#170 Ignore attributes "lastSyncDate", "date", "case", "status" and "…

…follow" when an alert is created

thehive-backend/app/models/Alert.scala

@@ -26,8 +26,8 @@ trait AlertAttributes {
   val tpe: A[String] = attribute("type", F.stringFmt, "Type of the alert", O.readonly)
   val source: A[String] = attribute("source", F.stringFmt, "Source of the alert", O.readonly)
   val sourceRef: A[String] = attribute("sourceRef", F.stringFmt, "Source reference of the alert", O.readonly)
-  val date: A[Date] = attribute("date", F.dateFmt, "Date of the alert", O.readonly)
-  val lastSyncDate: A[Date] = attribute("lastSyncDate", F.dateFmt, "Date of the last synchronization")
+  val date: A[Date] = attribute("date", F.dateFmt, "Date of the alert", new Date(), O.readonly)
+  val lastSyncDate: A[Date] = attribute("lastSyncDate", F.dateFmt, "Date of the last synchronization", new Date())
   val caze: A[Option[String]] = optionalAttribute("case", F.stringFmt, "Id of the case, if created")
   val title: A[String] = attribute("title", F.textFmt, "Title of the alert")
   val description: A[String] = attribute("description", F.textFmt, "Description of the alert")
@@ -63,7 +63,7 @@ class AlertModel @Inject() (artifactModel: ArtifactModel)
         val sourceRef = (attrs \ "sourceRef").asOpt[String].getOrElse("<null>")
         val _id = hasher.fromString(s"$tpe|$source|$sourceRef").head.toString()
         attrs + ("_id" → JsString(_id))
-      }
+      } - "lastSyncDate" - "date" - "case" - "status" - "follow"
     }
   }
 }

thehive-backend/app/services/AlertSrv.scala

@@ -9,7 +9,7 @@ import connectors.ConnectorRouter
 import models._
 import org.elastic4play.controllers.Fields
 import org.elastic4play.services._
-import play.api.Configuration
+import play.api.{ Configuration, Logger }
 import play.api.libs.json._
 
 import scala.concurrent.{ ExecutionContext, Future }
@@ -62,6 +62,8 @@ class AlertSrv(
     ec,
     mat)
 
+  private[AlertSrv] lazy val logger = Logger(getClass)
+
   def create(fields: Fields)(implicit authContext: AuthContext): Future[Alert] =
     createSrv[AlertModel, Alert](alertModel, fields)
 
@@ -132,8 +134,15 @@ class AlertSrv(
                 .set("tags", JsArray(alert.tags().map(JsString)))
                 .set("tlp", JsNumber(alert.tlp()))
                 .set("status", CaseStatus.Open.toString))
-                .andThen {
-                  case Success(_caze) ⇒ artifactSrv.create(_caze, alert.artifacts().map(Fields.apply))
+                .flatMap { caze ⇒
+                  val artifactsFields = alert.artifacts().map { a ⇒
+                    val tags = (a \ "tags").asOpt[Seq[JsString]].getOrElse(Nil) :+ JsString("src:" + alert.tpe())
+                    val message = (a \ "message").asOpt[JsString].getOrElse(JsString(""))
+                    Fields(a +
+                      ("tags" → JsArray(tags)) +
+                      ("message" → message))
+                  }
+                  artifactSrv.create(caze, artifactsFields).map(_ ⇒ caze)
                 }
             }
         }

thehive-backend/app/services/ArtifactSrv.scala

@@ -8,7 +8,7 @@ import akka.stream.scaladsl.Source
 import scala.concurrent.{ ExecutionContext, Future }
 import scala.util.{ Failure, Try }
 import play.api.libs.json.JsValue.jsValueToJsLookup
-import org.elastic4play.CreateError
+import org.elastic4play.{ ConflictError, CreateError }
 import org.elastic4play.controllers.Fields
 import org.elastic4play.services.{ Agg, AuthContext, CreateSrv, DeleteSrv, FieldsSrv, FindSrv, GetSrv, QueryDSL, QueryDef, UpdateSrv }
 import models.{ Artifact, ArtifactModel, ArtifactStatus, Case, CaseModel }
@@ -62,8 +62,8 @@ class ArtifactSrv @Inject() (
         // if there is failure
         case t if t.exists(_.isFailure) ⇒
           Future.traverse(t.zip(fieldSet)) {
-            case (Failure(_), fields) ⇒ updateIfDeleted(caze, fields).toTry
-            case (success, _)         ⇒ Future.successful(success)
+            case (Failure(ConflictError(_, _)), fields) ⇒ updateIfDeleted(caze, fields).toTry
+            case (r, _)                                 ⇒ Future.successful(r)
           }
         case t ⇒ Future.successful(t)
       }