From dfdf8a20b5a8c9add22aa054edf489daaa9c011f Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Tue, 10 Oct 2017 15:38:12 +0530 Subject: [PATCH 01/11] Initial commit for time-range selection for search --- .../e2e/alerts-list/alerts-list.po.ts | 63 +++- .../search-time-range.e2e-spec.ts | 73 +++++ metron-interface/metron-alerts/package.json | 4 + .../metron-alerts/protractor.conf.js | 3 +- .../metron-alerts/src/_variables.scss | 24 ++ .../alerts-list/alerts-list.component.html | 3 + .../alerts-list/alerts-list.component.scss | 4 +- .../alerts-list/alerts-list.component.ts | 20 +- .../alerts/alerts-list/alerts-list.module.ts | 3 +- .../app/alerts/alerts-list/query-builder.ts | 47 ++- .../metron-alerts/src/app/model/filter.ts | 30 +- .../date-picker/date-picker.component.html | 17 ++ .../date-picker/date-picker.component.scss | 31 ++ .../date-picker/date-picker.component.spec.ts | 25 ++ .../date-picker/date-picker.component.ts | 77 +++++ .../shared/date-picker/date-picker.module.ts | 15 + .../app/shared/pipes/map-keys.pipe.spec.ts | 8 + .../src/app/shared/pipes/map-keys.pipe.ts | 12 + .../src/app/shared/shared.module.ts | 7 +- .../time-range/time-range.component.html | 57 ++++ .../time-range/time-range.component.scss | 106 +++++++ .../time-range/time-range.component.spec.ts | 25 ++ .../shared/time-range/time-range.component.ts | 280 ++++++++++++++++++ .../shared/time-range/time-range.module.ts | 16 + .../metron-alerts/src/app/utils/constants.ts | 6 + .../src/app/utils/elasticsearch-utils.ts | 12 + .../metron-alerts/src/styles.scss | 9 + 27 files changed, 954 insertions(+), 23 deletions(-) create mode 100644 metron-interface/metron-alerts/e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html create mode 100644 metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss create mode 100644 metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html create mode 100644 metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss create mode 100644 metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts create mode 100644 metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts index ec441200ca..7e4ea249fb 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts @@ -17,6 +17,7 @@ */ import {browser, element, by, protractor} from 'protractor'; +import {waitForElementInVisibility} from '../utils/e2e_util'; export class MetronAlertsPage { navigateTo() { @@ -119,7 +120,7 @@ export class MetronAlertsPage { } getSettingsLabels() { - return element.all(by.css('form label:not(.switch)')).getText(); + return element.all(by.css('app-configure-rows form label:not(.switch)')).getText(); } getRefreshRateOptions() { @@ -274,4 +275,64 @@ export class MetronAlertsPage { return column.getText(); }); } + + clickDateSettings() { + element(by.css('app-time-range button.btn-search')).click(); + browser.sleep(2000); + } + + getTimeRangeTitles() { + return element.all(by.css('.title')).getText(); + } + + getQuickTimeRanges() { + return element.all(by.css('app-time-range .quick-ranges span')).getText(); + } + + getValueForManualTimeRange() { + return element.all(by.css('app-time-range input.form-control')). getAttribute('value'); + } + + isManulaTimeRangeApplyButtonPresent() { + return element.all(by.css('app-time-range')).all(by.buttonText('APPLY')).count().then(count => count === 1); + } + + selectQuickTimeRange(quickRange: string) { + element(by.cssContainingText('.quick-ranges span', quickRange)).click(); + browser.sleep(1000); + } + + getTimeRangeButtonText() { + return element.all(by.css('app-time-range button.btn-search span')).get(0).getText(); + } + + setDate(index: number, year: string, month: string, day: string, hour: string, min: string, sec: string) { + element.all(by.css('app-time-range .calendar')).get(index).click() + .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).click()) + .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).element(by.cssContainingText('option', hour)).click()) + .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).click()) + .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).element(by.cssContainingText('option', min)).click()) + .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).click()) + .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).element(by.cssContainingText('option', sec)).click()) + .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).click()) + .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).element(by.cssContainingText('option', year)).click()) + .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).click()) + .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).element(by.cssContainingText('option', month)).click()) + .then(() => element.all(by.css('.pika-table')).get(index).element(by.buttonText(day)).click()) + .then(() => waitForElementInVisibility(element.all(by.css('.pika-single')).get(index))); + + browser.sleep(1000); + } + + selectTimeRangeApplyButton() { + return element(by.css('app-time-range')).element(by.buttonText('APPLY')).click(); + } + + getChangesAlertTableTitle(previousText: string) { + // browser.pause(); + let title = element(by.css('.col-form-label-lg')); + return this.waitForTextChange(title, previousText).then(() => { + return title.getText(); + }); + } } diff --git a/metron-interface/metron-alerts/e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts new file mode 100644 index 0000000000..19c086e26a --- /dev/null +++ b/metron-interface/metron-alerts/e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts @@ -0,0 +1,73 @@ +/// +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import { customMatchers } from '../../matchers/custom-matchers'; +import {MetronAlertsPage} from '../alerts-list.po'; +import {LoginPage} from '../../login/login.po'; +import {loadTestData, deleteTestData} from '../../utils/e2e_util'; + +describe('metron-alerts Search', function() { + let page:MetronAlertsPage; + let loginPage:LoginPage; + + beforeAll(() => { + loadTestData(); + loginPage = new LoginPage(); + loginPage.login(); + }); + + afterAll(() => { + loginPage.logout(); + deleteTestData(); + }); + + beforeEach(() => { + page = new MetronAlertsPage(); + jasmine.addMatchers(customMatchers); + }); + + it('sould have all time-range controls', () => { + let quickRanges = [ + 'Last 7 days', 'Last 30 days', 'Last 60 days', 'Last 90 days', 'Last 6 months', 'Last 1 year', 'Last 2 years', 'Last 5 years', + 'Yesterday', 'Day before yesterday', 'This day last week', 'Previous week', 'Previous month', 'Previous year', 'All time', + 'Today', 'Today so far', 'This week', 'This week so far', 'This month', 'This year', + 'Last 5 minutes', 'Last 15 minutes', 'Last 30 minutes', 'Last 1 hour', 'Last 3 hours', 'Last 6 hours', 'Last 12 hours', 'Last 24 hours' + ]; + + page.clickDateSettings(); + expect(page.getTimeRangeTitles()).toEqual(['Time Range', 'Quick Ranges']); + expect(page.getQuickTimeRanges()).toEqual(quickRanges); + expect(page.getValueForManualTimeRange()).toEqual([ 'now/d', 'now/d' ]); + expect(page.isManulaTimeRangeApplyButtonPresent()).toEqual(true); + expect(page.getTimeRangeButtonText()).toEqual('All time'); + + }); + + it('sould have all time-range included while searching', () => { + page.selectQuickTimeRange('Last 5 years'); + expect(page.getTimeRangeButtonText()).toEqual('Last 5 years'); + + page.clickDateSettings(); + page.setDate(0, '2017', 'September', '13', '23', '29', '35'); + page.setDate(1, '2017', 'September', '13', '23', '29', '40'); + page.selectTimeRangeApplyButton(); + + expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)'); + }); + +}); \ No newline at end of file diff --git a/metron-interface/metron-alerts/package.json b/metron-interface/metron-alerts/package.json index 446c40d0d4..5092564c5c 100644 --- a/metron-interface/metron-alerts/package.json +++ b/metron-interface/metron-alerts/package.json @@ -21,10 +21,13 @@ "@angular/platform-browser": "^4.0.0", "@angular/platform-browser-dynamic": "^4.0.0", "@angular/router": "^4.0.0", + "@types/moment": "^2.13.0", "ace-builds": "^1.2.6", "bootstrap": "4.0.0-alpha.6", "core-js": "^2.4.1", "font-awesome": "^4.7.0", + "moment": "^2.18.1", + "pikaday-time": "^1.6.1", "rxjs": "^5.1.0", "web-animations-js": "^2.2.2", "zone.js": "^0.8.4" @@ -35,6 +38,7 @@ "@types/ace": "0.0.32", "@types/jasmine": "2.5.38", "@types/node": "~6.0.60", + "@types/pikaday-time": "^1.4.2", "codelyzer": "~2.0.0", "compression": "1.6.2", "elementor": "^2.1.0", diff --git a/metron-interface/metron-alerts/protractor.conf.js b/metron-interface/metron-alerts/protractor.conf.js index 6a82e9c64b..15c62484b7 100644 --- a/metron-interface/metron-alerts/protractor.conf.js +++ b/metron-interface/metron-alerts/protractor.conf.js @@ -30,7 +30,8 @@ exports.config = { './e2e/alerts-list/configure-table/configure-table.e2e-spec.ts', './e2e/alerts-list/save-search/save-search.e2e-spec.ts', './e2e/alerts-list/alert-status/alerts-list-status.e2e-spec.ts', - './e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts' + './e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts', + './e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts' ], capabilities: { 'browserName': 'chrome', diff --git a/metron-interface/metron-alerts/src/_variables.scss b/metron-interface/metron-alerts/src/_variables.scss index 1a5fa86944..079d5dc452 100644 --- a/metron-interface/metron-alerts/src/_variables.scss +++ b/metron-interface/metron-alerts/src/_variables.scss @@ -40,6 +40,8 @@ $mine-shaft-2: #333333; $mine-shaft-3: #262626; $mine-shaft-4: #383838; $mine-shaft-5: #3D3D3D; +$mine-shaft-6: #3A3A3A; +$mine-shaft-7: #353535; $dove-grey: #737373; $tundora: #4D4D4D; $tundora-1: #404040; @@ -71,6 +73,7 @@ $eastern-blue: #1F91BE; $mantis: #80BF4D; $sky-blue: #75D2ED; $outer-space: #2E3A3F; +$abbey: #58595B; $eastern-blue-1: #1190C0; $matisse: #1E7490; @@ -90,6 +93,27 @@ $nav-content-nav-width: 200px; $login-label: #606060; $black: #000000; + +//Pikaday +$pd-text-color: #999999; +$pd-title-color: #999999; +$pd-title-bg: #3D3D3D; +$pd-picker-bg: #3D3D3D; +$pd-picker-border: #4D4D4D; +$pd-picker-border-bottom: #353535; +$pd-picker-shadow: rgba(0,0,0,.5); +$pd-th-color: #999; +$pd-day-color: #999999; +$pd-day-bg: #2D2D2D; +$pd-day-hover-color: #FDFEFE; +$pd-day-hover-bg: #1F91BE; +$pd-day-today-color: #FFFFFF; +$pd-day-selected-color: #1E87AF; +$pd-day-selected-bg: tranparent; +$pd-day-selected-shadow: tranparent; +$pd-day-disabled-color: #999; +$pd-week-color: #999; + @mixin place-holder-text { font-family: Roboto; diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html index 856a3a31c1..9973516541 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html @@ -23,6 +23,9 @@ + + + diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss index 6a26d3c63b..835d1e88a9 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss @@ -66,7 +66,7 @@ $searchbox-height: 42px; .btn-saved-searches { font-size: 15px; - + font-family: Roboto; background: $mine-shaft-5; border: 1px solid $tundora; color: $silver-chalice; @@ -86,7 +86,7 @@ $searchbox-height: 42px; .btn-search-clear { border-top: 1px solid $tundora; border-bottom: 1px solid $tundora; - border-right: 1px solid $blue-chill; + border-right: 1px solid $tundora; background: $mine-shaft-1; border-left: none; padding: 0px 5px 0px 0px; diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts index 039ed484c0..f60c6e698c 