser.name
+        //                     }]
+        //                 }
+        //             });
+        //             $scope.search();
+        //         });
+        // };
+
+        // $scope.toggleGroupedView = function() {
+        //     $scope.state.showGrouped = !$scope.state.showGrouped;
+        //
+        //     AppLayoutSrv.groupTasks($scope.state.showGrouped);
+        // };
+
+        // $scope.buildTaskGroups = function(tasks) {
+        //     // Sort tasks by order
+        //     var orderedTasks = _.sortBy(_.map(tasks, function(t) {
+        //         return _.pick(t, 'group', 'order');
+        //     }), 'order');
+        //     var groups = [];
+        //
+        //     // Get group names by keeping the group orders
+        //     _.each(orderedTasks, function(task) {
+        //         if(groups.indexOf(task.group) === -1) {
+        //             groups.push(task.group);
+        //         }
+        //     });
+        //
+        //     var groupedTasks = [];
+        //     _.each(groups, function(group) {
+        //         groupedTasks.push({
+        //             group: group,
+        //             tasks: _.filter(tasks, function(t) {
+        //                 return t.group === group;
+        //             })
+        //         });
+        //     });
+        //
+        //     $scope.groups = groups;
+        //     $scope.groupedTasks = groupedTasks;
+        // };
+
+        // $scope.showTask = function(taskId) {
+        //     $state.go('app.case.tasks-item', {
+        //         itemId: taskId
+        //     });
+        // };
+
+        // $scope.updateField = function (fieldName, newValue, task) {
+        //     var field = {};
+        //     field[fieldName] = newValue;
+        //     return CaseTaskSrv.update({
+        //         taskId: task._id
+        //     }, field, function () {}, function (response) {
+        //         NotificationSrv.error('taskList', response.data, response.status);
+        //     });
+        // };
+
+        // $scope.addTask = function() {
+        //     CaseTaskSrv.save({
+        //         'caseId': $scope.caseId,
+        //         'flag': false
+        //     }, $scope.newTask, function() {
+        //         $scope.isNewTask = false;
+        //         $scope.newTask.title = '';
+        //         $scope.newTask.group = '';
+        //         NotificationSrv.success('Task has been successfully added');
+        //     }, function(response) {
+        //         NotificationSrv.error('taskList', response.data, response.status);
+        //     });
+        // };
+        //
+        // $scope.removeTask = function(task) {
+        //
+        //     ModalUtilsSrv.confirm('Delete task', 'Are you sure you want to delete the selected task?', {
+        //         okText: 'Yes, remove it',
+        //         flavor: 'danger'
+        //     }).then(function() {
+        //         CaseTaskSrv.update({
+        //             'taskId': task._id
+        //         }, {
+        //             status: 'Cancel'
+        //         }, function() {
+        //             $scope.$emit('tasks:task-removed', task);
+        //             NotificationSrv.success('Task has been successfully removed');
+        //         }, function(response) {
+        //             NotificationSrv.error('taskList', response.data, response.status);
+        //         });
+        //     });
+        // };
+    }
+}());
diff --git a/frontend/app/scripts/controllers/case/procedure/AddProcedureModalCtrl.js b/frontend/app/scripts/controllers/case/procedure/AddProcedureModalCtrl.js
new file mode 100644
index 0000000000..a4a90a56ba
--- /dev/null
+++ b/frontend/app/scripts/controllers/case/procedure/AddProcedureModalCtrl.js
@@ -0,0 +1,75 @@
+/**
+ * Controller for About TheHive modal page
+ */
+(function() {
+    'use strict';
+
+    angular.module('theHiveControllers').controller('AddProcedureModalCtrl', function($rootScope, $scope, $uibModalInstance, NotificationSrv, ProcedureSrv, AttackPatternSrv, caseId) {
+            var self = this;
+
+            this.caseId = caseId;
+
+            this.close = function() {
+                $uibModalInstance.close();
+            };
+
+            this.cancel = function() {
+                $rootScope.markdownEditorObjects.procedure.hidePreview();
+
+                $uibModalInstance.dismiss();
+            };
+
+            this.addProcedure = function() {
+                self.state.loading = true;
+
+                ProcedureSrv.create({
+                    caseId: self.caseId,
+                    tactic: self.procedure.tactic,
+                    description: self.procedure.description,
+                    patternId: self.procedure.patternId,
+                    occurDate: self.procedure.occurDate
+                }).then(function(/*response*/) {
+                    self.state.loading = false;
+                    $uibModalInstance.close();
+                    NotificationSrv.log('Tactic, Technique and Procedure added successfully', 'success');
+                }).catch(function(err) {
+                    NotificationSrv.error('Add TTP', err.data, err.status);
+                    self.state.loading = false;
+                });
