apis integrated; UX added, updated

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>

common/constants.ts

@@ -6,9 +6,9 @@
 export const DEFAULT_RULE_UUID = '25b9c01c-350d-4b95-bed1-836d04a4f324';
 
 export enum ThreatIntelIocType {
-  IPAddress = 'IP',
-  Domain = 'Domain',
-  FileHash = 'FileHash',
+  IPAddress = 'ip',
+  Domain = 'domain',
+  FileHash = 'hash',
 }
 
 export const IocLabel: { [k in ThreatIntelIocType]: string } = {

public/models/interfaces.ts

@@ -18,6 +18,7 @@ import {
 } from '../services';
 import CorrelationService from '../services/CorrelationService';
 import MetricsService from '../services/MetricsService';
+import ThreatIntelService from '../services/ThreatIntelService';
 
 export interface BrowserServices {
   detectorsService: DetectorsService;
@@ -33,6 +34,7 @@ export interface BrowserServices {
   indexPatternsService: IndexPatternsService;
   logTypeService: LogTypeService;
   metricsService: MetricsService;
+  threatIntelService: ThreatIntelService;
 }
 
 export interface RuleOptions {

public/pages/Correlations/containers/CreateCorrelationRule.tsx

@@ -47,7 +47,7 @@ import { CoreServicesContext } from '../../../components/core_services';
 import { RouteComponentProps, useParams } from 'react-router-dom';
 import { validateName } from '../../../utils/validation';
 import { FieldMappingService, IndexService, OpenSearchService, NotificationsService } from '../../../services';
-import { errorNotificationToast, getDataSources, getLogTypeOptions, getPlugins } from '../../../utils/helpers';
+import { errorNotificationToast, getDataSources, getFieldsForIndex, getLogTypeOptions, getPlugins } from '../../../utils/helpers';
 import { severityOptions } from '../../../pages/Alerts/utils/constants';
 import _ from 'lodash';
 import { NotificationChannelOption, NotificationChannelTypeOptions } from '../../CreateDetector/components/ConfigureAlerts/models/interfaces';
@@ -402,24 +402,7 @@ export const CreateCorrelationRule: React.FC<CreateCorrelationRuleProps> = (
 
   const getLogFields = useCallback(
     async (indexName: string) => {
-      let fields: {
-        label: string;
-        value: string;
-      }[] = [];
-
-      if (indexName) {
-        const result = await props.indexService.getIndexFields(indexName);
-        if (result?.ok) {
-          fields = result.response?.map((field) => ({
-            label: field,
-            value: field,
-          }));
-        }
-
-        return fields;
-      }
-
-      return fields;
+      return getFieldsForIndex(props.indexService, indexName);
     },
     [props.indexService.getIndexFields]
   );

public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx

@@ -32,7 +32,11 @@ export class DetectorSchedule extends React.Component<
           <h3>Detector schedule</h3>
         </EuiTitle>
         <EuiSpacer />
-        <Interval {...this.props} label={<FormFieldHeader headerTitle={'Runs every'} />} />
+        <Interval
+          schedule={this.props.detector.schedule}
+          label={<FormFieldHeader headerTitle={'Runs every'} />}
+          onScheduleChange={this.props.onDetectorScheduleChange}
+        />
       </>
     );
   }

public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval.tsx

@@ -13,25 +13,20 @@ import {
 } from '@elastic/eui';
 import React from 'react';
 import { PeriodSchedule } from '../../../../../../../models/interfaces';
-import { DetectorSchedule } from '../../../../../../../types';
+import { defaultIntervalUnitOptions } from '../../../../../../utils/constants';
 
 export interface IntervalProps {
-  detector: { schedule: DetectorSchedule };
+  schedule: PeriodSchedule;
   label?: string | React.ReactNode;
   readonly?: boolean;
-  onDetectorScheduleChange(schedule: PeriodSchedule): void;
+  scheduleUnitOptions?: EuiSelectOption[];
+  onScheduleChange(schedule: PeriodSchedule): void;
 }
 
 export interface IntervalState {
   isIntervalValid: boolean;
 }
 
-const unitOptions: EuiSelectOption[] = [
-  { value: 'MINUTES', text: 'Minutes' },
-  { value: 'HOURS', text: 'Hours' },
-  { value: 'DAYS', text: 'Days' },
-];
-
 export class Interval extends React.Component<IntervalProps, IntervalState> {
   state = {
     isIntervalValid: true,
@@ -41,26 +36,26 @@ export class Interval extends React.Component<IntervalProps, IntervalState> {
     this.setState({
       isIntervalValid: !!event.target.value,
     });
-    this.props.onDetectorScheduleChange({
+    this.props.onScheduleChange({
       period: {
-        ...this.props.detector.schedule.period,
+        ...this.props.schedule.period,
         interval: parseInt(event.target.value),
       },
     });
   };
 
   onUnitChange = (event: React.ChangeEvent<HTMLSelectElement>) => {
-    this.props.onDetectorScheduleChange({
+    this.props.onScheduleChange({
       period: {
-        ...this.props.detector.schedule.period,
+        ...this.props.schedule.period,
         unit: event.target.value,
       },
     });
   };
 