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts @@ -35,8 +35,9 @@ import {MetronDialogBox, DialogType} from '../../shared/metron-dialog-box'; import {AlertSearchDirective} from '../../shared/directives/alert-search.directive'; import {SearchResponse} from '../../model/search-response'; import {ElasticsearchUtils} from '../../utils/elasticsearch-utils'; -import {TableViewComponent} from './table-view/table-view.component'; import {Filter} from '../../model/filter'; +import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME} from '../../utils/constants'; +import {TableViewComponent} from './table-view/table-view.component'; import {Pagination} from '../../model/pagination'; import {environment} from '../../../environments/environment'; @@ -58,7 +59,8 @@ export class AlertsListComponent implements OnInit, OnDestroy { refreshTimer: Subscription; pauseRefresh = false; lastPauseRefreshValue = false; - threatScoreFieldName = 'threat:triage:score'; + timeStampfilterPresent = false; + threatScoreFieldName = THREAT_SCORE_FIELD_NAME; indices: string[]; @ViewChild('table') table: ElementRef; @@ -153,14 +155,15 @@ export class AlertsListComponent implements OnInit, OnDestroy { } onClear() { + this.timeStampfilterPresent = false; this.queryBuilder.displayQuery = ''; this.search(); } onSearch($event) { this.queryBuilder.displayQuery = $event; + this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent(); this.search(); - return false; } @@ -177,6 +180,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { } onAddFilter(filter: Filter) { + this.timeStampfilterPresent = (filter.field === TIMESTAMP_FIELD_NAME); this.queryBuilder.addOrUpdateFilter(filter); this.search(); } @@ -200,6 +204,11 @@ export class AlertsListComponent implements OnInit, OnDestroy { this.colNumberTimerId = setTimeout(() => { this.calcColumnsToDisplay(); }, 500); } + onTimeRangeChange(filter: Filter) { + this.queryBuilder.addOrUpdateFilter(filter); + this.search(); + } + prepareColumnData(configuredColumns: ColumnMetadata[], defaultColumns: ColumnMetadata[]) { this.alertsColumns = (configuredColumns && configuredColumns.length > 0) ? configuredColumns : defaultColumns; this.queryBuilder.setFields(this.getColumnNamesForQuery()); @@ -243,6 +252,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { } removeFilter(field: string) { + this.timeStampfilterPresent = (field === TIMESTAMP_FIELD_NAME) ? false : this.timeStampfilterPresent; this.queryBuilder.removeFilter(field); this.search(); } @@ -276,6 +286,10 @@ export class AlertsListComponent implements OnInit, OnDestroy { } saveCurrentSearch(savedSearch: SaveSearch) { + if (this.queryBuilder.filters.length === 1 && this.queryBuilder.filters[0].display === false) { + return; + } + if (this.queryBuilder.query !== '*') { if (!savedSearch) { savedSearch = new SaveSearch(); diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts index 805265c137..4111a83e73 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts @@ -27,11 +27,12 @@ import {ListGroupModule} from '../../shared/list-group/list-grup.module'; import {CollapseModule} from '../../shared/collapse/collapse.module'; import {MetronTablePaginationModule} from '../../shared/metron-table/metron-table-pagination/metron-table-pagination.module'; import {ConfigureRowsModule} from '../configure-rows/configure-rows.module'; +import {TimeRangeModule} from '../../shared/time-range/time-range.module'; import {TableViewComponent} from './table-view/table-view.component'; @NgModule({ imports: [routing, SharedModule, ConfigureRowsModule, MetronSorterModule, MetronTablePaginationModule, - ListGroupModule, CollapseModule], + ListGroupModule, CollapseModule, TimeRangeModule], exports: [AlertsListComponent], declarations: [AlertsListComponent, TableViewComponent], providers: [SearchService, UpdateService] diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts index 0b76ee121b..59df9929f1 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts @@ -19,6 +19,7 @@ import {Filter} from '../../model/filter'; import {ColumnNamesService} from '../../service/column-names.service'; import {SearchRequest} from '../../model/search-request'; import {SortField} from '../../model/sort-field'; +import {TIMESTAMP_FIELD_NAME} from '../../utils/constants'; export class QueryBuilder { private _searchRequest = new SearchRequest(); @@ -63,9 +64,17 @@ export class QueryBuilder { } addOrUpdateFilter(filter: Filter) { - let existingFilter = this._filters.find(tFilter => tFilter.field === filter.field); + let existingFilterIndex = -1; + let existingFilter = this._filters.find((tFilter, index) => { + if (tFilter.field === filter.field) { + existingFilterIndex = index; + return true; + } + return false; + }); + if (existingFilter) { - existingFilter.value = filter.value; + this._filters.splice(existingFilterIndex, 1, filter); } else { this._filters.push(filter); } @@ -74,22 +83,28 @@ export class QueryBuilder { } generateSelect() { - let select = this._filters.map(filter => { - return filter.field.replace(/:/g, '\\:') + - ':' + - String(filter.value) - .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single special characters - .replace(/\|\|/g, '\\||') // replace || - .replace(/\&\&/g, '\\&&'); // replace && - }).join(' AND '); + let select = this._filters.map(filter => filter.getQueryString()).join(' AND '); return (select.length === 0) ? '*' : select; } generateSelectForDisplay() { - let select = this._filters.map(filter => ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value).join(' AND '); + let appliedFilters = []; + this._filters.reduce((appliedFilters, filter) => { + if (filter.display) { + appliedFilters.push(ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value); + } + + return appliedFilters; + }, appliedFilters); + + let select = appliedFilters.join(' AND '); return (select.length === 0) ? '*' : select; } + isTimeStampFieldPresent(): boolean { + return !!this._filters.find(filter => (filter.field === TIMESTAMP_FIELD_NAME)); + } + onSearchChange() { this._query = this.generateSelect(); this._displayQuery = this.generateSelectForDisplay(); @@ -121,7 +136,7 @@ export class QueryBuilder { private updateFilters(tQuery: string, updateNameTransform = false) { let query = tQuery; - this._filters = []; + this.removeDisplayedFilters(); if (query && query !