+            };
+
+            this.showTechniques = function() {
+                AttackPatternSrv.getByTactic(self.procedure.tactic)
+                    .then(function(techniques) {
+                        self.state.techniques = techniques;
+
+                        self.procedure.patternId = null;
+                    });
+            };
+
+            this.$onInit = function() {
+                this.markdownEditorOptions = {
+                    iconlibrary: 'fa',
+                    addExtraButtons: true,
+                    resize: 'vertical'
+                };
+
+                this.procedure = {
+                    tactic: null,
+                    description: null,
+                    patternId: null
+                };
+
+                this.tactics = AttackPatternSrv.tactics;
+
+                this.state = {
+                    loading: false,
+                    selectedTactic: null,
+                    techniques: null
+                };
+
+                $scope.$broadcast('beforeProcedureModalShow');
+            };
+        }
+    );
+})();
diff --git a/frontend/app/scripts/services/api/AttackPatternSrv.js b/frontend/app/scripts/services/api/AttackPatternSrv.js
index 138e91ac25..53fc54ccd3 100644
--- a/frontend/app/scripts/services/api/AttackPatternSrv.js
+++ b/frontend/app/scripts/services/api/AttackPatternSrv.js
@@ -3,8 +3,74 @@
     'use strict';
     angular.module('theHiveServices')
         .service('AttackPatternSrv', function($http, $q, QuerySrv) {
+            var self = this;
             var baseUrl = './api/v1/pattern';
 
+            this.tacticsCache = {};
+
+            this.tactics = {
+                keys: [
+                    'reconnaissance',
+                    'resource-development',
+                    'initial-access',
+                    'execution',
+                    'persistence',
+                    'privilege-escalation',
+                    'defense-evasion',
+                    'credential-access',
+                    'discovery',
+                    'lateral-movement',
+                    'collection',
+                    'command-and-control',
+                    'exfiltration',
+                    'impact'
+                ],
+                values: {
+                    'reconnaissance': {
+                        label: 'Reconnaissance'
+                    },
+                    'resource-development': {
+                        label: 'Resource Development'
+                    },
+                    'initial-access': {
+                        label: 'Initial Access'
+                    },
+                    'execution': {
+                        label: 'Execution'
+                    },
+                    'persistence': {
+                        label: 'Persistence'
+                    },
+                    'privilege-escalation': {
+                        label: 'Privilege Escalation'
+                    },
+                    'defense-evasion': {
+                        label: 'Defense Evasion'
+                    },
+                    'credential-access': {
+                        label: 'Credential Access'
+                    },
+                    'discovery': {
+                        label: 'Discovery'
+                    },
+                    'lateral-movement': {
+                        label: 'Lateral Movement'
+                    },
+                    'collection': {
+                        label: 'Collection'
+                    },
+                    'command-and-control': {
+                        label: 'Command and Control'
+                    },
+                    'exfiltration': {
+                        label: 'Exfiltration'
+                    },
+                    'impact': {
+                        label: 'Impact'
+                    }
+                }
+            };
+
             this.list = function() {
                 return QuerySrv.call('v1', [
                     { _name: 'listPattern' }
@@ -13,6 +79,58 @@
                 });
             };
 
+            this.getByTactic = function(tactic) {
+                var defer = $q.defer();
+
+                if(self.tacticsCache[tactic]) {
+                    console.log('get techniques from cache for ', tactic);
+
+                    defer.resolve(self.tacticsCache[tactic]);
+                } else {
+                    console.log('get techniques from server for ', tactic);
+
+                    QuerySrv.call('v1', [
+                        { _name: 'listPattern'}
+                    ], {
+                        name:'list-attack-patterns-for-' + tactic,
+                        filter: {
+                            _and: [
+                                {
+                                    _field: 'patternType',
+                                    _value: 'attack-pattern'
+                                }, {
+                                    _like: {
+                                        _field: 'tactics',
+                                        _value: tactic
+                                    }
+                                },
+                                {
+                                    _field: 'revoked',
