Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* improve: grid style
* improve: types
* add: configured sources components
* fix: source configured form
* update: dependencies
* refactor: badge component
* refactor: kvcard component
* add: source configuration form/viewer component
* prettify
* refactor: add update_alert_status endpoint
* refactor: update alert assigned_to endpoint
* refactor: add list_alerts_by_assigned_to_endpoint
* some pre commit fixes
* responses basemodels
* precommit fixes some
* remove commented out
* refactor: add does_assit_exist and add_asset_to_copilot_alert functions
* refactor: add get_available_users endpoint
* fetch alerts from gl-events index
* refactor: Add Source field to AlertPayloadItem schema
* refactor: Remove commented out code and pre-commit fixes
* refactor: Add create_alert_auto_route to incident_alert.py
* refactor: Update create_alert_auto_route in incident_alert.py to use get_original_alert_id and get_original_alert_index_name
* update: graylog api
* update: graylog types
* add: Incident management Sources wizard
* update
* update: configured Sources List page
* available sources route
* get indices via source
* update: dependencies
* update: incident Management apis/types
* update: SourceConfiguration wizard/form
* update: SourceConfiguration wizard/form
* chore: Update field and asset names for source
* update: SourceConfiguration wizard/form
* some logging
* update: SourceConfiguration wizard/form
* update: dependencies
* refactor: apis/types
* update: incident Management apis/types
* Update source field type in FieldAndAssetNames schema
* chore: Update alert creation route to handle no alerts found
* chore: Add COPILOT_ALERT_ID field to Graylog alert provision services
* refactor: layout lists
* add: incident alerts component
* chore: Update create_alert_auto_route return type to AutoCreateAlertResponse
* some cleanup
* cleanup
* some precommit fixes
* add process_name to alert_context
* chore: Add logging statements for debugging incident alert creation
* chore: Create case from alert endpoint
* case operations
* some precommit fixes
* update: incident api/types
* update: badge component
* add: alert card
* update: alert card
* improve: alerts list
* update: dependencies
* add: alert details
* add: alert overview
* improve: kvcard component
* add: alert assets list
* update: alert details
* update: dependencies
* update: auth store
* update: incident api/type
* add: alert comments components
* refactor
* update: alert overview
* chore: Delete alert only if it is not linked to a case
* added sigma queries table
* creating sigma things
* sigma rules downloads
* more sigma things
* delete sigma rule
* add deletion endpoint
* get active sigma queries
* update sigma time interval
* set time for last_updated
* execute sigma query against the indexer
* chore: Update execute_query function to include rule name and index parameter
* feat: Add endpoint to run active Sigma queries
* chore: Update execute_query function to include last execution time
* resize wazuh index fields function and route
* chore: Refactor scheduler to include Wazuh index fields resizing job
* chore: Update default time interval for SigmaQuery to 5 minutes
* chore: Activate all Sigma queries
* refactor: artifact / threat intel components
* update: dependencies
* update: css helpers
* add: ThreatIntelProcessEvaluationProvider
* update: alert item
* update: alert asset
* dashboard template fix
* added graylog receiver
* added comment
* update: alert asset
* chore: Delete all Sigma queries
* mappings adjust
* feat: Add endpoint to deactivate all Sigma queries
The code changes include the addition of a new endpoint `/deactivate-all-queries` in the `sigma.py` file. This endpoint deactivates all Sigma queries by setting their `active` status to `False` in the database.
Recent user commits:
- mappings adjust
- chore: Delete all Sigma queries
- update: alert asset
- added comment
- added graylog receiver
- dashboard template fix
- update: alert asset
- update: alert item
- add: ThreatIntelProcessEvaluationProvider
* precommit fixes
* chore: Comment out Incident Management menu item temporarily
* get builds out
* remove packaging constraint
* chore: Update packaging constraint to allow version 24.1 or higher
The packaging constraint in the backend requirements.txt file was updated to allow version 24.1 or higher. This change was made to ensure compatibility with other dependencies.
