Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementing case merging feature (Issue #1264) #1798

Merged
merged 20 commits into from
Mar 11, 2021
Merged

Implementing case merging feature (Issue #1264) #1798

merged 20 commits into from
Mar 11, 2021

Conversation

rriclet
Copy link
Contributor

@rriclet rriclet commented Feb 18, 2021
edited by nadouani
Loading

Case merging in TheHive 4 should allow:

  • Merging two/many cases into a new one and remove the originating cases that MUST be owned bu the same organisation and are not shared with any other organisation
  • Merge case basic details
    • Concatenate titles
    • Keep highest severity, TLP and PAP
    • Keep all custom fields, even if there are duplicates (users need to clean up the result)
  • Keep all tasks with their logs and attachments, even if there are duplicates (users need to clean up the result)
  • Keep all the observables with their analysis reports, summaries and all related data
    • Question: how to deal with duplicates -> observables can only be linked to one case, no duplicates
  • Keep all TTPs, even if there are duplicates (users need to clean up the result)
  • Keep all the links with originating alerts, and resolve duplicates -> alerts can only be linked to one case, no duplicates

Some of the required UI new features:

  • Allow removing a specific custom field from a case (useful to clean up duplicate custom fields manually)
    • @rriclet API: Add an API to remove a custom fields value from a case DELETE /api/v1/case/customField/CUSTOM_FIELD_LINK_ID
    • @nadouani UI: Add a remove button in each custom field value in the case details page
  • Allow case merge from the case details page

@rriclet rriclet linked an issue Feb 18, 2021 that may be closed by this pull request
[Feature Request] Implement case merging feature #1264
Closed
@nadouani nadouani changed the title Issue 1264 Implementing case merging feature (Issue #1264) Feb 22, 2021
@nadouani nadouani added this to the 4.1.0 milestone Feb 26, 2021
@nadouani nadouani added feature request TheHive4 TheHive4 related issues labels Feb 26, 2021
@rriclet rriclet mentioned this pull request Mar 4, 2021
Closed
To-om
To-om requested changes Mar 4, 2021
View reviewed changes
rriclet and others added 6 commits March 5, 2021 15:00
@rriclet
Merge branch 'develop-th4' into issue-1264
4504a11 
# Conflicts:
#	thehive/app/org/thp/thehive/controllers/v0/CaseCtrl.scala
#	thehive/app/org/thp/thehive/controllers/v1/CaseCtrl.scala
#	thehive/app/org/thp/thehive/services/CaseSrv.scala
#	thehive/test/org/thp/thehive/controllers/v0/CaseCtrlTest.scala
#	thehive/test/org/thp/thehive/controllers/v1/TaxonomyCtrlTest.scala
#	thehive/test/org/thp/thehive/services/CaseSrvTest.scala
#	thehive/test/resources/data/Alert.json
#	thehive/test/resources/data/CaseTag.json
#	thehive/test/resources/data/Data.json
#	thehive/test/resources/data/Observable.json
#	thehive/test/resources/data/ObservableData.json
#	thehive/test/resources/data/ObservableObservableType.json
#	thehive/test/resources/data/Task.json
@rriclet
#1264 fixing merge & tests
c1386ff
@To-om
#1264 Fix tests
2f21d85
@rriclet
#1264 WIP merge review & tests
68764f5
@To-om
#1264 Fix tests
6066a58
@To-om
#1264 Move permission check from service to controller
17662f6
@To-om To-om merged commit e5cffb5 into develop-th4 Mar 11, 2021
This was linked to issues Mar 18, 2021
Suggestion: Marge cases on the oldest and close the newest as duplicated #960
Closed
Bulk Merge Cases in search #964
Open
@To-om To-om deleted the issue-1264 branch March 31, 2021 05:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@To-om To-om To-om requested changes

Assignees

@nadouani nadouani

@rriclet rriclet

Labels
feature request TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.1.0
3 participants
@rriclet @To-om @nadouani