   render() {
     const { isIntervalValid } = this.state;
-    const { period } = this.props.detector.schedule;
+    const { period } = this.props.schedule;
     return (
       <EuiFormRow
         label={this.props.label}
@@ -82,7 +77,7 @@ export class Interval extends React.Component<IntervalProps, IntervalState> {
           </EuiFlexItem>
           <EuiFlexItem>
             <EuiSelect
-              options={unitOptions}
+              options={this.props.scheduleUnitOptions ?? Object.values(defaultIntervalUnitOptions)}
               onChange={this.onUnitChange}
               value={period.unit}
               data-test-subj={'detector-schedule-unit-select'}

public/pages/Main/Main.tsx

@@ -737,13 +737,23 @@ export default class Main extends Component<MainProps, MainState> {
                                     <Route
                                       path={ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE}
                                       render={(props) => {
-                                        return <AddThreatIntelSource {...props} />;
+                                        return (
+                                          <AddThreatIntelSource
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                          />
+                                        );
                                       }}
                                     />
                                     <Route
                                       path={ROUTES.THREAT_INTEL_OVERVIEW}
                                       render={(props) => {
-                                        return <ThreatIntelOverview {...props} />;
+                                        return (
+                                          <ThreatIntelOverview
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                          />
+                                        );
                                       }}
                                     />
                                     <Route
@@ -753,14 +763,21 @@ export default class Main extends Component<MainProps, MainState> {
                                           <ThreatIntelScanConfigForm
                                             {...props}
                                             notificationsService={services.notificationsService}
+                                            threatIntelService={services.threatIntelService}
+                                            notifications={core.notifications}
                                           />
                                         );
                                       }}
                                     />
                                     <Route
                                       path={`${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/:id`}
                                       render={(props: RouteComponentProps<any, any, any>) => {
-                                        return <ThreatIntelSource {...props} />;
+                                        return (
+                                          <ThreatIntelSource
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                          />
+                                        );
                                       }}
                                     />
 

public/pages/Rules/containers/ImportRule/ImportRule.tsx

@@ -30,7 +30,7 @@ export const ImportRule: React.FC<ImportRuleProps> = ({ history, services, notif
     setFileError('');
 
     if (!!files?.item(0)) {
-      let reader = new FileReader();
+      const reader = new FileReader();
       reader.readAsText(files[0]);
       reader.onload = function () {
         try {

public/pages/ThreatIntel/components/IoCsTable/IoCsTable.tsx

@@ -3,15 +3,20 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import React, { useState } from 'react';
+import React, { useContext, useEffect, useState } from 'react';
 import { EuiBasicTableColumn, EuiInMemoryTable, EuiPanel, EuiSpacer, EuiText } from '@elastic/eui';
 import { ThreatIntelIocData } from '../../../../../types';
-import { dummyIoCDetails } from '../../utils/constants';
+import { SecurityAnalyticsContext } from '../../../../services';
+import moment from 'moment';
 
-export interface IoCstableProps {}
+export interface IoCstableProps {
+  sourceId?: string;
+}
 
-export const IoCstable: React.FC<IoCstableProps> = () => {
-  const [iocs, setIocs] = useState([dummyIoCDetails]);
+export const IoCstable: React.FC<IoCstableProps> = ({ sourceId }) => {
+  const saContext = useContext(SecurityAnalyticsContext);
+  const [iocs, setIocs] = useState<ThreatIntelIocData[]>([]);
+  const [loadingIocs, setLoadingIocs] = useState(true);
   const columns: EuiBasicTableColumn<ThreatIntelIocData>[] = [
     {
       name: 'Value',
@@ -21,14 +26,14 @@ export const IoCstable: React.FC<IoCstableProps> = () => {
       name: 'Type',
       field: 'type',
     },
-    // {
-    //   name: "Feed",
-    //   field: ""
-    // },
+    {
+      name: 'IoC matches',
+      field: 'num_findings',
+    },
     {
       name: 'Created',
       field: 'created',
-      render: (timestamp: number) => new Date(timestamp).toLocaleString(),
+      render: (timestamp: number | string) => moment(timestamp).format('YYYY-MM-DDTHH:mm'),
     },
     {
       name: 'Threat severity',
@@ -37,17 +42,39 @@ export const IoCstable: React.FC<IoCstableProps> = () => {
     {
       name: 'Last updated',
       field: 'modified',
-      render: (timestamp: number) => new Date(timestamp).toLocaleString(),
+      render: (timestamp: number | string) => moment(timestamp).format('YYYY-MM-DDTHH:mm'),
     },
   ];
 
+  useEffect(() => {
+    const getIocs = async () => {
+      if (saContext && sourceId) {
+        setLoadingIocs(true);
+        const iocsRes = await saContext.services.threatIntelService.getThreatIntelIocs({});
+
+        if (iocsRes.ok) {
+          setIocs(iocsRes.response.iocs);
+        }
+        setLoadingIocs(false);
+      }
+    };
+
+    getIocs();
+  }, [saContext]);
+
   return (
     <EuiPanel>
       <EuiText>
         <span>{iocs.length} malicious IoCs</span>
       </EuiText>
       <EuiSpacer />
-      <EuiInMemoryTable columns={columns} items={iocs} search pagination />
+      <EuiInMemoryTable
+        columns={columns}
+        items={iocs}
+        search
+        pagination
+        loading={!sourceId || loadingIocs}
+      />
     </EuiPanel>
   );
 };