* chore: Update packaging constraint to version 23.2
The packaging constraint in the backend requirements.txt file was reverted back to version 23.2. This change was made to test why the container is crashing at start time
* i think not issue related to python library
* chore: Catch all exceptions when applying migrations
The code changes in `db_setup.py` modify the `apply_migrations` function to catch any type of exception, instead of just `OperationalError`. This change was made to ensure that any errors encountered during the migration process are properly logged and raised.
Recent user commits:
- i think not issue related to python library
- chore: Update packaging constraint to version 23.2
- chore: Update packaging constraint to allow version 24.1 or higher
- remove packaging constraint
- get builds out
- chore: Comment out Incident Management menu item temporarily
- precommit fixes
- feat: Add endpoint to deactivate all Sigma queries
- mappings adjust
- chore: Delete all Sigma queries
* chore: Catch all exceptions when applying migrations
* chore: Update pySigma dependency to version 0.11.9
The code changes in the backend requirements.txt file update the pySigma dependency to version 0.11.9. This change was made to ensure compatibility with other dependencies and to remove a comment that was no longer needed.
Recent user commits:
- i think not issue related to python library
- chore: Update packaging constraint to version 23.2
- chore: Update packaging constraint to allow version 24.1 or higher
- remove packaging constraint
- get builds out
- chore: Comment out Incident Management menu item temporarily
- precommit fixes
- feat: Add endpoint to deactivate all Sigma queries
- mappings adjust
- chore: Delete all Sigma queries
* chore: Add endpoint to execute Shuffle workflow
This commit adds a new endpoint `/invoke-workflow` to the Shuffle integrations routes. The endpoint allows users with the "admin" or "analyst" scope to execute a workflow by providing the workflow ID and execution arguments. The execution ID is returned in the response.
* chore: Update Shuffle connection details
The code changes in `db_populate.py` update the connection details for the Shuffle integration. The API key for the Shuffle connection has been modified to include the `WORKFLOW_ID` parameter. This change was made to ensure proper authentication and connection to Shuffle.
* chore: Update Shuffle connection details
* added incidnet management notification table
* chore: Add endpoint to manage customer notifications
This commit adds two new endpoints to the incidents routes: `/notification/{customer_code}` and `/notification`. The `/notification/{customer_code}` endpoint retrieves the notifications for a specific customer, while the `/notification` endpoint allows for updating the notifications. These endpoints are used to manage customer-specific notifications in the incident management system.
* chore: Add customer notification workflow execution to incident management created alerts
* chore: Add customer notification workflow execution to incident management created alerts
* chore: Add .ql index to skip list
This commit adds the ".ql" index to the skip list in the IndexConfigModel class. This change was made to ensure that the ".ql" index is skipped during indexing operations in the Wazuh indexer schema.
