#86 Add filtering capabilities to MISP event's list

TheHive-Project · Mar 13, 2017 · d57d7d8 · d57d7d8
1 parent aa578d6
commit d57d7d8
Show file tree

Hide file tree

Showing 13 changed files with 840 additions and 49 deletions.
diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -373,7 +373,7 @@ class MispSrv @Inject() (
 
   def find(queryDef: QueryDef, range: Option[String], sortBy: Seq[String]): (Source[Misp, NotUsed], Future[Long]) = {
     import org.elastic4play.services.QueryDSL._
-    findSrv[MispModel, Misp](mispModel, and(queryDef, not("eventStatus" in ("Ignore", "Imported"))), range, sortBy)
+    findSrv[MispModel, Misp](mispModel, queryDef, range, sortBy)
   }
 
   def stats(queryDef: QueryDef, aggs: Seq[Agg]) = findSrv(mispModel, queryDef, aggs: _*)

diff --git a/ui/app/index.html b/ui/app/index.html
@@ -136,6 +136,7 @@
     <script src="scripts/controllers/misp/MispBulkImportCtrl.js"></script>
     <script src="scripts/controllers/misp/MispEventCtrl.js"></script>
     <script src="scripts/controllers/misp/MispListCtrl.js"></script>
+    <script src="scripts/controllers/misp/MispStatsCtrl.js"></script>
     <script src="scripts/directives/charts/c3Chart.js"></script>
     <script src="scripts/directives/charts/chart.js"></script>
     <script src="scripts/directives/charts/donut-chart.js"></script>
@@ -193,6 +194,7 @@
     <script src="scripts/services/CortexSrv.js"></script>
     <script src="scripts/services/EntitySrv.js"></script>
     <script src="scripts/services/FileResource.js"></script>
+    <script src="scripts/services/FilteringSrv.js"></script>
     <script src="scripts/services/JobSrv.js"></script>
     <script src="scripts/services/ListSrv.js"></script>
     <script src="scripts/services/MetricsCacheSrv.js"></script>

diff --git a/ui/app/scripts/controllers/misp/MispListCtrl.js b/ui/app/scripts/controllers/misp/MispListCtrl.js
@@ -1,16 +1,93 @@
 (function() {
     'use strict';
     angular.module('theHiveControllers')
-        .controller('MispListCtrl', function($scope, $q, $state, $uibModal, MispSrv, AlertSrv) {
+        .controller('MispListCtrl', function($scope, $q, $state, $uibModal, MispSrv, AlertSrv, FilteringSrv) {
             var self = this;
 
             self.list = [];
             self.selection = [];
             self.menu = {
                 follow: false,
                 unfollow: false,
+                markAsRead: false,
                 selectAll: false
             };
+            self.filtering = new FilteringSrv('misp-section', {
+                defaults: {
+                    showFilters: false,
+                    showStats: false,
+                    pageSize: 15,
+                    sort: ['-publishDate']
+                },
+                defaultFilter: {
+                    eventStatus: {
+                        field: 'eventStatus',
+                        label: 'Status',
+                        value: [{
+                            text: 'New'
+                        }, {
+                            text: 'Update'
+                        }],
+                        filter: '(eventStatus:"New" OR eventStatus:"Update")'
+                    }
+                },
+                filterDefs: {
+                    keyword: {
+                        field: 'keyword',
+                        type: 'string',
+                        defaultValue: []
+                    },
+                    eventStatus: {
+                        field: 'eventStatus',
+                        type: 'list',
+                        defaultValue: [],
+                        label: 'Status'
+                    },
+                    tags: {
+                        field: 'tags',
+                        type: 'list',
+                        defaultValue: [],
+                        label: 'Tags'
+                    },
+                    org: {
+                        field: 'org',
+                        type: 'list',
+                        defaultValue: [],
+                        label: 'Source'
+                    },
+                    info: {
+                        field: 'info',
+                        type: 'string',
+                        defaultValue: '',
+                        label: 'Title'
+                    },
+                    publishDate: {
+                        field: 'publishDate',
+                        type: 'date',
+                        defaultValue: {
+                            from: null,
+                            to: null
+                        },
+                        label: 'Publish Date'
+                    }
+                }
+            });
+            self.filtering.initContext('list');
+            self.searchForm = {
+                searchQuery: self.filtering.buildQuery() || ''
+            };
+
+            $scope.$watch('misp.list.pageSize', function (newValue) {
+                self.filtering.setPageSize(newValue);
+            });
+
+            this.toggleStats = function () {
+                this.filtering.toggleStats();
+            };
+
+            this.toggleFilters = function () {
+                this.filtering.toggleFilters();
+            };
 
             self.follow = function(event) {
                 var fn = angular.noop;
@@ -120,7 +197,17 @@
             };
 
             self.load = function() {
-                self.list = MispSrv.list($scope, self.resetSelection);
+                var config = {
+                    scope: $scope,
+                    filter: self.searchForm.searchQuery !== '' ? {
+                        _string: self.searchForm.searchQuery
+                    } : '',
+                    loadAll: false,
+                    sort: self.filtering.context.sort,
+                    pageSize: self.filtering.context.pageSize,
+                };
+
+                self.list = MispSrv.list(config, self.resetSelection);
             };
 
             self.cancel = function() {
@@ -132,6 +219,11 @@
 
                 self.menu.unfollow = temp.length === 1 && temp[0] === true;
                 self.menu.follow = temp.length === 1 && temp[0] === false;
+
+
+                temp = _.uniq(_.pluck(self.selection, 'eventStatus'));
+
+                self.menu.markAsRead = temp.indexOf('Ignore') === -1;
             };
 
             self.select = function(event) {
@@ -163,6 +255,103 @@
 
             };
 