== '' && query !== '*') { let terms = query.split(' AND '); @@ -134,4 +149,12 @@ export class QueryBuilder { } } } + + private removeDisplayedFilters() { + for (let i = this._filters.length-1; i >= 0; i--) { + if (this._filters[i].display) { + this._filters.splice(i, 1); + } + } + } } diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts index 24c54d878a..18e05d4daa 100644 --- a/metron-interface/metron-alerts/src/app/model/filter.ts +++ b/metron-interface/metron-alerts/src/app/model/filter.ts @@ -15,12 +15,40 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +import {ElasticsearchUtils} from '../utils/elasticsearch-utils'; + export class Filter { field: string; value: string; + display: boolean; - constructor(field: string, value: string) { + constructor(field: string, value: string, display = true) { this.field = field; this.value = value; + this.display = display; + } + + getQueryString(): string { + return ElasticsearchUtils.escapeESField(this.field) + ':' + ElasticsearchUtils.escapeESValue(this.value); + } +} + +export class RangeFilter extends Filter { + gte: number; + lte: number; + + constructor(field:string, gte:number, lte:number, display = true) { + super(field, '', display); + this.gte = gte; + this.lte = lte; + this.value = this.getFilterValue(); + } + + getQueryString(): string { + return ElasticsearchUtils.escapeESField(this.field) + ':' + this.getFilterValue(); + } + + getFilterValue() { + return '(>=' + this.gte + ' AND ' + ' <=' + this.lte + ')'; } } diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html new file mode 100644 index 0000000000..475d7fc99e --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html @@ -0,0 +1,17 @@ + +
+ + +
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss new file mode 100644 index 0000000000..813b6a5a03 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +@import "../../../variables"; + +.calendar { + height: 35px; + background: #333333; + border: solid 1px #4D4D4D; + color: #999999; + + &::after { + font-family: "FontAwesome"; + content: '\f073'; + } +} \ No newline at end of file diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts new file mode 100644 index 0000000000..994ac02bff --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts @@ -0,0 +1,25 @@ +import { async, ComponentFixture, TestBed } from '@angular/core/testing'; + +import { DatePickerComponent } from './date-picker.component'; + +describe('DatePickerComponent', () => { + let component: DatePickerComponent; + let fixture: ComponentFixture; + + beforeEach(async(() => { + TestBed.configureTestingModule({ + declarations: [ DatePickerComponent ] + }) + .compileComponents(); + })); + + beforeEach(() => { + fixture = TestBed.createComponent(DatePickerComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should be created', () => { + expect(component).toBeTruthy(); + }); +}); diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts new file mode 100644 index 0000000000..ca9bf5f2a7 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts @@ -0,0 +1,77 @@ +import { Component, OnInit, ViewChild, ElementRef, OnChanges, SimpleChanges, Input, Output, EventEmitter } from '@angular/core'; +import * as moment from 'moment/moment'; +import * as Pikaday from "pikaday-time"; + +@Component({ + selector: 'app-date-picker', + templateUrl: './date-picker.component.html', + styleUrls: ['./date-picker.component.scss'] +}) +export class DatePickerComponent implements OnInit, OnChanges { + defaultDateStr = 'now/d'; + picker: Pikaday; + dateStr = this.defaultDateStr; + + @Input() date = ''; + @Input() minDate = ''; + @Output() dateChange = new EventEmitter(); + @ViewChild('inputText') inputText: ElementRef; + + constructor(private elementRef: ElementRef) {} + + ngOnInit() { + let _datePickerComponent = this; + let pikadayConfig = { + field: this.elementRef.nativeElement, + showSeconds: true, + use24hour: true, + onSelect: function() { + _datePickerComponent.dateStr = this.getMoment().format('YYYY-MM-DD HH:mm:ss'); + setTimeout(() => _datePickerComponent.dateChange.emit(_datePickerComponent.dateStr), 0); + } + }; + this.picker = new Pikaday(pikadayConfig); + this.setDate(); + } + + ngOnChanges(changes: SimpleChanges) { + if (changes && changes['minDate'] && this.picker) { + this.setMinDate(); + } + + if (changes && changes['date'] && this.picker) { + this.setDate(); + } + } + + setDate() { + if (this.date === '') { + this.dateStr = this.defaultDateStr; + } else { + this.dateStr = this.date; + this.picker.setDate(this.dateStr); + } + } + + setMinDate() { + let currentDate = new Date(this.dateStr).getTime(); + let currentMinDate = new Date(this.minDate).getTime(); + if (currentMinDate > currentDate) { + this.dateStr = this.defaultDateStr; + } + this.picker.setMinDate(new Date(this.minDate)); + this.picker.setDate(moment(this.minDate).endOf('day').format('YYYY-MM-DD HH:mm:ss')); + } + + toggleDatePicker($event) { + if (this.picker) { + if (this.picker.isVisible()) { + this.picker.hide(); + } else { + this.picker.show(); + } + + $event.stopPropagation(); + } + } +} diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts new file mode 100644 index 0000000000..ded98816c2 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts @@ -0,0 +1,15 @@ +import { NgModule } from '@angular/core'; +import { CommonModule } from '@angular/common'; +import { FormsModule } from '@angular/forms'; +import {DatePickerComponent} from './date-picker.component'; +import {SharedModule} from '../shared.module'; + +@NgModule({ + imports: [ + CommonModule, + FormsModule + ], + declarations: [DatePickerComponent], + exports: [DatePickerComponent] +}) +export class DatePickerModule { } diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts new file mode 100644 index 0000000000..17cfef7f59 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts @@ -0,0 +1,8 @@ +import { MapKeysPipe } from './map-keys.pipe'; + +describe('MapKeysPipe', () => { + it('create an instance', () => { + const pipe = new MapKeysPipe(); + expect(pipe).toBeTruthy(); + }); +}); diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts new file mode 100644 index 0000000000..5bf8013cf4 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts @@ -0,0 +1,12 @@ +import { Pipe, PipeTransform } from '@angular/core'; + +@Pipe({ + name: 'mapKeys' +}) +export class MapKeysPipe implements PipeTransform { + + transform(value: any, args?: any): any { + return value ? Object.keys(value) : []; + } + +} diff --git a/metron-interface/metron-alerts/src/app/shared/shared.module.ts b/metron-interface/metron-alerts/src/app/shared/shared.module.ts index c2ad78f5ff..50f39a915a 100644 --- a/metron-interface/metron-alerts/src/app/shared/shared.module.ts +++ b/metron-interface/metron-alerts/src/app/shared/shared.module.ts @@ -24,6 +24,7 @@ import { NavContentDirective } from './directives/nav-content.directive'; import { CenterEllipsesPipe } from './pipes/center-ellipses.pipe'; import { AlertSearchDirective } from './directives/alert-search.directive'; import { ColumnNameTranslatePipe } from './pipes/column-name-translate.pipe'; +import { MapKeysPipe } from './pipes/map-keys.pipe'; @NgModule({ imports: [ @@ -35,7 +36,8 @@ import { ColumnNameTranslatePipe } from './pipes/column-name-translate.pipe'; NavContentDirective, CenterEllipsesPipe, AlertSearchDirective, - ColumnNameTranslatePipe + ColumnNameTranslatePipe, + MapKeysPipe ], exports: [ CommonModule, @@ -45,7 +47,8 @@ import { ColumnNameTranslatePipe } from './pipes/column-name-translate.pipe'; NavContentDirective, CenterEllipsesPipe, AlertSearchDirective, - ColumnNameTranslatePipe + ColumnNameTranslatePipe, + MapKeysPipe ] }) export class SharedModule { } diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html new file mode 100644 index 0000000000..62b5405abe --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html @@ -0,0 +1,57 @@ + + + +
+
+
+
+
+
Time Range

+
+
+ + +
+
+ + +
+ +
+
+
+
Quick Ranges

+
+
+ {{ key }}
+
+
+ {{ key }}
+
+
+ {{ key }}
+
+
+ {{ key }}
+
+
+
+
+
+
+
\ No newline at end of file diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss new file mode 100644 index 0000000000..1f9b5d28f6 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss @@ -0,0 +1,106 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +@import "../../../variables"; + + +:host { + height: 100%; +} + +.btn-search { + height: 100%; + color: $silver; + cursor: pointer; + line-height: 1; + padding: 2px 20px; + border-radius: 0px; + font-family: Roboto; + background: $mine-shaft-6; + border: 1px solid $tundora !important; + + &:focus { + box-shadow: none; + } + + &::after { + font-family: "FontAwesome"; + content: '\f0d7'; + padding-left: 5px; + color: $dusty-grey; + position: absolute; + top: 15px; + right: 5px; + } +} + +.collapse, .collapsing { + position: absolute; + margin-top: 5px; + width: 930px; + height: 257px; + z-index: 99; + right: 0; + + .card, .card-block { + height: inherit; + background: $mine-shaft-1; + border: 1px solid $mine-shaft-7; + } +} + +.title { + font-size: 20px; +} + +.time-range { + border-right: 1px solid $abbey; +} + +.input-group { + position: relative; + width: 100%; + + .form-control { + display: block; + flex-direction: initial; + justify-content: initial; + } +} + +.quick-ranges { + span { + color: #1E87AF; + font-size: 14px; + line-height: 1.7; + cursor: pointer; + width: 100%; + display: block; + padding: 0px 5px; + font-family: Roboto; + + &:hover { + background: #1F91BE; + color: #FDFEFE; + } + } +} + +form { + margin-top: 5px; +} \ No newline at end of file diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts new file mode 100644 index 0000000000..1e35979540 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts @@ -0,0 +1,25 @@ +import { async, ComponentFixture, TestBed } from '@angular/core/testing'; + +import { TimeRangeComponent } from './time-range.component'; + +describe('TimeRangeComponent', () => { + let component: TimeRangeComponent; + let fixture: ComponentFixture; + + beforeEach(async(() => { + TestBed.configureTestingModule({ + declarations: [ TimeRangeComponent ] + }) + .compileComponents(); + })); + + beforeEach(() => { + fixture = TestBed.createComponent(TimeRangeComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should be created', () => { + expect(component).toBeTruthy(); + }); +}); diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts new file mode 100644 index 0000000000..61e09a2c1a --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -0,0 +1,280 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import { Component, OnInit, ViewChild, ElementRef, HostListener, EventEmitter, Output, Input, OnChanges, SimpleChanges} from '@angular/core'; +import * as moment from 'moment/moment'; +import {Filter, RangeFilter} from '../../model/filter'; +import {DEFAULT_TIMESTAMP_FORMAT, CUSTOMM_DATE_RANGE_LABEL} from '../../utils/constants'; + +@Component({ + selector: 'app-time-range', + templateUrl: './time-range.component.html', + styleUrls: ['./time-range.component.scss'] +}) +export class TimeRangeComponent implements OnInit, OnChanges { + toDateStr = ''; + fromDateStr = ''; + datePickerFromDate = ''; + datePickerToDate = ''; + selectedTimeRangeValue = 'All time'; + + @Input() disabled = false; + @ViewChild('datePicker') datePicker: ElementRef; + @Output() timeRangeChange = new EventEmitter(); + + timeRangeMappingCol1 = { + 'Last 7 days': 'last-7-days', + 'Last 30 days': 'last-30-days', + 'Last 60 days': 'last-60-days', + 'Last 90 days': 'last-90-days', + 'Last 6 months': 'last-6-months', + 'Last 1 year': 'last-1-year', + 'Last 2 years': 'last-2-years', + 'Last 5 years': 'last-5-years' + }; + timeRangeMappingCol2 = { + 'Yesterday': 'yesterday', + 'Day before yesterday': 'day-before-yesterday', + 'This day last week': 'this-day-last-week', + 'Previous week': 'previous-week', + 'Previous month': 'previous-month', + 'Previous year': 'previous-year', + 'All time': 'all-time' + }; + timeRangeMappingCol3 = { + 'Today': 'today', + 'Today so far': 'today-so-far', + 'This week': 'this-week', + 'This week so far': 'this-week-so-far', + 'This month': 'this-month', + 'This year': 'this-year' + }; + timeRangeMappingCol4 = { + 'Last 5 minutes': 'last-5-minutes', + 'Last 15 minutes': 'last-15-minutes', + 'Last 30 minutes': 'last-30-minutes', + 'Last 1 hour': 'last-1-hour', + 'Last 3 hours': 'last-3-hours', + 'Last 6 hours': 'last-6-hours', + 'Last 12 hours': 'last-12-hours', + 'Last 24 hours': 'last-24-hours' + }; + + constructor() { } + + ngOnChanges(changes: SimpleChanges) { + if (changes && !changes['disabled'].currentValue){ + this.setDate(this.getTimeRangeStr()); + } + } + + ngOnInit() { + this.setDate(this.getTimeRangeStr()); + } + + getTimeRangeStr() { + let mappingVal = this.timeRangeMappingCol1[this.selectedTimeRangeValue]; + if (!mappingVal) { + mappingVal = this.timeRangeMappingCol2[this.selectedTimeRangeValue]; + } + if (!mappingVal) { + mappingVal = this.timeRangeMappingCol3[this.selectedTimeRangeValue]; + } + if (!mappingVal) { + mappingVal = this.timeRangeMappingCol4[this.selectedTimeRangeValue]; + } + return mappingVal; + } + + selectTimeRange($event, range: string) { + this.hideDatePicker(); + this.selectedTimeRangeValue = $event.target.textContent.trim(); + this.datePickerFromDate = ''; + this.datePickerToDate = ''; + this.setDate(range); + } + + hideDatePicker() { + this.datePicker.nativeElement.classList.remove('show'); + } + + setDate(range:string) { + let toDate = ''; + let fromDate = ''; + + switch (range) { + case 'last-7-days': + fromDate = moment().subtract(7, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-30-days': + fromDate = moment().subtract(30, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-60-days': + fromDate = moment().subtract(60, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-90-days': + fromDate = moment().subtract(90, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-6-months': + fromDate = moment().subtract(6, 'months').local().format(); + toDate = moment().local().format(); + break; + case 'last-1-year': + fromDate = moment().subtract(1, 'year').local().format(); + toDate = moment().local().format(); + break; + case 'last-2-years': + fromDate = moment().subtract(2, 'years').local().format(); + toDate = moment().local().format(); + break; + case 'last-5-years': + fromDate = moment().subtract(5, 'years').local().format(); + toDate = moment().local().format(); + break; + case 'all-time': + fromDate = '1970-01-01T05:30:00+05:30'; + toDate = moment().local().format(); + break; + case 'yesterday': + fromDate = moment().subtract(1, 'days').startOf('day').local().format(); + toDate = moment().subtract(1, 'days').endOf('day').local().format(); + break; + case 'day-before-yesterday': + fromDate = moment().subtract(2, 'days').startOf('day').local().format(); + toDate = moment().subtract(2, 'days').endOf('day').local().format(); + break; + case 'this-day-last-week': + fromDate = moment().subtract(7, 'days').startOf('day').local().format(); + toDate = moment().subtract(7, 'days').endOf('day').local().format(); + break; + case 'previous-week': + fromDate = moment().subtract(1, 'weeks').startOf('week').local().format(); + toDate = moment().subtract(1, 'weeks').endOf('week').local().format(); + break; + case 'previous-month': + fromDate = moment().subtract(1, 'months').startOf('month').local().format(); + toDate = moment().subtract(1, 'months').endOf('month').local().format(); + break; + case 'previous-year': + fromDate = moment().subtract(1, 'years').startOf('year').local().format(); + toDate = moment().subtract(1, 'years').endOf('year').local().format(); + break; + case 'today': + fromDate = moment().startOf('day').local().format(); + toDate = moment().endOf('day').local().format(); + break; + case 'today-so-far': + fromDate = moment().startOf('day').local().format(); + toDate = moment().local().format(); + break; + case 'this-week': + fromDate = moment().startOf('week').local().format(); + toDate = moment().endOf('week').local().format(); + break; + case 'this-week-so-far': + fromDate = moment().startOf('week').local().format(); + toDate = moment().local().format(); + break; + case 'this-month': + fromDate = moment().startOf('month').local().format(); + toDate = moment().endOf('month').local().format(); + break; + case 'this-year': + fromDate = moment().startOf('year').local().format(); + toDate = moment().endOf('year').local().format(); + break; + case 