+                                    _value: false
+                                },
+                                {
+                                    _not: {
+                                        _contains: 'parent'
+                                    }
+                                }
+                            ]
+                        },
+                        sort: ['+patternId'],
+                        page: {
+                            from: 0,
+                            to: 100,
+                            extraData: ['children']
+                        }
+                    }).then(function(techniques) {
+                        self.tacticsCache[tactic] = techniques;
+
+                        defer.resolve(techniques);
+                    });
+                }
+
+                return defer.promise;
+            };
+
             this.get = function(id) {
 
                 var defer = $q.defer();
@@ -26,8 +144,8 @@
                         from: 0,
                         to: 1,
                         extraData: [
-                            "parent",
-                            "children"
+                            'parent',
+                            'children'
                         ]
                     }
                 }).then(function(response) {
@@ -36,7 +154,7 @@
                     defer.reject(err);
                 });
 
-                return defer.promise;                
+                return defer.promise;
             };
 
             this.import = function(post) {
diff --git a/frontend/app/scripts/services/api/ProcedureSrv.js b/frontend/app/scripts/services/api/ProcedureSrv.js
new file mode 100644
index 0000000000..7ee6d90ea6
--- /dev/null
+++ b/frontend/app/scripts/services/api/ProcedureSrv.js
@@ -0,0 +1,29 @@
+(function() {
+    'use strict';
+    angular.module('theHiveServices')
+        .service('ProcedureSrv', function($q, $http) {
+            var self = this;
+            var baseUrl = './api/v1/procedure';
+
+            self.get = function(procedureId) {
+                return $http.get(baseUrl + '/' + procedureId)
+                    .then(function(response) {
+                        return $q.resolve(response.data);
+                    });
+            };
+
+            self.create = function(data) {
+                return $http.post(baseUrl, data || {});
+            };
+
+            self.update = function(procedureId, updates) {
+                return $http.patch(baseUrl + '/' + procedureId, updates);
+            };
+
+            self.remove = function(procedureId, updates) {
+                return $http.delete(baseUrl + '/' + procedureId, updates);
+            };
+
+        });
+
+})();
diff --git a/frontend/app/scripts/services/ui/CaseTabsSrv.js b/frontend/app/scripts/services/ui/CaseTabsSrv.js
index 760537831f..456a687447 100644
--- a/frontend/app/scripts/services/ui/CaseTabsSrv.js
+++ b/frontend/app/scripts/services/ui/CaseTabsSrv.js
@@ -20,6 +20,12 @@
                 active: false,
                 label: 'Observables',
                 state: 'app.case.observables'
+            },
+            'procedures': {
+                name: 'procedures',
+                active: false,
+                label: 'TTPs',
+                state: 'app.case.procedures'
             }
         };
 
diff --git a/frontend/app/styles/case.css b/frontend/app/styles/case.css
index 839531f7eb..e552d0d14f 100644
--- a/frontend/app/styles/case.css
+++ b/frontend/app/styles/case.css
@@ -95,3 +95,12 @@ pre.error-trace {
     white-space: pre-wrap;
     background-color: #f9f1f1;
 }
+
+.procedure-techniques-list {
+    height: 200px;
+    overflow-y: scroll;
+    border-radius: 0;
+    box-shadow: none;
+    border: 1px solid #d2d6de;
+
+}
diff --git a/frontend/app/styles/procedure.css b/frontend/app/styles/procedure.css
new file mode 100644
index 0000000000..0830b99657
--- /dev/null
+++ b/frontend/app/styles/procedure.css
@@ -0,0 +1,80 @@
+.ttp-item {
+    margin-bottom: 10px;
+    border: 1px solid #f5f5f5;
+}
+
+.ttp-tactic {
+    width: 200px;
+    vertical-align: middle;
+}
+.ttp-name {
+    flex: 1;
+}
+.ttp-action {
+    width: 100px;
+    text-align: right
+}
+.ttp-date {
+    width: 140px;
+}
+.ttp-user {
+    width: 200px;
+}
+
+.ttp-item .ttp-header {
+    display: flex;
+    align-items: stretch;
+    justify-content: space-between;
+    flex-direction: row;
+    border-bottom: 1px solid #f5f5f5;
+    background-color: #fcfcfc;
+}
+.ttp-item .ttp-header > div {
+    padding: 10px;
+    vertical-align: middle;
+}
+
+.ttp-item .ttp-header .ttp-tactic {
+    background-color: #f5f5f5;
+    border-left: 4px solid #337ab7;
+    color: #337ab7;
+    display: flex;
+    align-items: center;
+}
+.ttp-item .ttp-header .ttp-tactic > div {
+    flex: 1
+}
+.ttp-item .ttp-header .ttp-name {
+    flex: 1;
+    display: flex;
+    align-items: center;
+}
+.ttp-item .ttp-header .ttp-name > div {
+    flex: 1
+}
+.ttp-item .ttp-header .ttp-date {
+    display: flex;
+    align-items: center;
+}
+.ttp-item .ttp-header .ttp-actions {
+    display: flex;
+    align-items: center;
+}
+
+.ttp-item .ttp-body {
+    padding: 10px;
+}
+
+.ttp-item-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    flex-direction: row;
