[Threat intel][part 3] Support for source type URL_Download and logic…

… to activate/deactivate source (#1068) (#1074) * added url_download type of threat intel source; activate/deactivate for sources * added check for controls --------- (cherry picked from commit 6b63eb2) Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Jul 6, 2024 · e9e81a3 · e9e81a3
1 parent 9172b05
commit e9e81a3
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 15 deletions.
diff --git a/public/pages/ThreatIntel/components/ThreatIntelSourceDetails/ThreatIntelSourceDetails.tsx b/public/pages/ThreatIntel/components/ThreatIntelSourceDetails/ThreatIntelSourceDetails.tsx
@@ -27,6 +27,7 @@ import {
   ThreatIntelS3CustomSourcePayload,
   ThreatIntelSourceItem,
   ThreatIntelSourcePayload,
+  URLDownloadSource,
 } from '../../../../../types';
 import { defaultIntervalUnitOptions } from '../../../../utils/constants';
 import { readIocsFromFile, threatIntelSourceItemToBasePayload } from '../../utils/helpers';
@@ -331,6 +332,14 @@ export const ThreatIntelSourceDetails: React.FC<ThreatIntelSourceDetailsProps> =
                 )}
               </>
             )}
+            {type === 'URL_DOWNLOAD' && (
+              <EuiFormRow label="Source URL">
+                <EuiFieldText
+                  readOnly={isReadOnly}
+                  value={(sourceItem.source as URLDownloadSource).url_download?.url}
+                />
+              </EuiFormRow>
+            )}
             <EuiFormRow label="Types of malicious indicators">
               <>
                 <EuiSpacer size="s" />
@@ -344,14 +353,16 @@ export const ThreatIntelSourceDetails: React.FC<ThreatIntelSourceDetailsProps> =
             </EuiFormRow>
             <EuiSpacer />
           </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiButton
-              style={{ visibility: isReadOnly ? 'visible' : 'hidden' }}
-              onClick={() => setIsReadOnly(false)}
-            >
-              Edit
-            </EuiButton>
-          </EuiFlexItem>
+          {type !== 'URL_DOWNLOAD' && (
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                style={{ visibility: isReadOnly ? 'visible' : 'hidden' }}
+                onClick={() => setIsReadOnly(false)}
+              >
+                Edit
+              </EuiButton>
+            </EuiFlexItem>
+          )}
         </EuiFlexGroup>
       </EuiPanel>
       {!isReadOnly && (

diff --git a/public/pages/ThreatIntel/containers/Overview/ThreatIntelOverview.tsx b/public/pages/ThreatIntel/containers/Overview/ThreatIntelOverview.tsx
@@ -194,7 +194,7 @@ export const ThreatIntelOverview: React.FC<ThreatIntelOverviewProps> = ({
         initialIsOpen={threatIntelSources.length === 0 || logSources.length === 0}
       >
         <EuiSpacer />
-        <EuiFlexGroup>
+        <EuiFlexGroup wrap>
           {threatIntelNextStepsProps.map(
             ({ id, title, description, footerButtonProps: { text, disabled } }) => (
               <EuiFlexItem key={id}>

diff --git a/public/pages/ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource.tsx b/public/pages/ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource.tsx
@@ -11,14 +11,17 @@ import { useEffect } from 'react';
 import { CoreServicesContext } from '../../../../components/core_services';
 import {
   EuiButton,
+  EuiButtonIcon,
   EuiFlexGroup,
   EuiFlexItem,
+  EuiIcon,
   EuiLoadingContent,
   EuiPanel,
   EuiSpacer,
   EuiTabbedContent,
   EuiTabbedContentTab,
   EuiTitle,
+  EuiToolTip,
 } from '@elastic/eui';
 import { DescriptionGroup } from '../../../../components/Utility/DescriptionGroup';
 import { IoCsTable } from '../../components/IoCsTable/IoCsTable';
@@ -138,8 +141,27 @@ export const ThreatIntelSource: React.FC<ThreatIntelSource> = ({
     }
   };
 
