Skip to content

Commit

Permalink
[FIX] Alerts graph by adding more info at a glance
Browse files Browse the repository at this point in the history
  • Loading branch information
whikernel committed Sep 30, 2024
1 parent 95cd9b0 commit ec423a6
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 14 deletions.
21 changes: 12 additions & 9 deletions source/app/datamgmt/alerts/alerts_db.py
Original file line number Diff line number Diff line change
Expand Up @@ -895,6 +895,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al
db.session.query(Alert, SimilarAlertsCache.asset_name, SimilarAlertsCache.ioc_value,
asset_type_alias.asset_icon_not_compromised)
.join(SimilarAlertsCache, Alert.alert_id == SimilarAlertsCache.alert_id)
.outerjoin(Alert.resolution_status)
.outerjoin(asset_type_alias, SimilarAlertsCache.asset_type_id == asset_type_alias.asset_id)
.filter(conditions)
.limit(number_of_results)
Expand Down Expand Up @@ -924,10 +925,12 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al
for alert_id, alert_info in alerts_dict.items():
alert_color = '#c95029' if alert_info['alert'].status.status_name in ['Closed', 'Merged', 'Escalated'] else ''

alert_resolution_title = f'[{alert_info["alert"].resolution_status.resolution_status_name}]\n' if alert_info["alert"].resolution_status else ""

nodes.append({
'id': f'alert_{alert_id}',
'label': f'[Closed] Alert #{alert_id}' if alert_color != '' else f'Alert #{alert_id}',
'title': alert_info['alert'].alert_title,
'label': f'[Closed]{alert_resolution_title} {alert_info["alert"].alert_title}' if alert_color != '' else f'{alert_resolution_title}{alert_info["alert"].alert_title}',
'title': f'{alert_info["alert"].alert_description}',
'group': 'alert',
'shape': 'icon',
'icon': {
Expand Down Expand Up @@ -992,7 +995,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al

matching_ioc_cases = (
db.session.query(IocLink)
.with_entities(IocLink.case_id, Ioc.ioc_value, Cases.name, Cases.close_date)
.with_entities(IocLink.case_id, Ioc.ioc_value, Cases.name, Cases.close_date, Cases.description)
.join(IocLink.ioc)
.join(IocLink.case)
.filter(
Expand All @@ -1010,7 +1013,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al

matching_asset_cases = (
db.session.query(CaseAssets)
.with_entities(CaseAssets.case_id, CaseAssets.asset_name, Cases.name, Cases.close_date)
.with_entities(CaseAssets.case_id, CaseAssets.asset_name, Cases.name, Cases.close_date, Cases.description)
.join(CaseAssets.case)
.filter(
and_(
Expand All @@ -1027,24 +1030,24 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al

cases_data = {}

for case_id, ioc_value, case_name, close_date in matching_ioc_cases:
for case_id, ioc_value, case_name, close_date, case_desc in matching_ioc_cases:
if case_id not in cases_data:
cases_data[case_id] = {'name': case_name, 'matching_ioc': [], 'matching_assets': [],
'close_date': close_date}
'close_date': close_date, 'description': case_desc}
cases_data[case_id]['matching_ioc'].append(ioc_value)

for case_id, asset_name, case_name, close_date in matching_asset_cases:
for case_id, asset_name, case_name, close_date, case_desc in matching_asset_cases:
if case_id not in cases_data:
cases_data[case_id] = {'name': case_name, 'matching_ioc': [], 'matching_assets': [],
'close_date': close_date}
'close_date': close_date, 'description': case_desc}
cases_data[case_id]['matching_assets'].append(asset_name)

for case_id in cases_data:
if case_id not in added_cases:
nodes.append({
'id': f'case_{case_id}',
'label': f'[Closed] Case #{case_id}' if cases_data[case_id].get('close_date') else f'Case #{case_id}',
'title': cases_data[case_id]['name'],
'title': cases_data[case_id].get("description"),
'group': 'case',
'shape': 'icon',
'icon': {
Expand Down
10 changes: 5 additions & 5 deletions source/app/static/assets/js/iris/alerts.js
Original file line number Diff line number Diff line change
Expand Up @@ -521,15 +521,15 @@ const options = {
tooltipDelay: 100,
zoomView: false
},
height: (window.innerHeight - 250) + "px",
height: (window.innerHeight - 400) + "px",
clickToUse: true,
physics: {
forceAtlas2Based: {
gravitationalConstant: -167,
centralGravity: 0.04,
centralGravity: 0.02,
springLength: 0,
springConstant: 0.02,
damping: 0.9
springConstant: 0.01,
damping: 0.1
},
minVelocity: 0.41,
solver: "forceAtlas2Based",
Expand Down Expand Up @@ -594,7 +594,7 @@ const network = new vis.Network(container, data, options);
$('#view-alert').data('node-id', node_id);
$('#view-alert').data('node-type', node_type);
if (node_type === 'alert' || node_type === 'case') {
$('#view-alert-text').text(`View on ${node_type} #${node_id}`);
$('#view-alert-text').text(`View ${node_type} #${node_id}`);
} else {
$('#view-alert-text').text(`Pivot on ${node_type} ${node_id}`);
}
Expand Down

0 comments on commit ec423a6

Please sign in to comment.