Skip to content

Commit

Permalink
Fixed further usecase mappings
Browse files Browse the repository at this point in the history
  • Loading branch information
@frikky
frikky committed Sep 30, 2024
1 parent 25268b0 commit 0b72b8b
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 92 deletions.
95 changes: 13 additions & 82 deletions blobs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,29 +312,8 @@ func GetUsecaseData() string {
"blogpost": "https://medium.com/shuffle-automation/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12",
"reference_image": "/images/detectionframework.png",
"items": {}
},
{
"type": "cases",
"last": "cases",
"name": "2-way Ticket synchronization",
"priority": 20,
"items": {}
},
{
"name": "ChatOps",
"priority": 60,
"type": "communication",
"last": "cases",
"items": {}
},
{
"name": "Threat Intel received",
"priority": 20,
"type": "intel",
"last": "cases",
"items": {}
}
]
}
]
},
{
"name": "2. Enrich",
Expand Down Expand Up @@ -451,79 +430,31 @@ func GetUsecaseData() string {
"color": "#4885ed",
"list": [
{
"name": "Eradicate malware",
"priority": 90,
"type": "intel",
"last": "edr",
"items": {}
},
{
"name": "Quarantine host(s)",
"priority": 90,
"name": "Isolate Host",
"old_name": "Quarantine host(s)",
"priority": 80,
"type": "edr",
"items": {}
},
{
"name": "Update Outdated Software",
"priority": 70,
"type": "assets",
"items": {}
},
{
"name": "Block IPs, URLs, Domains and Hashes",
"priority": 90,
"name": "Block an IP",
"old_name": "Block IPs, URLs, Domains and Hashes",
"priority": 75,
"type": "network",
"items": {}
},
{
"name": "Trigger scans",
"priority": 50,
"type": "assets",
"items": {}
},
{
"name": "Update indicators (FW, EDR, SIEM...)",
"priority": 50,
"type": "intel",
"last": "siem",
"items": {}
},
{
"name": "Autoblock activity when threat intel is received",
"priority": 50,
"type": "intel",
"last": "iam",
"items": {}
},
{
"name": "Lock/Delete/Reset account",
"priority": 50,
"type": "iam",
"items": {}
},
{
"name": "Lock vault",
"name": "Kill a process",
"priority": 50,
"type": "iam",
"type": "edr",
"items": {}
},
{
"name": "Increase authentication",
"priority": 50,
"name": "Lock account",
"old_name": "Lock/Delete/Reset account",
"priority": 70,
"type": "iam",
"items": {}
},
{
"name": "Get policies from assets",
"priority": 50,
"type": "assets",
"items": {}
},
{
"name": "Run ansible scripts",
"type": "assets",
"priority": 50,
"items": {}
}
]
},
Expand Down
13 changes: 10 additions & 3 deletions codegen.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3790,7 +3790,9 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error
baseUrl := os.Getenv("BASE_URL")
log.Printf("[DEBUG] Trying to download image %s from backend %s as it doesn't exist. All images: %#v", imageName, baseUrl, downloadedImages)

downloadedImages = append(downloadedImages, imageName)
if !ArrayContains(downloadedImages, imageName) {
downloadedImages = append(downloadedImages, imageName)
}

data := fmt.Sprintf(`{"name": "%s"}`, imageName)
dockerImgUrl := fmt.Sprintf("%s/api/v1/get_docker_image", baseUrl)
Expand Down Expand Up @@ -3876,6 +3878,13 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error
return errors.New(string(body))
}

os.Remove(newFileName)

if strings.Contains(strings.ToLower(string(body)), "error") {
log.Printf("[ERROR] Error loading image %s: %s", imageName, string(body))
return errors.New(string(body))
}

baseTag := strings.Split(imageName, ":")
if len(baseTag) > 1 {
tag := baseTag[1]
Expand All @@ -3891,8 +3900,6 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error

}

os.Remove(newFileName)

log.Printf("[INFO] Successfully loaded image %s: %s", imageName, string(body))
return nil
}
22 changes: 15 additions & 7 deletions shared.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3289,11 +3289,14 @@ func HandleGetEnvironments(resp http.ResponseWriter, request *http.Request) {
// Here as well as in db-connector due to cache handling
timenow := time.Now().Unix()
for envIndex, env := range newEnvironments {
if newEnvironments[envIndex].Type == "onprem" {
if env.Checkin > 0 && timenow-env.Checkin > 90 {
newEnvironments[envIndex].RunningIp = ""
newEnvironments[envIndex].Licensed = false
}
if newEnvironments[envIndex].Type != "onprem" {
continue
}

if env.Checkin > 0 && timenow-env.Checkin > 90 && len(newEnvironments[envIndex].RunningIp) > 0 {
log.Printf("[DEBUG] Resetting environment %s (%s) due to inactivity", env.Name, env.Id)
newEnvironments[envIndex].RunningIp = ""
newEnvironments[envIndex].Licensed = false
}
}

Expand Down Expand Up @@ -12886,6 +12889,7 @@ func GetOpenIdUrl(request *http.Request, org Org) string {
}

func GetRequestIp(r *http.Request) string {
// Check the actual IP that is inbound
forwardedFor := r.Header.Get("X-Forwarded-For")
if forwardedFor != "" {
// The X-Forwarded-For header can contain a comma-separated list of IP addresses.
Expand Down Expand Up @@ -12934,9 +12938,13 @@ func GetRequestIp(r *http.Request) string {
}
}

// IPv6 / localhostm apping. Just returning raw.
if strings.Contains(r.RemoteAddr, "::") || strings.Contains(r.RemoteAddr, "127.0.0.1") || strings.Contains(r.RemoteAddr, "localhost") {
return r.RemoteAddr
}

// If neither header is present, fall back to using the RemoteAddr field.
// Check for IPv6 and split accordingly.

re := regexp.MustCompile(`\[[^\]]+\]`)
remoteAddr := re.ReplaceAllString(r.RemoteAddr, "")
if remoteAddr != "" {
Expand Down Expand Up @@ -27839,7 +27847,7 @@ func DistributeAppToEnvironments(ctx context.Context, org Org, appnames []string
request := ExecutionRequest{
Type: "DOCKER_IMAGE_DOWNLOAD",
ExecutionId: uuid.NewV4().String(),
ExecutionArgument: strings.Join(appnames, ","),
ExecutionArgument: fmt.Sprintf("%s,%s", strings.ToLower(strings.Join(appnames, ",")), strings.Join(appnames, ",")),
Priority: 11,
}

Expand Down

0 comments on commit 0b72b8b

Please sign in to comment.