+    margin-bottom: 10px;
+    border-bottom: 1px solid #f5f5f5;
+}
+
+.ttp-item-header > div {
+    font-weight: bold;
+    padding: 10px;
+}
diff --git a/frontend/app/views/app.case.html b/frontend/app/views/app.case.html
index 4a14ff4051..e548b9ce1f 100644
--- a/frontend/app/views/app.case.html
+++ b/frontend/app/views/app.case.html
@@ -23,6 +23,11 @@
                                 <span class="badge badge-primary">{{observableCount}}</span>
                             </span>
 
+                            <span ng-switch-when="procedures">
+                                <i class="glyphicon glyphicon-knight"></i>&nbsp;&nbsp; TTPs&nbsp;&nbsp;
+                                <!-- <span class="badge badge-primary">{{observableCount}}</span> -->
+                            </span>
+
                             <span ng-switch-default>
                                 <span ng-switch on="name[0]">
                                     <span ng-switch-when="t">
diff --git a/frontend/app/views/directives/updatable-text.html b/frontend/app/views/directives/updatable-text.html
index ef2ec25a26..634725c570 100644
--- a/frontend/app/views/directives/updatable-text.html
+++ b/frontend/app/views/directives/updatable-text.html
@@ -10,7 +10,7 @@
 
     <!-- Display empty text -->
     <span ng-if="!updatable.updating && value.length >0" class="updatable-input-value-wrapper updatable-input-markdown">
-        <small class="updatable-input-icon" ng-click="edit()">
+        <small class="updatable-input-icon clickable" ng-click="edit()">
             <i class="glyphicon glyphicon-pencil"></i>
         </small>
 
diff --git a/frontend/app/views/partials/case/case.procedures.html b/frontend/app/views/partials/case/case.procedures.html
new file mode 100644
index 0000000000..aabe59a4b5
--- /dev/null
+++ b/frontend/app/views/partials/case/case.procedures.html
@@ -0,0 +1,289 @@
+<div ng-include="'views/partials/case/procedures/toolbar.html'"></div>
+
+<div class="mt-xs filter-panel" ng-include="'views/partials/case/procedures/filters.html'" ng-show="$vm.filtering.context.showFilters"></div>
+
+<!-- Filters preview  -->
+<div class="row mt-xs">
+    <div class="col-md-12 clearfix">
+        <div class="pull-left">
+            <h4>
+                Tactics, Techniques and Procedures ({{$vm.list.values.length || 0}} of {{$vm.list.total}})
+            </h4>
+        </div>
+
+        <filters-preview filters="$vm.filtering.context.filters" on-clear-item="$vm.removeFilter(field)" on-clear-all="$vm.clearFilters()"></filters-preview>
+    </div>
+</div>
+
+<!-- Datalist  -->
+<div class="row mt-xs">
+    <div class="col-md-12 mv-s" ng-show="$vm.list.total === 0">
+        <div class="empty-message">No records</div>
+    </div>
+
+    <div class="col-md-12" ng-show="$vm.list.total > 0">
+        <psearch control="$vm.list"></psearch>
+
+        <div class="ttp-item-header">
+            <div class="ttp-tactic">
+                <a href class="text-default" ng-click="$vm.sortByField('tactic')">
+                    Tactic
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+tactic') === -1 && $vm.filtering.context.sort.indexOf('-tactic') === -1" class="fa fa-sort"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+tactic') !== -1" class="fa fa-caret-up"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('-tactic') !== -1" class="fa fa-caret-down"></i>
+                </a>
+            </div>
+            <div class="ttp-name">
+                <a href class="text-default" ng-click="$vm.sortByField('patternId')">
+                    Technique
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+patternId') === -1 && $vm.filtering.context.sort.indexOf('-patternId') === -1" class="fa fa-sort"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+patternId') !== -1" class="fa fa-caret-up"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('-patternId') !== -1" class="fa fa-caret-down"></i>
+                </a>
+            </div>
+            <div class="ttp-user">Created By</div>
+            <div class="ttp-date">
+                <a href class="text-default" ng-click="$vm.sortByField('occurDate')">
+                    Occur Date
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+occurDate') === -1 && $vm.filtering.context.sort.indexOf('-occurDate') === -1" class="fa fa-sort"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('+occurDate') !== -1" class="fa fa-caret-up"></i>
+                    <i ng-show="$vm.filtering.context.sort.indexOf('-occurDate') !== -1" class="fa fa-caret-down"></i>
+                </a>
+            </div>
+            <div class="ttp-action text-right">Actions</div>
+        </div>
+
+        <div class="ttp-item" ng-repeat="proc in $vm.list.values">
+            <div class="ttp-header">
+                <div class="ttp-tactic clickable" ng-click="proc.expanded = !proc.expanded">
+                    <div>
+                        <a class="mr-xxs">
+                            <i class="fa" ng-class="{true: 'fa-chevron-up', false: 'fa-chevron-down'}[!!proc.expanded]"></i>
+                        </a>
+
+                        {{$vm.tactics[proc.tactic].label}}
+