'last-5-minutes': + fromDate = moment().subtract(5, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-15-minutes': + fromDate = moment().subtract(15, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-30-minutes': + fromDate = moment().subtract(30, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-1-hour': + fromDate = moment().subtract(60, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-3-hours': + fromDate = moment().subtract(3, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-6-hours': + fromDate = moment().subtract(6, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-12-hours': + fromDate = moment().subtract(12, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-24-hours': + fromDate = moment().subtract(24, 'hours').local().format(); + toDate = moment().local().format(); + break; + } + + this.applyRange(toDate, fromDate); + } + + applyRange(toDate:string, fromDate:string) { + this.toDateStr = moment(toDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.fromDateStr = moment(fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.timeRangeChange.emit(new RangeFilter('timestamp', new Date((fromDate)).getTime(), new Date((toDate)).getTime(), false)); + } + + applyCustomDate() { + this.applyRange(this.datePickerToDate, this.datePickerFromDate); + this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; + this.hideDatePicker(); + } + + isPikaSelectElement(targetElement: HTMLElement): boolean { + while(targetElement) { + if (targetElement.classList.toString().startsWith('pika')){ + return true; + } + targetElement = targetElement.parentElement; + } + + return false; + } + + @HostListener('document:click', ['$event', '$event.target']) + onClick(event: MouseEvent, targetElement: HTMLElement): void { + if (!targetElement) { + return; + } + + if(this.isPikaSelectElement(targetElement)) { + return; + } + + const clickedInside = this.datePicker.nativeElement.contains(targetElement); + if (!clickedInside) { + this.hideDatePicker(); + } + } + +} diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts new file mode 100644 index 0000000000..412ea39da7 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts @@ -0,0 +1,16 @@ +import { NgModule } from '@angular/core'; +import { CommonModule } from '@angular/common'; +import {TimeRangeComponent} from './time-range.component'; +import {DatePickerModule} from '../date-picker/date-picker.module'; +import {SharedModule} from '../shared.module'; + +@NgModule({ + imports: [ + CommonModule, + SharedModule, + DatePickerModule + ], + declarations: [TimeRangeComponent], + exports: [TimeRangeComponent] +}) +export class TimeRangeModule { } diff --git a/metron-interface/metron-alerts/src/app/utils/constants.ts b/metron-interface/metron-alerts/src/app/utils/constants.ts index a738a1dbcd..07a675cfd6 100644 --- a/metron-interface/metron-alerts/src/app/utils/constants.ts +++ b/metron-interface/metron-alerts/src/app/utils/constants.ts @@ -21,4 +21,10 @@ export const ALERTS_SAVED_SEARCH = 'metron-alerts-saved-search'; export const ALERTS_TABLE_METADATA = 'metron-alerts-table-metadata'; export const ALERTS_COLUMN_NAMES = 'metron-alerts-column-names'; +export let THREAT_SCORE_FIELD_NAME = 'threat:triage:score'; +export let TIMESTAMP_FIELD_NAME = 'timestamp'; + export let INDEXES = ['websphere', 'snort', 'asa', 'bro', 'yaf']; + +export let DEFAULT_TIMESTAMP_FORMAT = 'YYYY-MM-DD H:m:s'; +export let CUSTOMM_DATE_RANGE_LABEL = 'Date Range'; diff --git a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts index 0896f32057..cbebd2a68a 100644 --- a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts +++ b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts @@ -71,4 +71,16 @@ export class ElasticsearchUtils { return message; } + + public static escapeESField(field: string) { + return field.replace(/:/g, '\\:'); + } + + public static escapeESValue(value: string) { + return String(value) + .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single special characters + .replace(/\|\|/g, '\\||') // replace || + .replace(/\&\&/g, '\\&&'); // replace && + } + } diff --git a/metron-interface/metron-alerts/src/styles.scss b/metron-interface/metron-alerts/src/styles.scss index 12ac9f79db..fdbe1c77a0 100644 --- a/metron-interface/metron-alerts/src/styles.scss +++ b/metron-interface/metron-alerts/src/styles.scss @@ -20,6 +20,7 @@ @import "_variables.scss"; @import "slider.scss"; @import "metron-dialog.scss"; +@import "../node_modules/pikaday-time/scss/pikaday.scss"; body, button { @@ -241,4 +242,12 @@ form { outline: none; } +} + +.pika-select { + height: 20px; + -webkit-appearance: none; + -moz-appearance: none; + appearance: none; + padding: 0px 15px; } \ No newline at end of file From af7344010ef3e8998b076c6e72e6f3ef9a9c5569 Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Tue, 10 Oct 2017 16:01:04 +0530 Subject: [PATCH 02/11] Changed to date for All-time option --- .../src/app/shared/time-range/time-range.component.