#175 Apply user defined case template when creating case from alert

thehive-backend/app/controllers/AlertCtrl.scala

@@ -129,10 +129,11 @@ class AlertCtrl @Inject() (
     } yield renderer.toOutput(OK, updatedAlert)
   }
 
-  def createCase(id: String): Action[AnyContent] = authenticated(Role.write).async { implicit request ⇒
+  def createCase(id: String): Action[Fields] = authenticated(Role.write).async(fieldsBodyParser) { implicit request ⇒
     for {
       alert ← alertSrv.get(id)
-      caze ← alertSrv.createCase(alert)
+      customCaseTemplate = request.body.getString("caseTemplate")
+      caze ← alertSrv.createCase(alert, customCaseTemplate)
     } yield renderer.toOutput(CREATED, caze)
   }
 

thehive-backend/app/services/AlertSrv.scala

@@ -20,7 +20,7 @@ import scala.concurrent.{ ExecutionContext, Future }
 import scala.util.{ Failure, Success, Try }
 
 trait AlertTransformer {
-  def createCase(alert: Alert)(implicit authContext: AuthContext): Future[Case]
+  def createCase(alert: Alert, customCaseTemplate: Option[String])(implicit authContext: AuthContext): Future[Case]
   def mergeWithCase(alert: Alert, caze: Case)(implicit authContext: AuthContext): Future[Case]
 }
 
@@ -119,8 +119,9 @@ class AlertSrv(
     }
   }
 
-  def getCaseTemplate(alert: Alert): Future[Option[CaseTemplate]] = {
-    val templateName = alert.caseTemplate()
+  def getCaseTemplate(alert: Alert, customCaseTemplate: Option[String]): Future[Option[CaseTemplate]] = {
+    val templateName = customCaseTemplate
+      .orElse(alert.caseTemplate())
       .orElse(templates.get(alert.tpe()))
       .getOrElse(alert.tpe())
     caseTemplateSrv.getByName(templateName)
@@ -130,15 +131,15 @@ class AlertSrv(
 
   private val dataExtractor = "^(.*);(.*);(.*)".r
 
-  def createCase(alert: Alert)(implicit authContext: AuthContext): Future[Case] = {
+  def createCase(alert: Alert, customCaseTemplate: Option[String])(implicit authContext: AuthContext): Future[Case] = {
     alert.caze() match {
       case Some(id) ⇒ caseSrv.get(id)
       case None ⇒
         connectors.get(alert.tpe()) match {
-          case Some(connector: AlertTransformer) ⇒ connector.createCase(alert)
+          case Some(connector: AlertTransformer) ⇒ connector.createCase(alert, customCaseTemplate)
           case _ ⇒
             for {
-              caseTemplate ← getCaseTemplate(alert)
+              caseTemplate ← getCaseTemplate(alert, customCaseTemplate)
               caze ← caseSrv.create(
                 Fields.empty
                   .set("title", s"#${alert.sourceRef()} " + alert.title())

thehive-misp/app/connectors/misp/MispCtrl.scala

@@ -47,8 +47,8 @@ class MispCtrl @Inject() (
     Ok("")
   }
 
-  override def createCase(alert: Alert)(implicit authContext: AuthContext): Future[Case] = {
-    mispSrv.createCase(alert)
+  override def createCase(alert: Alert, customCaseTemplate: Option[String])(implicit authContext: AuthContext): Future[Case] = {
+    mispSrv.createCase(alert, customCaseTemplate)
   }
 
   override def mergeWithCase(alert: Alert, caze: Case)(implicit authContext: AuthContext): Future[Case] = {

thehive-misp/app/connectors/misp/MispSrv.scala

@@ -343,12 +343,12 @@ class MispSrv @Inject() (
     }
   }
 
-  def createCase(alert: Alert)(implicit authContext: AuthContext): Future[Case] = {
+  def createCase(alert: Alert, customCaseTemplate: Option[String])(implicit authContext: AuthContext): Future[Case] = {
     alert.caze() match {
       case Some(id) ⇒ caseSrv.get(id)
       case None ⇒
         for {
-          caseTemplate ← alertSrv.getCaseTemplate(alert)
+          caseTemplate ← alertSrv.getCaseTemplate(alert, customCaseTemplate)
           caze ← caseSrv.create(Fields(alert.toCaseJson), caseTemplate)
           _ ← mergeWithCase(alert, caze)
         } yield caze