* add invoke alert creation collect as a scheduled job to start at runtime
* refactor: Remove unnecessary code for scheduling Wazuh monitoring alert
* chore: Remove unused notifications in GraylogAlertProvisionModel
* chore: Update Docker workflow to use main branch for push events
* add ability for user to set sigma update to db rule level
comment out invoke_alert_creation_collect schedule until ready
* chore: Update Docker workflow to use main branch for push events
* chore: Add Sigma query management endpoints
* feat: Add Sigma query upload endpoint
* make a build
* chore: Update Docker workflow to use main branch for push events
* chore: remove shuffle extra data on connector config
* chore: Update Docker workflow to use main branch for push events
* update: dependencies
* uncomment Incident Management menu item
* improve: alert list responsiveness
* add customer code table for incident management
* add customer code configuration
* chore: Remove unused customer code functionality
* feat: Add index_name parameter to run_active_sigma_queries_endpoint
* chore: Update Docker workflow to use incident-management branch for push events
* chore: Refactor get_indices_full function to handle different formats of indices_data
* feat: Add API endpoint to retrieve details of a single alert
* add: cases api/types
* improve: alert item component
* refactor: incident management components
* add: cases components
* add: cases page
* fix: types
* refactor: Update list_alerts function to include linked cases in AlertOut response
* refactor: Include linked cases in AlertOut response for get_alert_by_id function
* try iso for sigma time format
* refactor: Update get_single_alert_details_route to use CreateAlertRequestRoute in incident_alert.py
* add: alert details api/type
* update: alert overview
* refactor: Update last execution time in run_active_sigma_queries_endpoint
* refactor: Update run_single_sigma_query_endpoint to execute Sigma queries based on time interval
* refactor: Include linked cases in get_case_by_id and list_cases functions
* refactor: Include case creation time in CaseOut and CaseOutResponse models
* update: alert and case type
* update: cases page
* improve: goto composable
* add: AlertDetails on alert asset
* add: case creation
* update: case item component
* add: case details modal
* fix: case creation
* update: dependencies
* feat: Add case status to list_cases function
* add creation tag feature
* Refactor code to delete alert tags in create_alert_tag_endpoint and delete_alert_tag functions
* feat: Add id field to AlertTagBase model
* feat: Add AlertTagDelete model and update delete_alert_tag_endpoint
* feat: Add pagination to list_alerts_endpoint
* feat: Add pagination to list_alerts_by_status_endpoint
* feat: Add pagination to list_alerts_by_asset_name_endpoint
* feat: Add pagination to list_alerts_by_assigned_to_endpoint
* feat: Add list_alerts_by_title_endpoint for retrieving alerts by title with pagination
* feat: Add Socfortress Recommends Wazuh endpoint for retrieving field names and asset names
* refactor: Add Socfortress Recommends Wazuh field names and asset names to enum
* Refactor SocfortressRecommendsWazuhFieldNames enum to include extra use for Within CoPilot
* update dependencies
* updated alert tag component
* refactor alert assign component
* refactor case assign component
* update tw config
* added alert-link api
* add alert-link feature
* improve case item component
* refactor alert overview component
* update alerts list component
* start alert timeline collection
* feat: Add alert timeline retrieval to get_alert_timeline_route
* chore: Add start and end of day calculation for alert timeline retrieval
* chore: Add size parameter to fetch_alert_timeline for limiting the number of results
* chore: Update list_alerts_endpoint to include total count of alerts
* chore: Update list_alerts_endpoint to include total count of alerts
* chore: Update list_alerts_endpoint to include total count of alerts
* chore: Update alert response model to include counts for open, in progress, and closed alerts
* try velo file collection
* add "get Socfortress Recommends Wazuh" feature
* update alert list filters and pagination
* add alert timeline components
* refactor alert assets components
* update dependencies
* asset and totals update
* chore: Update list_alerts_by_assigned_to_endpoint to include total count of alerts by assigned_to
* feat: Add pagination and filters to list_alerts_by_tag_endpoint
* updated menu items
* update dependencies
* retrieve alerts from graylog index now
* chore: Uncomment invoke_alert_creation_collect job in scheduler
* chore: Refactor create_alert_auto_route to handle case when no alerts are found
* chore: Rename create_alert_route to create_alert_manual_route in incident_alert.py and escalate_alert.py
* chore: Remove unused dfir-iris fields from ProvisionNewCustomer schema since we are no longer using it
* chore: Remove unused dfir-iris connection verification
* chore: Remove unused dfir-iris connection verification and fields from ProvisionNewCustomer schema
* chore: Update ProvisionNewCustomer schema to make iris_customer_id optional
* update alert page
* improve cases page
* update alert actions
* add alert item highlight feature
* update dependencies
* precommit fixes
* chore: Remove unused dfir-iris connector from the database since we are now using built in incident management
* update dependencies
* add incidents notification api/types
* refactor customer details modal
* added incident notifications components
* Improved lazy loading of components
* prettier
* precommit fixes
---------
Co-authored-by: Davide Di Modica <webmaster.ddm@gmail.com>- Loading branch information
1 parent
ba36bef
commit 4fa16de