+            this.filter = function () {
+                self.filtering.filter().then(this.applyFilters);
+            };
+
+            this.applyFilters = function () {
+                self.searchForm.searchQuery = self.filtering.buildQuery();
+                self.search();
+            };
+
+            this.clearFilters = function () {
+                self.filtering.clearFilters().then(this.applyFilters);
+            };
+
+            this.addFilter = function (field, value) {
+                self.filtering.addFilter(field, value).then(this.applyFilters);
+            };
+
+            this.removeFilter = function (field) {
+                self.filtering.removeFilter(field).then(this.applyFilters);
+            };
+
+            this.search = function () {
+                this.list.filter = {
+                    _string: this.searchForm.searchQuery
+                };
+
+                this.list.update();
+            };
+            this.addFilterValue = function (field, value) {
+                var filterDef = self.filtering.filterDefs[field];
+                var filter = self.filtering.activeFilters[field];
+                var date;
+
+                if (filter && filter.value) {
+                    if (filterDef.type === 'list') {
+                        if (_.pluck(filter.value, 'text').indexOf(value) === -1) {
+                            filter.value.push({
+                                text: value
+                            });
+                        }
+                    } else if (filterDef.type === 'date') {
+                        date = moment(value);
+                        self.filtering.activeFilters[field] = {
+                            value: {
+                                from: date.hour(0).minutes(0).seconds(0).toDate(),
+                                to: date.hour(23).minutes(59).seconds(59).toDate()
+                            }
+                        };
+                    } else {
+                        filter.value = value;
+                    }
+                } else {
+                    if (filterDef.type === 'list') {
+                        self.filtering.activeFilters[field] = {
+                            value: [{
+                                text: value
+                            }]
+                        };
+                    } else if (filterDef.type === 'date') {
+                        date = moment(value);
+                        self.filtering.activeFilters[field] = {
+                            value: {
+                                from: date.hour(0).minutes(0).seconds(0).toDate(),
+                                to: date.hour(23).minutes(59).seconds(59).toDate()
+                            }
+                        };
+                    } else {
+                        self.filtering.activeFilters[field] = {
+                            value: value
+                        };
+                    }
+                }
+
+                this.filter();
+            };
+
+            this.filterByStatus = function(status) {
+                self.filtering.clearFilters()
+                    .then(function(){
+                        self.addFilterValue('eventStatus', status);
+                    });
+            };
+
+            this.sortBy = function(sort) {
+                self.list.sort = sort;
+                self.list.update();
+                self.filtering.setSort(sort);
+            };
+
+            this.getStatuses = function(query) {
+                return MispSrv.statuses(query);
+            };
+
+            this.getSources = function(query) {
+                return MispSrv.sources(query);
+            };
+
             self.load();
         });
 })();
diff --git a/ui/app/scripts/controllers/misp/MispStatsCtrl.js b/ui/app/scripts/controllers/misp/MispStatsCtrl.js
@@ -0,0 +1,87 @@
+/**
+ * Controller for About The Hive modal page
+ */
+(function() {
+    'use strict';
+
+    angular.module('theHiveControllers').controller('MispStatsCtrl',
+        function($rootScope, $scope, $stateParams, $timeout, StatSrv, StreamStatSrv, FilteringSrv) {
+            var self = this;
+
+            this.filtering = FilteringSrv;
+
+            this.bySources = {};
+            this.byStatus = {};
+            this.byTags = {};
+
+            // Get stats by tags
+            StreamStatSrv({
+                scope: $scope,
+                rootId: 'any',
+                query: {},
+                objectType: 'connector/misp',
+                streamObjectType: 'misp',
+                field: 'tags',
+                sort: ['-count'],
+                limit: 5,
+                result: {},
+                success: function(data){
+                    self.byTags = self.prepareResult(data);
+                }
+            });
+
+            // Get stats by type
+            StreamStatSrv({
+                scope: $scope,
+                rootId: 'any',
+                query: {},
+                objectType: 'connector/misp',
+                streamObjectType: 'misp',
+                field: 'eventStatus',
+                result: {},
+                success: function(data){
+                    self.byStatus = self.prepareResult(data);
+                }
+            });
+
+            // Get stats by ioc
+            StreamStatSrv({
+                scope: $scope,
+                rootId: 'any',
+                query: {},
+                objectType: 'connector/misp',
+                streamObjectType: 'misp',
+                field: 'org',
+                sort: ['-count'],
+                limit: 5,
+                result: {},
+                success: function(data){
+                    self.bySources = self.prepareResult(data);
+                }
+            });
+
+            this.prepareResult = function(rawStats) {
+                var total = rawStats.count;
+
+                var keys = _.without(_.keys(rawStats), 'count');
+                var columns = keys.map(function(key) {
+                    return {
+                        key: key,
+                        count: rawStats[key].count
+                    };
+                }).sort(function(a, b) {
+                    return a.count <= b.count;
+                });
+
+                return {
+                    total: total,
+                    details: columns
+                };
+            };
+
+            this.filterBy = function(field, value) {
+                this.filtering.addFilter(field, value);
+            };
+        }
+    );
+})();