Skip to content
This repository has been archived by the owner on Nov 3, 2021. It is now read-only.

Commit

Permalink
Merge pull request #702 from mozilla/ipDecorate
Browse files Browse the repository at this point in the history 
Ip decorate
  • Loading branch information
@pwnbus
pwnbus committed May 29, 2018
2 parents 5ec80e8 + 7538144 commit 6885ed2
Show file tree
Hide file tree
Showing 8 changed files with 95 additions and 25 deletions.
10 changes: 7 additions & 3 deletions meteor/app/client/alertdetails.html
View file
Expand Up @@ -34,7 +34,7 @@
</td>
<td>{{severity}}</td>
<td>{{category}}</td>
<td class="alertsummary">{{summary}}</td>
<td class="alertsummary">{{{ipDecorate summary}}}</td>
</tr>
</tbody>
</table>
Expand All @@ -47,7 +47,11 @@
{{/each}}
</tbody>
</table>

{{>whoismodal}}
{{>dshieldmodal}}
{{>cifmodal}}
{{>blockIPModal}}
{{>intelmodal}}

</div>

Expand All @@ -61,7 +65,7 @@
<td>{{documentindex}}</td>
<td>{{documentid}}</td>
<td>{{documenttype}}</td>
<td>{{documentsource.summary}}</td>
<td>{{{ ipDecorate documentsource.summary}}}</td>
<td>{{>eventdetails}}</td>
</tr>

Expand Down
35 changes: 26 additions & 9 deletions meteor/app/client/alertdetails.js
View file
Expand Up @@ -12,25 +12,25 @@ if (Meteor.isClient) {
thisalertevents: function () {
return alerts.findOne({'esmetadata.id': Session.get('alertID')}).events;
},

kibanaurl: function () {
var esmetadata = alerts.findOne({'esmetadata.id': Session.get('alertID')}).esmetadata;
url=getSetting('kibanaURL') + '/doc/alerts-*/' + esmetadata.index + '/alert?id=' + esmetadata.id;
return url;
}
});

Template.alertdetails.events({
"click .makeinvestigation": function(event, template) {
event.preventDefault();
//ack the alert
//acknowledge the alert
alerts.update(this._id , {$set: {'acknowledged':new Date()}});
alerts.update(this._id, {$set: {'acknowledgedby':Meteor.user().profile.email}});
alerts.update(this._id, {$set: {'acknowledgedby':Meteor.user().profile.email}});
//make an investigation
newInvestigation=models.investigation();
newInvestigation.summary= template.data.summary,
newInvestigation.dateOpened=dateOrNull(template.data.utctimestamp),
newInvestigation.dateOpened=dateOrNull(template.data.utctimestamp),
newid=investigations.insert(newInvestigation);
//add a link to this alert in the references
investigations.update(newid, {
Expand All @@ -46,11 +46,11 @@ if (Meteor.isClient) {
//ack the alert
//acknowledge the alert
alerts.update(this._id , {$set: {'acknowledged':new Date()}});
alerts.update(this._id, {$set: {'acknowledgedby':Meteor.user().profile.email}});
alerts.update(this._id, {$set: {'acknowledgedby':Meteor.user().profile.email}});
//make an incident
newIncident=models.incident();
newIncident.summary= template.data.summary,
newIncident.dateOpened=dateOrNull(template.data.utctimestamp),
newIncident.dateOpened=dateOrNull(template.data.utctimestamp),
newid=incidents.insert(newIncident);
//add a link to this alert in the references
incidents.update(newid, {
Expand All @@ -59,9 +59,26 @@ if (Meteor.isClient) {
//debugLog(template.firstNode.baseURI);
//reroute to full blown edit form after this minimal input is complete
Router.go('/incident/' + newid + '/edit');
},
"click .ipmenu-whois": function(e,t){
Session.set('ipwhoisipaddress',($(e.target).attr('data-ipaddress')));
$('#modalwhoiswindow').modal()
},
"click .ipmenu-dshield": function(e,t){
Session.set('ipdshieldipaddress',($(e.target).attr('data-ipaddress')));
$('#modaldshieldwindow').modal()
},
"click .ipmenu-blockip": function(e,t){
Session.set('blockIPipaddress',($(e.target).attr('data-ipaddress')));
$('#modalBlockIPWindow').modal()
},
"click .ipmenu-cif": function(e,t){
Session.set('ipcifipaddress',($(e.target).attr('data-ipaddress')));
$('#modalcifwindow').modal()
},
"click .ipmenu-intel": function(e,t){
Session.set('ipintelipaddress',($(e.target).attr('data-ipaddress')));
$('#modalintelwindow').modal()
}
});



}
9 changes: 7 additions & 2 deletions meteor/app/client/attackerdetails.html
View file
Expand Up @@ -36,7 +36,7 @@
<option {{ isselected 'falsepositive' category }} value='falsepositive'>False Positive</option>
</select>
</td>
<td>{{summary}}</td>
<td>{{{ipDecorate summary}}}</td>
</tr>
</tbody>
</table>
Expand All @@ -54,6 +54,11 @@
</tbody>
</table>
</div>
{{>whoismodal}}
{{>dshieldmodal}}
{{>cifmodal}}
{{>blockIPModal}}
{{>intelmodal}}
</div>

