From 55dffe5814e12f5c6562e719df76ad8bc1bc66e9 Mon Sep 17 00:00:00 2001
From: whikernel <whitekernel@whitekernel.fr>
Date: Mon, 30 Sep 2024 16:06:24 +0300
Subject: [PATCH] [FIX] Add filerting on alerts

---
 source/app/blueprints/alerts/alerts_routes.py      |  6 ++++--
 source/app/blueprints/alerts/templates/alerts.html | 14 ++++++++++----
 source/app/datamgmt/alerts/alerts_db.py            | 14 +++++++++++++-
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/source/app/blueprints/alerts/alerts_routes.py b/source/app/blueprints/alerts/alerts_routes.py
index e8a45dd1c..5b0d540b0 100644
--- a/source/app/blueprints/alerts/alerts_routes.py
+++ b/source/app/blueprints/alerts/alerts_routes.py
@@ -112,8 +112,10 @@ def alerts_list_route() -> Response:
     alert_schema = AlertSchema()
 
     filtered_data = get_filtered_alerts(
-        start_date=request.args.get('source_start_date'),
-        end_date=request.args.get('source_end_date'),
+        start_date=request.args.get('creation_start_date'),
+        end_date=request.args.get('creation_end_date'),
+        source_start_date=request.args.get('source_start_date'),
+        source_end_date=request.args.get('source_end_date'),
         title=request.args.get('alert_title'),
         description=request.args.get('alert_description'),
         status=request.args.get('alert_status_id', type=int),
diff --git a/source/app/blueprints/alerts/templates/alerts.html b/source/app/blueprints/alerts/templates/alerts.html
index 72121563e..c2a4d6cbe 100644
--- a/source/app/blueprints/alerts/templates/alerts.html
+++ b/source/app/blueprints/alerts/templates/alerts.html
@@ -131,13 +131,21 @@
                 </div>
                 <div class="form-row">
                     <div class="col-md-3 form-group">
-                        <label for="source_start_date">Start Date</label>
+                        <label for="source_start_date">Source Start Date</label>
                         <input type="date" class="form-control" id="source_start_date" name="source_start_date">
                     </div>
                     <div class="col-md-3 form-group">
-                        <label for="source_end_date">End Date</label>
+                        <label for="source_end_date">Source End Date</label>
                         <input type="date" class="form-control" id="source_end_date" name="source_end_date">
                     </div>
+                    <div class="col-md-3 form-group">
+                        <label for="source_start_date">Creation Start Date</label>
+                        <input type="date" class="form-control" id="creation_start_date" name="creation_start_date">
+                    </div>
+                    <div class="col-md-3 form-group">
+                        <label for="source_end_date">Creation End Date</label>
+                        <input type="date" class="form-control" id="creation_end_date" name="creation_end_date">
+                    </div>
                     <div class="col-md-3 form-group">
                         <label for="alert_assets">Asset(s) name</label>
                         <input class="form-control" id="alert_assets" name="alert_assets">
@@ -146,8 +154,6 @@
                         <label for="alert_iocs">IOC(s)</label>
                         <input class="form-control" id="alert_iocs" name="alert_iocs">
                     </div>
-                </div>
-                <div class="form-row">
                     <div class="col-md-3 form-group">
                         <label for="alert_ids">Alert(s) ID</label>
                         <input class="form-control" id="alert_ids" name="alert_ids">
diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py
index 2fb896b79..8e60716d4 100644
--- a/source/app/datamgmt/alerts/alerts_db.py
+++ b/source/app/datamgmt/alerts/alerts_db.py
@@ -37,6 +37,7 @@
 from app.datamgmt.manage.manage_case_templates_db import get_case_template_by_id, \
     case_template_post_modifier
 from app.datamgmt.states import update_timeline_state
+from app.iris_engine.utils.common import parse_bf_date_format
 from app.models import Cases, EventCategory, Tags, AssetsType, Comments, CaseAssets, alert_assets_association, \
     alert_iocs_association, Ioc, IocLink
 from app.models.alerts import Alert, AlertStatus, AlertCaseAssociation, SimilarAlertsCache, AlertResolutionStatus
@@ -54,6 +55,8 @@ def db_list_all_alerts():
 def get_filtered_alerts(
         start_date: str = None,
         end_date: str = None,
+        source_start_date: str = None,
+        source_end_date: str = None,
         title: str = None,
         description: str = None,
         status: int = None,
@@ -105,7 +108,16 @@ def get_filtered_alerts(
     conditions = []
 
     if start_date is not None and end_date is not None:
-        conditions.append(Alert.alert_creation_time.between(start_date, end_date))
+        start_date = parse_bf_date_format(start_date)
+        end_date = parse_bf_date_format(end_date)
+        if start_date and end_date:
+            conditions.append(Alert.alert_creation_time.between(start_date, end_date))
+
+    if source_start_date is not None and source_end_date is not None:
+        source_start_date = parse_bf_date_format(source_start_date)
+        source_end_date = parse_bf_date_format(source_end_date)
+        if source_start_date and source_end_date:
+            conditions.append(Alert.alert_source_event_time.between(source_start_date, source_end_date))
 
     if title is not None:
         conditions.append(Alert.alert_title.ilike(f'%{title}%'))