Skip to content

Commit

Permalink
bookmark alerts
Browse files Browse the repository at this point in the history
  • Loading branch information
@taylorwalton
taylorwalton committed Jul 19, 2023
1 parent 4dd92d5 commit c9e98f7
Show file tree
Hide file tree
Showing 3 changed files with 270 additions and 0 deletions.
45 changes: 45 additions & 0 deletions backend/app/routes/dfir_iris.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,51 @@ def get_alerts():
return alerts


@bp.route("/dfir_iris/alerts/bookmark/<alert_id>", methods=["POST"])
def bookmark_alert(alert_id: str):
"""
Handle POST requests at the "/alerts/<alert_id>/bookmark" endpoint. Bookmark an alert in DFIR IRIS.
Args:
alert_id (str): The ID of the alert to bookmark.
Returns:
Response: A Flask Response object carrying a JSON representation of the result of the bookmark operation.
"""
service = IRISAlertsService()
bookmarked_alert = service.bookmark_alert(alert_id=alert_id)
return bookmarked_alert


@bp.route("/dfir_iris/alerts/unbookmark/<alert_id>", methods=["POST"])
def unbookmark_alert(alert_id: str):
"""
Handle POST requests at the "/alerts/<alert_id>/unbookmark" endpoint. Unbookmark an alert in DFIR IRIS.
Args:
alert_id (str): The ID of the alert to unbookmark.
Returns:
Response: A Flask Response object carrying a JSON representation of the result of the unbookmark operation.
"""
service = IRISAlertsService()
unbookmarked_alert = service.unbookmark_alert(alert_id=alert_id)
return unbookmarked_alert


@bp.route("/dfir_iris/alerts/bookmarked", methods=["GET"])
def get_bookmarked_alerts():
"""
Handle GET requests at the "/alerts/bookmarked" endpoint. Retrieve all bookmarked alerts from DFIR IRIS.
Returns:
Response: A Flask Response object carrying a JSON representation of the list of bookmarked alerts.
"""
service = IRISAlertsService()
alerts = service.list_bookmarked_alerts()
return alerts


@bp.route("/dfir_iris/users", methods=["GET"])
def get_users():
"""
Expand Down
92 changes: 92 additions & 0 deletions backend/app/services/DFIR_IRIS/alerts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,98 @@ def list_alerts(self) -> Dict[str, object]:
"results": result["data"],
}

def bookmark_alert(self, alert_id: str) -> Dict[str, Any]:
"""
Bookmark an alert in DFIR-IRIS.
Parameters
----------
alert_id : str
The ID of the alert to bookmark.
Returns
-------
Dict[str, Any]
The result of the bookmark operation. Contains information on whether the bookmark operation was successful,
an associated message, and the resulting data.
"""
alert = Alert(session=self.iris_session)
result = self.universal_service.fetch_and_parse_data(
self.iris_session,
alert.update_alert,
alert_id,
{"alert_tags": "bookmarked"},
)

if not result["success"]:
return {
"success": False,
"message": "Failed to bookmark alert in DFIR-IRIS",
}

return {
"success": True,
"message": "Successfully bookmarked alert in DFIR-IRIS",
"results": result["data"],
}

def unbookmark_alert(self, alert_id: str) -> Dict[str, Any]:
"""
Unbookmark an alert in DFIR-IRIS.
Parameters
----------
alert_id : str
The ID of the alert to unbookmark.
Returns
-------
Dict[str, Any]
The result of the unbookmark operation. Contains information on whether the unbookmark operation was successful,
an associated message, and the resulting data.
"""
alert = Alert(session=self.iris_session)
result = self.universal_service.fetch_and_parse_data(
self.iris_session,
alert.update_alert,
alert_id,
{"alert_tags": ""},
)

if not result["success"]:
return {
"success": False,
"message": "Failed to unbookmark alert in DFIR-IRIS",
}

return {
"success": True,
"message": "Successfully unbookmarked alert in DFIR-IRIS",
"results": result["data"],
}

def list_bookmarked_alerts(self) -> Dict[str, Any]:
"""
List all bookmarked alerts from DFIR-IRIS.
Returns
-------
Dict[str, Any]
The result of the bookmarked alerts listing. Contains information on whether the listing was successful,
an associated message, and the resulting data.
"""
alerts = self.list_alerts()["results"]["alerts"]
# Loop thorugh the alerts and collect ones where `alert_tags` contains `bookmarked`
bookmarked_alerts = []
for alert in alerts:
if alert["alert_tags"] is not None and "bookmarked" in alert["alert_tags"]:
bookmarked_alerts.append(alert)
return {
"success": True,
"message": "Successfully collected bookmarked alerts from DFIR-IRIS",
"bookmarked_alerts": bookmarked_alerts,
}

def create_alert_general(self, alert_data: Dict[str, Any], alert_id: str, index: str) -> Dict[str, Any]:
"""
Create an alert within DFIR-IRIS with the provided data.
Expand Down
133 changes: 133 additions & 0 deletions backend/app/static/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2448,6 +2448,139 @@
"tags": ["DFIR Iris"]
}
},
"/dfir_iris/alerts/bookmark/{alert_id}": {
"post": {
"summary": "Assign a bookmark to an alert which adds it as an alert tag",
"description": "Assign a bookmark to an alert which adds it as an alert tag.",
"parameters": [
{
"name": "alert_id",
"in": "path",
"description": "ID of the alert to bookmark.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful operation",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"output": {
"type": "string",
"description": "The output of the command."
}
}
}
}
}
},
"default": {
"description": "Unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"operationId": "assignUserToAlert",
"tags": ["DFIR Iris"]
}
},
"/dfir_iris/alerts/unbookmark/{alert_id}": {
"post": {
"summary": "Unbookmark an alert",
"description": "Unbookmark an alert.",
"parameters": [
{
"name": "alert_id",
"in": "path",
"description": "ID of the alert to unbookmark.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful operation",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"output": {
"type": "string",
"description": "The output of the command."
}
}
}
}
}
},
"default": {
"description": "Unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"operationId": "unbookmarkAlert",
"tags": ["DFIR Iris"]
}
},
"/dfir_iris/alerts/bookmarked": {
"get": {
"summary": "Get all bookmarked alerts",
"description": "Endpoint to get all bookmarked alerts.",
"responses": {
"200": {
"description": "Successful operation",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"alerts": {
"type": "array",
"items": {
"type": "object",
"description": "Alert details"
}
}
}
}
}
}
},
"default": {
"description": "Unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"operationId": "getAllBookmarkedAlerts",
"tags": ["DFIR Iris"]
}
},
"/dfir_iris/users": {
"get": {
"summary": "Get all users",
Expand Down

0 comments on commit c9e98f7

Please sign in to comment.