+                        <a href class="pull-right" ng-click="$vm.addFilterValue('tactic', proc.tactic)"><i class="fa fa-filter"></i></a>
+                    </div>
+                </div>
+                <div class="ttp-name" ng-if="proc.extraData.pattern.parent">
+                    <div>
+                        <a href ng-click="$vm.showPattern(proc.patternId)">{{proc.patternId}}</a> - {{proc.extraData.parent}}:{{proc.extraData.pattern.name}}
+
+                        <a href class="pull-right" ng-click="$vm.addFilterValue('patternId', proc.patternId)"><i class="fa fa-filter"></i></a>
+                    </div>                    
+                </div>
+                <div class="ttp-name" ng-if="!proc.extraData.pattern.parent">
+                    <div>
+                        <a href ng-click="$vm.showPattern(proc.patternId)">{{proc.patternId}}</a> - {{proc.extraData.pattern.name}}
+
+                        <a href class="pull-right" ng-click="$vm.addFilterValue('patternId', proc.patternId)"><i class="fa fa-filter"></i></a>
+                    </div>
+                </div>
+
+                <div class="ttp-user">
+                    <user user-id="proc._createdBy" icon-only="false" icon-size="m"></user>
+                </div>
+                <div class="ttp-date">
+                    <a href ng-click="$vm.addFilterValue('occurDate', proc.occurDate)">
+                        <span uib-tooltip="{{proc.occurDate | shortDate}}" tooltip-popup-delay="500" tooltip-placement="bottom">{{proc.occurDate | shortDate}}</span>
+                    </a>
+                </div>
+                <div class="ttp-action">
+                    <!-- <span if-permission="manageCase" allowed="{{userPermissions}}">
+                        <a href ng-click="$vm.deleteProcedure()" uib-tooltip="Delete" class="text-danger">
+                            <i class="fa fa-trash"></i> Delete
+                        </a>
+                    </span> -->
+
+
+
+                    <a class="btn btn-icon btn-clear" href ng-click="$vm.edit(proc)" uib-tooltip="Edit TTP" if-permission="manageCase" allowed="{{userPermissions}}">
+                        <i class="text-info fa fa-edit"></i>
+                    </a>
+                    <a class="btn btn-icon btn-clear text-danger" href ng-click="$vm.deleteProcedure()" uib-tooltip="Delete TTP" if-permission="manageCase" allowed="{{userPermissions}}">
+                        <i class="fa fa-trash"></i>
+                    </a>
+
+                </div>
+            </div>
+            <div class="ttp-body" ng-show="proc.expanded">
+                <label>Procedure</label>
+                <div class="description-pane" if-permission="manageCase" allowed="{{userPermissions}}">
+                    <updatable-text on-update="$vm.updateDescription(proc)" value="proc.description"></updatable-text>
+                </div>
+                <div class="description-pane" if-not-permission="manageCase" allowed="{{userPermissions}}">
+                    <div marked="proc.description" class="markdown"></div>
+                </div>
+            </div>
+        </div>
+
+
+        <!-- <div ng-repeat="proc in $vm.list.values" class="box box-default">
+            <div class="box-header with-border">
+                <h3 class="box-title">
+                    <button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
+                    </button>
+                    <span class="label label-primary">{{proc.tactic}}</span> {{proc.patternId}}: {{proc.extraData.pattern.name}}
+                </h3>
+
+                <div class="box-tools pull-right">
+                    <span class="text-muted mr-xs">
+                        <i class="glyphicon glyphicon-user"></i>
+                        <user-info value="proc._createdBy" field="organisation"></user-info>/<user-info value="proc._createdBy" field="name"></user-info>
+                    </span>
+
+                    <span class="text-muted mr-xs">
+                        <i class="fa fa-calendar"></i>
+                        {{proc.occurDate | shortDate}}
+                    </span>
+
+                    <span if-permission="manageCase" allowed="{{userPermissions}}">
+                        <a href ng-click="$vm.deleteProcedure()" uib-tooltip="Delete" class="text-danger">
+                            <i class="fa fa-trash"></i> Delete
+                        </a>
+                    </span>
+                </div>
+            </div>
+            <div class="box-body">
+                <div>
+                    <h4 class="text-primary">Procedure</h4>
+                    <div class="description-pane" if-permission="manageCase" allowed="{{userPermissions}}">
+                        <updatable-text on-update="$vm.updateDescription(proc)" value="proc.description"></updatable-text>
+                    </div>
+                    <div class="description-pane" if-not-permission="manageCase" allowed="{{userPermissions}}">
+                        <div marked="proc.description" class="markdown"></div>
+                    </div>
+                </div>
+
+            </div>
+        </div> -->
+
+        <psearch control="$vm.list"></psearch>
+    </div>
+
+    <!-- <div class="col-md-12" ng-show="$vm.list.total > 0">
+        <psearch control="$vm.list"></psearch>