</template>
Expand All @@ -67,7 +72,7 @@
<td>{{utctimestamp}}</td>
<td>{{severity}}</td>
<td>{{category}}</td>
<td>{{summary}}</td>
<td>{{{ ipDecorate summary}}}</td>
</tr>

</template>
Expand Down
26 changes: 23 additions & 3 deletions meteor/app/client/attackerdetails.js
View file
Expand Up @@ -10,6 +10,26 @@ if (Meteor.isClient) {
Template.attackerdetails.events({
"change #attackerCategory": function(e,t){
attackers.update(Session.get('attackerID'), {$set: {'category':$('#attackerCategory').val()}});
},
"click .ipmenu-whois": function(e,t){
Session.set('ipwhoisipaddress',($(e.target).attr('data-ipaddress')));
$('#modalwhoiswindow').modal()
},
"click .ipmenu-dshield": function(e,t){
Session.set('ipdshieldipaddress',($(e.target).attr('data-ipaddress')));
$('#modaldshieldwindow').modal()
},
"click .ipmenu-blockip": function(e,t){
Session.set('blockIPipaddress',($(e.target).attr('data-ipaddress')));
$('#modalBlockIPWindow').modal()
},
"click .ipmenu-cif": function(e,t){
Session.set('ipcifipaddress',($(e.target).attr('data-ipaddress')));
$('#modalcifwindow').modal()
},
"click .ipmenu-intel": function(e,t){
Session.set('ipintelipaddress',($(e.target).attr('data-ipaddress')));
$('#modalintelwindow').modal()
}
});

Expand All @@ -21,8 +41,8 @@ if (Meteor.isClient) {
{fields:{
events:0}
});
};
};

Template.attackerdetails.rendered = function() {
Deps.autorun(function(comp) {
//subscribe to the alerts data we need
Expand All @@ -36,7 +56,7 @@ if (Meteor.isClient) {
});
});

}); //end deps.autorun
}); //end deps.autorun
};

};
8 changes: 4 additions & 4 deletions meteor/app/client/eventdetails.html
View file
Expand Up @@ -6,15 +6,15 @@
{{#with value}}
{{#each objKeyValue this}}
<span>{{key}}:</span>
<span>{{value}}</span>
<span>{{value}}</span>
{{/each}}
{{/with}}
</div>
{{else}}
<div>
<span>{{key}}:</span>
<span>{{value}}</span>
</div>
<span>{{{ ipDecorate value }}}</span>
</div>
{{/if}}
{{/each}}
{{/each}}
</template>
10 changes: 7 additions & 3 deletions meteor/app/client/ipBlocklistTable.html
View file
Expand Up @@ -28,8 +28,12 @@
{{/each}}
</tbody>
</table>
</div>
{{>blockIPModal}}
</div>
{{>whoismodal}}
{{>dshieldmodal}}
{{>cifmodal}}
{{>blockIPModal}}
{{>intelmodal}}
</div>
</template>

Expand All @@ -38,7 +42,7 @@

<tr class="tooltip-wrapper info-row" title="{{creator}} at {{dateAdded}}" data-toggle="tooltip">
<td></td>
<td>{{address}}</td>
<td>{{{ipDecorate address}}}</td>
<td>{{dateAdded}}</td>
<td>{{dateExpiring}}</td>
<td>{{comment}}</td>
Expand Down
20 changes: 20 additions & 0 deletions meteor/app/client/ipBlocklistTable.js
View file
Expand Up @@ -27,6 +27,26 @@ if (Meteor.isClient) {
"click .ipblockdelete": function(e,t){
ipblocklist.remove(this._id);
Session.set('displayMessage','Deleted ipblock for & ' + this.address);
},
"click .ipmenu-whois": function(e,t){
Session.set('ipwhoisipaddress',($(e.target).attr('data-ipaddress')));
$('#modalwhoiswindow').modal()
},
"click .ipmenu-dshield": function(e,t){
Session.set('ipdshieldipaddress',($(e.target).attr('data-ipaddress')));
$('#modaldshieldwindow').modal()
},
"click .ipmenu-blockip": function(e,t){
Session.set('blockIPipaddress',($(e.target).attr('data-ipaddress')));
$('#modalBlockIPWindow').modal()
},
"click .ipmenu-cif": function(e,t){
Session.set('ipcifipaddress',($(e.target).attr('data-ipaddress')));
$('#modalcifwindow').modal()
},
"click .ipmenu-intel": function(e,t){
Session.set('ipintelipaddress',($(e.target).attr('data-ipaddress')));
$('#modalintelwindow').modal()
}
});

Expand Down
2 changes: 1 addition & 1 deletion rest/plugins/banhammer.conf
View file
Expand Up @@ -3,4 +3,4 @@ banhammerdbhost=<add_banhammerdbhost>
banhammerdbuser=<add_banhammerdbuser>
banhammerdbpasswd=<add_banhammerdbpasswd>
banhammerdbdb=<add_banhammerdbdb>
network_list_file=/opt/mozdef/envs/mozdef/static/iplist.txt
network_list_file=/dev/null

0 comments on commit 6885ed2

Please sign in to comment.