-  const { name, description, type, ioc_types, last_update_time, enabled } = source;
+  const toggleActiveState = async () => {
+    const updateRes = await threatIntelService.updateThreatIntelSource(source.id, {
+      ...source,
+      enabled_for_scan: !source.enabled_for_scan,
+    });
+    if (updateRes.ok) {
+      onSourceUpdate();
+    }
+  };
+
+  const {
+    name,
+    description,
+    type,
+    ioc_types,
+    last_update_time,
+    enabled,
+    enabled_for_scan,
+  } = source;
   const schedule = type === 'S3_CUSTOM' ? source.schedule : undefined;
+  const showActivateControls = 'enabled_for_scan' in source;
 
   return (
     <>
@@ -150,7 +172,36 @@ export const ThreatIntelSource: React.FC<ThreatIntelSource> = ({
           </EuiTitle>
         </EuiFlexItem>
         <EuiFlexItem grow={false}>
-          <EuiFlexGroup alignItems="center">
+          <EuiFlexGroup alignItems="center" wrap>
+            {showActivateControls && (
+              <>
+                <EuiFlexItem grow={false}>
+                  <EuiToolTip
+                    content={
+                      'When Active, the indicators of compromise from this source are used to scan the log data as part of the threat intel scan.'
+                    }
+                  >
+                    <span>
+                      <EuiIcon
+                        type={'dot'}
+                        color={enabled_for_scan ? 'success' : 'text'}
+                        style={{ marginBottom: 4 }}
+                      />{' '}
+                      {enabled_for_scan ? 'Active' : 'Inactive'}&nbsp;
+                      <EuiIcon type={'iInCircle'} />
+                    </span>
+                  </EuiToolTip>
+                </EuiFlexItem>
+                <EuiFlexItem grow={false}>
+                  <EuiButton
+                    color={enabled_for_scan ? 'danger' : 'primary'}
+                    onClick={toggleActiveState}
+                  >
+                    {enabled_for_scan ? 'Deactivate' : 'Activate'}
+                  </EuiButton>
+                </EuiFlexItem>
+              </>
+            )}
             {type === 'S3_CUSTOM' && (
               <EuiFlexItem grow={false}>
                 <EuiButton fill onClick={onRefresh}>
@@ -159,9 +210,9 @@ export const ThreatIntelSource: React.FC<ThreatIntelSource> = ({
               </EuiFlexItem>
             )}
             <EuiFlexItem grow={false}>
-              <EuiButton color="danger" onClick={onDeleteButtonClick}>
-                Delete
-              </EuiButton>
+              <EuiToolTip content={'Delete'}>
+                <EuiButtonIcon iconType={'trash'} color="danger" onClick={onDeleteButtonClick} />
+              </EuiToolTip>
             </EuiFlexItem>
           </EuiFlexGroup>
         </EuiFlexItem>

diff --git a/types/ThreatIntel.ts b/types/ThreatIntel.ts
@@ -52,12 +52,19 @@ export interface FileUploadSource {
   };
 }
 
+export interface URLDownloadSource {
+  url_download: {
+    url: string;
+  };
+}
+
 export interface ThreatIntelSourcePayloadBase {
   name: string;
   description?: string;
   format: 'STIX2';
   store_type: 'OS';
   enabled: boolean;
+  enabled_for_scan: boolean;
   ioc_types: ThreatIntelIocType[];
 }
 
@@ -78,9 +85,22 @@ export interface ThreatIntelIocUploadSourcePayload extends ThreatIntelSourcePayl
   source: FileUploadSource;
 }
 
+export interface ThreatIntelURLDownloadSourceInfo extends ThreatIntelSourcePayloadBase {
+  type: 'URL_DOWNLOAD';
+  schedule: {
+    interval: {
+      start_time: number;
+      period: number;
+      unit: string;
+    };
+  };
+  source: URLDownloadSource;
+}
+
 export type ThreatIntelSourcePayload =
   | ThreatIntelS3CustomSourcePayload
-  | ThreatIntelIocUploadSourcePayload;
+  | ThreatIntelIocUploadSourcePayload
+  | ThreatIntelURLDownloadSourceInfo;
 
 export interface LogSourceIocConfig {
   enabled: boolean;