+
+        <table class="table tbody-stripped case-list">
+            <thead>
+                <tr>
+                    <th width="20px" if-permission="manageAlert">
+                        <input type="checkbox" ng-model="$vm.menu.selectAll" ng-change="$vm.selectAll()">
+                    </th>
+                    <th width="150px">
+                        <a href class="text-default" ng-click="$vm.sortByField('id')">
+                            ID
+                            <i ng-show="$vm.filtering.context.sort.indexOf('+id') === -1 && $vm.filtering.context.sort.indexOf('-id') === -1" class="fa fa-sort"></i>
+                            <i ng-show="$vm.filtering.context.sort.indexOf('+id') !== -1" class="fa fa-caret-up"></i>
+                            <i ng-show="$vm.filtering.context.sort.indexOf('-id') !== -1" class="fa fa-caret-down"></i>
+                        </a>
+                    </th>
+                    <th width="80px">
+                        Name
+                    </th>
+                    <th style="width: 120px">
+                        <a href class="text-default" ng-click="$vm.sortByField('occurence')">
+                            Occur Date
+                            <i ng-show="$vm.filtering.context.sort.indexOf('+occurence') === -1 && $vm.filtering.context.sort.indexOf('-occurence') === -1" class="fa fa-sort"></i>
+                            <i ng-show="$vm.filtering.context.sort.indexOf('+occurence') !== -1" class="fa fa-caret-up"></i>
+                            <i ng-show="$vm.filtering.context.sort.indexOf('-occurence') !== -1" class="fa fa-caret-down"></i>
+                        </a>
+                    </th>
+                    <th style="width: 160px"></th>
+                </tr>
+            </thead>
+
+            <tbody ng-repeat="event in $vm.list.values">
+                <tr>
+                    <td if-permission="manageAlert">
+                        <input type="checkbox" ng-model="event.selected" ng-change="$vm.select(event)">
+                    </td>
+                    <td>
+                        <span>
+                            <a href ng-click="$vm.addFilterValue('type', event.type)">{{::event.type}}</a>
+                        </span>
+                    </td>
+
+                    <td align="center">
+                        <span class="clickable label label-default" ng-class="{'label-danger': !event.caseId}" ng-click="$vm.addFilterValue('imported', !!event.caseId)">{{event.caseId ? 'Imported' : 'New'}}</span>
+                    </td>
+
+                    <td align="center">
+                        <span class="clickable label label-default" ng-click="$vm.addFilterValue('read', !!event.read)">{{event.read ? 'Read' : 'Unread'}}</span>
+                    </td>
+
+                    <td class="wrap">
+                        <div class="case-title">
+                            <span>
+                                <span ng-if="!event.caseId">{{::event.title}}</span>
+                                <span ng-if="event.caseId" ui-sref="app.case.details({caseId: event.caseId})">
+                                    <a href>{{::event.title}}</a>
+                                </span>
+                            </span>
+                        </div>
+                    </td>
+                    <td><a href ng-click="$vm.addFilterValue('source', event.source)">{{event.source}}</a></td>
+                    <td class="text-center">
+                        <div class="clickable" ng-click="$vm.addFilterValue('severity', event.severity)">
+                            <severity active="false" value="event.severity"></severity>
+                        </div>
+                    </td>
+                    <td class="text-center">{{::event.observableCount || 0}}</td>
+                    <td>
+                        <a href ng-click="$vm.addFilterValue('date', event.date)">{{event.date | shortDate}}</a>
+                        <div ng-if="!!event.caseId">
+                            <alert-duration start="event._createdAt" end="event.extraData.importDate" icon="fa-clock-o"></alert-duration>
+                        </div>
+                    </td>
+                    <td class="clearfix">
+                        <div class="pull-right" if-permission="manageAlert">
+                            <a class="btn btn-icon btn-clear" href ng-click="$vm.follow(event)" uib-tooltip="{{event.follow ? 'Ignore new updates' : 'Track new updates'}}">
+                                <i class="text-info fa" ng-class="{'fa-eye': event.follow, 'fa-eye-slash': !event.follow}"></i>
+                            </a>
+                            <a class="btn btn-icon btn-clear" href ng-click="$vm.markAsRead(event)" uib-tooltip="Mark as read" ng-if="$vm.canMarkAsRead(event)">
+                                <i class="text-info fa fa-envelope"></i>
+                            </a>
+                            <a class="btn btn-icon btn-clear" href ng-click="$vm.markAsRead(event)" uib-tooltip="Mark as unread" ng-if="$vm.canMarkAsUnread(event)">
+                                <i class="text-info fa fa-envelope-open-o"></i>
+                            </a>
