Added mitre info in host alert table. To implement filters

ntop · Aug 6, 2024 · 53027bd · 53027bd
1 parent 7661993
commit 53027bd
Show file tree

Hide file tree

Showing 6 changed files with 494 additions and 10 deletions.
diff --git a/http_src/utilities/datatable/sprymedia-datatable-utils.js b/http_src/utilities/datatable/sprymedia-datatable-utils.js
@@ -674,6 +674,23 @@ export class DataTableRenders {
         return cell;
     }
 
+    static formatMitreId(obj) {
+        return DataTableRenders.filterize('mitre_id', obj.mitre_id, obj.mitre_id_i18n, obj.mitre_id_i18n, obj.mitre_id_i18n);
+    }
+
+    static formatMitreTactic(obj) {
+        return DataTableRenders.filterize('mitre_tactic', obj.mitre_tactic, i18n(obj.mitre_tactic_i18n), obj.mitre_tactic_i18n, obj.mitre_tactic_i18n);
+    }
+
+    static formatMitreTechnique(obj) {
+        return DataTableRenders.filterize('mitre_tactic', obj.mitre_technique, i18n(obj.mitre_technique_i18n), obj.mitre_technique_i18n, obj.mitre_technique_i18n);
+    }
+
+    static formatMitreSubTechnique(obj) {
+        return DataTableRenders.filterize('mitre_tactic', obj.mitre_subtechnique, i18n(obj.mitre_subtechnique_i18n), obj.mitre_subtechnique_i18n, obj.mitre_subtechnique_i18n);
+
+    }
+
     static formatScore(obj, type, row, zero_is_null) {
         if (type !== "display") return obj.value;
         let cell = obj.label;

diff --git a/http_src/vue/page-alert-stats.vue b/http_src/vue/page-alert-stats.vue
@@ -382,6 +382,7 @@ function update_select_query_presets() {
 
 const map_table_def_columns = async (columns) => {
     await ntopng_sync.on_ready(get_query_presets_sync_key());
+
     let map_columns = {
         "l7_proto": (proto, row) => {
             let confidence = "";
@@ -404,7 +405,7 @@ const map_table_def_columns = async (columns) => {
         },
         "srv2cli_bytes": (info, row) => {
             return `${DataTableRenders.filterize('srv2cli_bytes', row.total_bytes.bytes_rcvd, formatterUtils.getFormatter("bytes")(row.total_bytes.bytes_rcvd))}`;
-        },
+        }
 
     };
     let set_query_preset_columns = selected_query_preset.value.is_preset && columns.length > 0;

diff --git a/httpdocs/tables_config/alert_host.json b/httpdocs/tables_config/alert_host.json
@@ -50,24 +50,56 @@
 	    "class": ["text-center"]
 	},
 	{
-	    "title_i18n": "alerts_dashboard.alert",
+		"title_i18n": "alerts_dashboard.alert",
 	    "data_field": "msg",
 	    "sortable": false,
-		 "min-width" : "155px",
+		"min-width" : "155px",
 	    "render_type": "formatNameDescription",
 	    "class": ["text-nowrap"]
 	},
 	{
-	    "title_i18n": "host_details.host",
+		"title_i18n": "host_details.host",
 	    "data_field": "ip",
 	    "sortable": false,
-		 "min-width" : "155px",
+		"min-width" : "155px",
 	    "render_type": "formatHost",
 	    "class": ["text-nowrap"]
 	},
 	{
-	    "title_i18n": "description",
+		"title_i18n": "description",
 	    "data_field": "description",
+	    "sortable": false,
+		"min-width" : "200px",
+	    "class": ["text-nowrap"]
+	},
+	{
+		"title_i18n": "mitre.mitre_id",
+	    "data_field": "mitre_data",
+		"render_type": "formatMitreId",
+	    "sortable": false,
+		"min-width" : "200px",
+	    "class": ["text-nowrap"]
+	},
+	{
+		"title_i18n": "mitre.mitre_tactic",
+	    "data_field": "mitre_data",
+		"render_type": "formatMitreTactic",
+	    "sortable": false,
+		"min-width" : "200px",
+	    "class": ["text-nowrap"]
+	},
+	{
+		"title_i18n": "mitre.mitre_technique",
+	    "data_field": "mitre_data",
+		"render_type": "formatMitreTechnique",
+	    "sortable": false,
+		"min-width" : "200px",
+	    "class": ["text-nowrap"]
+	},
+	{
+		"title_i18n": "mitre.mitre_sub_technique",
+	    "data_field": "mitre_data",
+		"render_type": "formatMitreSubTechnique",
 	    "sortable": false,
 		 "min-width" : "200px",
 	    "class": ["text-nowrap"]

diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
@@ -5621,6 +5621,10 @@ local lang = {
     ["secs"] = "Secs",
   },
   ["mitre"] = {
+    ['mitre_tactic'] = "Mitre Tactic",
+    ['mitre_technique'] = "Mitre Technique",
+    ['mitre_sub_technique'] = "Mitre Subtechnique",
+    ['mitre_id'] = "Mitre ID",
     ["sub_technique"] = {
       ["arp_cache_poisoning"] = "Arp Cache Poisoning",
       ["dhcp_spoofing"] = "DHCP Spoofing",
@@ -5694,7 +5698,7 @@ local lang = {
       ["hide_infrastructure"] = "Hide Infrastructure",
       ["impair_defenses"] = "Impair Defenses",
       ["indicator_removal"] = "Indicator Removal",
-      ["ingress_tool_tranfer"] = "Ingress Tool Tranfer",
+      ["ingress_tool_transfer"] = "Ingress Tool Transfer",
       ["internal_spearphishing"] = "Internal Spearphishing",
       ["lateral_tool_transfer"] = "Lateral Tool Transfer",
       ["network_ddos"] = "Network Denial of Service",
@@ -5711,7 +5715,7 @@ local lang = {
       ["remote_system_discovery"] = "Remote System Discovery",
       ["resource_hijacking"] = "Resource Hijacking",
       ["rogue_domain_controller"] = "Rogue Domain Controller",
-      ["scheduled_tranfer"] = "Scheduled Tranfer",
+      ["scheduled_transfer"] = "Scheduled Transfer",
       ["search_open_tech_db"] = "Search Open Technical Databases",
       ["server_software_component"] = "Server Software Component",
       ["session_hijacking"] = "Session Hijacking",

diff --git a/scripts/lua/modules/alert_store/host_alert_store.lua b/scripts/lua/modules/alert_store/host_alert_store.lua
@@ -17,6 +17,7 @@ local alert_entities = require "alert_entities"
 local alert_roles = require "alert_roles"
 local json = require "dkjson"
 local tag_utils = require "tag_utils"
+--local mitre_consts = require "mitre_consts"
 
 -- ##############################################
 
@@ -328,6 +329,10 @@ local RNAME = {
     NETWORK = {
         name = "network",
         export = false
+    },
+    MITRE = {
+        name = "mitre_data",
+        export = false
     }
 }
 
@@ -367,6 +372,25 @@ function host_alert_store:format_record(value, no_html)
         reference_html = nil
     end
 
+    local alert_key = alert_consts.getAlertType(tonumber(value["alert_id"]), alert_entities.host.entity_id)
+    local mitre_info = alert_consts.getAlertMitreInfo(alert_key)
+
+    -- Add mitre info from db
+    local mitre_tactic = value["mitre_tactic"] or ""
+    local mitre_technique = value["mitre_technique"] or ""
+    local mitre_subtechnique = value["mitre_subtechnique"] or ""
+
+    record[RNAME.MITRE.name] = {
+        mitre_tactic = mitre_tactic,
+        mitre_technique = mitre_technique,
+        mitre_subtechnique = mitre_subtechnique,
+        mitre_id = value["mitre_id"] or "",
+
+        mitre_tactic_i18n = mitre_info.mitre_tactic and mitre_info.mitre_tactic.i18n_label or "",
+        mitre_technique_i18n = mitre_info.mitre_technique and mitre_info.mitre_technique.i18n_label or "",
+        mitre_subtechnique_i18n = mitre_info.mitre_subtechnique and mitre_info.mitre_subtechnique.i18n_label or "",
+    }
+
     record[RNAME.IP.name] = {
         value = host,
         label = host,