+                            <a class="btn btn-icon btn-clear" href ng-click="$vm.getResponders(event, true)" uib-tooltip="Run responders" ng-if="appConfig.connectors.cortex.enabled" if-permission="manageAction">
+                                <i class="text-info fa fa-cog"></i>
+                            </a>
+                        </div>
+
+                        <div class="pull-right">
+                            <a class="btn btn-icon btn-clear" href ng-click="$vm.import(event)" uib-tooltip="Preview and Import" ng-if="!event.caseId">
+                                <i class="text-info fa fa-file-text-o"></i>
+                            </a>
+                            <a class="btn btn-icon btn-clear" href ui-sref="app.case.details({caseId: event.caseId})" uib-tooltip="View case" ng-if="event.caseId">
+                                <i class="text-info fa fa-search"></i>
+                            </a>
+                        </div>
+                    </td>
+                </tr>
+                <tr>
+                    <td></td>
+                    <td colspan="9">
+                        <div class="case-tags flexwrap">
+                            <span class="mr-xxxs text-muted"><i class="fa fa-tags"></i></span>
+                            <strong class="text-muted mr-xxxs" ng-if="!event.tags || event.tags.length === 0">None</strong>
+                            <tag-item ng-repeat="tag in event.tags track by $index" class="pointer" ng-click="$vm.addFilterValue('tags', tag)" value="tag"></tag-item>
+                        </div>
+                    </td>
+                    <td></td>
+                </tr>
+                <tr ng-if="$vm.filtering.context.showAdvanced">
+                    <td></td>
+                    <td colspan="9">
+                        <custom-field-labels custom-fields="event.customFields" on-field-click="$vm.addFilterValue(name, value)">
+                            <custom-field-labels>
+                    </td>
+                    <td></td>
+                </tr>
+            </tbody>
+        </table>
+
+        <psearch control="$vm.list"></psearch>
+    </div> -->
+</div>
diff --git a/frontend/app/views/partials/case/procedures/add-procedure.modal.html b/frontend/app/views/partials/case/procedures/add-procedure.modal.html
new file mode 100644
index 0000000000..0921114a21
--- /dev/null
+++ b/frontend/app/views/partials/case/procedures/add-procedure.modal.html
@@ -0,0 +1,82 @@
+<form class="procedureForm" class="procedure-modal" ng-submit="$modal.addProcedure()" novalidate>
+    <div class="modal-header bg-primary">
+        <h3 class="modal-title">Add Tactic, Technique and Procedure</h3>
+    </div>
+    <div class="modal-body">
+
+        <div class="form-group" ng-class="{ 'has-error' : procedureForm.tactic.$invalid && !procedureForm.tactic.$pristine }">
+            <label>
+                Tactic
+                <i class="fa fa-asterisk text-danger"></i>
+            </label>
+            <select class="form-control" name="tactic" ng-model="$modal.procedure.tactic" autofocus="beforeProcedureModalShow"
+                ng-options="tactic as $modal.tactics.values[tactic].label for tactic in $modal.tactics.keys" required ng-change="$modal.showTechniques()">
+            </select>
+            <p class="help-block" ng-show="procedureForm.tactic.$invalid && !procedureForm.tactic.$pristine">This field is required.</p>
+        </div>
+
+        <div ng-show="$modal.procedure.tactic" class="form-group" ng-class="{ 'has-error' : procedureForm.pattern.$invalid && !procedureForm.pattern.$pristine }">
+            <label>
+                Technique
+                <i class="fa fa-asterisk text-danger"></i>
+            </label>
+            <input type="text" class="form-control mv-xxxs" placeholder="Filter techniques" ng-model="$modal.state.search.name">
+            <input type="hidden"ng-model="$modal.procedure.patternId" required>
+            <div class="procedure-techniques-list p-xxs">
+
+                <div ng-repeat="technique in $modal.state.techniques | filter:$modal.state.search">
+                    <div class="radio">
+                        <label>
+                            <input type="radio" name="pattern" ng-value="technique.patternId" ng-model="$modal.procedure.patternId">
+                            {{technique.patternId}} - {{technique.name}}
+                        </label>
+                    </div>
+                    <div ng-repeat="subTechnique in technique.extraData.children | filter:$modal.state.search" class="ml-m" ng-if="!subTechnique.revoked">
+                        <div class="radio">
+                            <label>
+                                <input type="radio" name="pattern" ng-value="subTechnique.patternId" ng-model="$modal.procedure.patternId">
+                                {{subTechnique.patternId}} - {{subTechnique.name}}
+                            </label>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <p class="help-block" ng-show="procedureForm.pattern.$invalid && !procedureForm.pattern.$pristine">This field is required.</p>
+        </div>
+
+        <div class="form-group" ng-class="{ 'has-error' : procedureForm.description.$invalid && !procedureForm.description.$pristine }">
+            <label>Procedure</label>
+            <div>
+                <div class="clearfix">
+                    <a class="pull-right" href="https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet" target="_blank">
+                        <i class="fa fa-question-circle"></i> Markdown Reference
+                    </a>
+                </div>
+
+                <textarea name="procedure" class="content-box" markdown-editor="$modal.markdownEditorOptions" rows="10"
+                    ng-model="$modal.procedure.description" required></textarea>
+
+                <p class="help-block" ng-show="procedureForm.description.$invalid && !procedureForm.description.$pristine">This field is required.</p>
+            </div>
+        </div>
+
+        <div class="form-group" ng-class="{ 'has-error' : procedureForm.occureDate.$invalid && !procedureForm.occureDate.$pristine }">
+            <label>
+                Occur Date
+                <i class="fa fa-asterisk text-danger"></i>
+            </label>
+            <div>
+                <date-time-picker date="$modal.procedure.occurDate" name="occurDate"></date-time-picker>
+                <p class="help-block" ng-show="procedureForm.occureDate.$invalid && !procedureForm.occureDate.$pristine">The field is required.</p>
+            </div>
+        </div>
+
+    </div>
+    <div class="modal-footer text-left">
+        <button class="btn btn-default" ng-click="$modal.cancel()" type="button">Cancel</button>
+
+        <button class="btn btn-primary pull-right" type="submit" ng-disabled="$modal.state.loading || procedureForm.$invalid">
+            Add TTP
+        </button>
+    </div>
+</form>
diff --git a/frontend/app/views/partials/case/procedures/filters.html b/frontend/app/views/partials/case/procedures/filters.html
new file mode 100644
index 0000000000..12c948d197
--- /dev/null
+++ b/frontend/app/views/partials/case/procedures/filters.html
@@ -0,0 +1,39 @@
+<div class="row">
+    <div class="col-md-12 active-filters">
+        <h4>Filters</h4>
+
+        <form ng-submit="$vm.search()">
+            <div class="row mb-xxxs" ng-repeat="filter in $vm.filtering.context.filters track by $index">
+                <div class="col-sm-4 col-md-4 col-lg-2">
+                    <div class="input-group">
+                        <span class="input-group-btn">
+                            <button class="btn btn-default" type="button" ng-click="$vm.removeFilter($index)">
+                                <i class="fa fa-times text-danger"></i>
+                            </button>
+                        </span>
+                        <select class="form-control" ng-model="filter.field"
+                            ng-options="item for item in $vm.filtering.attributeKeys"
+                            ng-change="$vm.filtering.setFilterField(filter, config.entity)"></select>
+                    </div>
+                </div>
+                <div class="col-sm-8 col-md-8 col-lg-6">
+                    <filter-editor metadata="$vm.filtering.metadata" filter="filter" entity="$vm.filtering.entity"></filter-editor>
+                </div>
+            </div>
+            <div class="mv-xs row">
+                <div class="col-sm-12 col-md-12 col-lg-8">
+                    <a href class="btn btn-sm  btn-link btn-clear" ng-click="$vm.filtering.addFilter()">
+                        <i class="fa fa-plus"></i> Add a filter
+                    </a>
+                    <a href class="btn btn-sm btn-danger" ng-click="$vm.clearFilters()" ng-if="$vm.filtering.context.filters.length > 0">
+                        <i class="fa fa-times"></i> Clear
+                    </a>
+                    <button href class="btn btn-sm btn-primary pull-right" type="submit" ng-if="$vm.filtering.context.filters.length > 0">
+                        <i class="fa fa-search"></i> Search
+                    </button>
+                </div>
+            </div>
+        </form>
+
+    </div>
+</div>
diff --git a/frontend/app/views/partials/case/procedures/toolbar.html b/frontend/app/views/partials/case/procedures/toolbar.html
new file mode 100644
index 0000000000..0e0bf88fa9
--- /dev/null
+++ b/frontend/app/views/partials/case/procedures/toolbar.html
@@ -0,0 +1,23 @@
+<div class="row">
+    <div class="col-md-12">
+        <div class="btn-toolbar" role="toolbar">
+
+            <div class="btn-group" if-permission="manageCase" allowed="{{userPermissions}}">
+                <button class="btn btn-sm btn-primary" ng-click="$vm.addProcedure()">
+                    <i class="glyphicon glyphicon-plus"></i>
+                    Add TTP
+                </button>
+            </div>
+
+            <div class="btn-group pull-right" role="group">
+                <page-sizer collection="$vm.list" sizes="[10, 15, 30, 100]"></page-sizer>
+            </div>
+
+            <div class="btn-group pull-right" role="group">
+                <button class="btn btn-sm" ng-class="{true: 'btn-primary', false:'btn-default'}[$vm.filtering.context.showFilters]" type="button" ng-click="$vm.toggleFilters()">
+                    <i class="fa fa-search"></i> Filters
+                </button>
+            </div>
+        </div>
+    </div>
+</div>