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts index 61e09a2c1a..c2225a55e0 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -151,7 +151,7 @@ export class TimeRangeComponent implements OnInit, OnChanges { break; case 'all-time': fromDate = '1970-01-01T05:30:00+05:30'; - toDate = moment().local().format(); + toDate = '2100-01-01T05:30:00+05:30'; break; case 'yesterday': fromDate = moment().subtract(1, 'days').startOf('day').local().format(); From 347e4d0a24680d822236b04ac388f4265bde439e Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Tue, 17 Oct 2017 13:30:37 +0530 Subject: [PATCH 03/11] Removed seperate spec for search in time range --- metron-interface/metron-alerts/protractor.conf.js | 1 - 1 file changed, 1 deletion(-) diff --git a/metron-interface/metron-alerts/protractor.conf.js b/metron-interface/metron-alerts/protractor.conf.js index 238b2797f7..477414d0e0 100644 --- a/metron-interface/metron-alerts/protractor.conf.js +++ b/metron-interface/metron-alerts/protractor.conf.js @@ -33,7 +33,6 @@ exports.config = { './e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts', './e2e/alerts-list/alert-status/alerts-list-status.e2e-spec.ts', './e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts' - // './e2e/alerts-list/search-time-range/search-time-range.e2e-spec.ts' ], capabilities: { 'browserName': 'chrome', From c35c7a6db9e409e864fa1b3798203e0f2ff0cfce Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Tue, 17 Oct 2017 14:24:08 +0530 Subject: [PATCH 04/11] added back the print override in proractor --- metron-interface/metron-alerts/protractor.conf.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metron-interface/metron-alerts/protractor.conf.js b/metron-interface/metron-alerts/protractor.conf.js index 477414d0e0..4fc25be9f8 100644 --- a/metron-interface/metron-alerts/protractor.conf.js +++ b/metron-interface/metron-alerts/protractor.conf.js @@ -48,8 +48,8 @@ exports.config = { framework: 'jasmine', jasmineNodeOpts: { showColors: true, - defaultTimeoutInterval: 50000 - // print: function() {} + defaultTimeoutInterval: 50000, + print: function() {} }, useAllAngular2AppRoots: true, rootElement: 'metron-alerts-root', From 6f2faab7ce69b7878313ed74b7565452794e25b7 Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Sun, 22 Oct 2017 19:02:24 +0530 Subject: [PATCH 05/11] Save search and recent search to account for DateTime Picker --- .../alerts-list/alerts-list.component.html | 2 +- .../alerts-list/alerts-list.component.ts | 35 +++- .../app/alerts/alerts-list/query-builder.ts | 41 ++-- .../save-search/save-search.component.ts | 4 +- .../src/app/model/date-filter-value.ts | 28 +++ .../metron-alerts/src/app/model/filter.ts | 42 ++-- .../src/app/model/save-search.ts | 5 +- .../shared/time-range/time-range.component.ts | 184 ++++-------------- .../metron-alerts/src/app/utils/constants.ts | 3 +- .../metron-alerts/src/app/utils/utils.ts | 180 +++++++++++++++++ 10 files changed, 333 insertions(+), 191 deletions(-) create mode 100644 metron-interface/metron-alerts/src/app/model/date-filter-value.ts create mode 100644 metron-interface/metron-alerts/src/app/utils/utils.ts diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html index c4b9e0915b..63b4e418e2 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html @@ -24,7 +24,7 @@ - + diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts index 6016e66598..9613eb96fa 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts @@ -36,7 +36,7 @@ import {AlertSearchDirective} from '../../shared/directives/alert-search.directi import {SearchResponse} from '../../model/search-response'; import {ElasticsearchUtils} from '../../utils/elasticsearch-utils'; import {Filter} from '../../model/filter'; -import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME} from '../../utils/constants'; +import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants'; import {TableViewComponent} from './table-view/table-view.component'; import {Pagination} from '../../model/pagination'; import {PatchRequest} from '../../model/patch-request'; @@ -60,6 +60,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { pauseRefresh = false; lastPauseRefreshValue = false; timeStampfilterPresent = false; + selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false); threatScoreFieldName = THREAT_SCORE_FIELD_NAME; @ViewChild('table') table: ElementRef; @@ -106,12 +107,23 @@ export class AlertsListComponent implements OnInit, OnDestroy { let queryBuilder = new QueryBuilder(); queryBuilder.setGroupby(this.queryBuilder.groupRequest.groups.map(group => group.field)); queryBuilder.searchRequest = savedSearch.searchRequest; + queryBuilder.filters = savedSearch.filters; this.queryBuilder = queryBuilder; + this.setSelectedTimeRange(savedSearch.filters); this.prepareColumnData(savedSearch.tableColumns, []); + this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent(); this.search(true, savedSearch); }); } + setSelectedTimeRange(filters: Filter[]) { + filters.forEach(filter => { + if (filter.field === TIMESTAMP_FIELD_NAME && filter.dateFilterValue) { + this.selectedTimeRange = JSON.parse(JSON.stringify(filter)); + } + }); + } + calcColumnsToDisplay() { let availableWidth = document.documentElement.clientWidth - (200 + (15 * 4)); /* screenwidth - (navPaneWidth + (paddings))*/ availableWidth = availableWidth - (55 + 25 + 25); /* availableWidth - (score + colunSelectIcon +selectCheckbox )*/ @@ -160,12 +172,13 @@ export class AlertsListComponent implements OnInit, OnDestroy { onClear() { this.timeStampfilterPresent = false; - this.queryBuilder.displayQuery = ''; + this.queryBuilder.clearSearch(); + this.selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false); this.search(); } onSearch($event) { - this.queryBuilder.displayQuery = $event; + this.queryBuilder.setSearch($event); this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent(); this.search(); return false; @@ -219,7 +232,12 @@ export class AlertsListComponent implements OnInit, OnDestroy { } onTimeRangeChange(filter: Filter) { - this.queryBuilder.addOrUpdateFilter(filter); + if (filter.value === ALL_TIME) { + this.queryBuilder.removeFilter(filter.field); + } else { + this.queryBuilder.addOrUpdateFilter(filter); + } + this.search(); } @@ -306,16 +324,14 @@ export class AlertsListComponent implements OnInit, OnDestroy { } saveCurrentSearch(savedSearch: SaveSearch) { - if (this.queryBuilder.filters.length === 1 && this.queryBuilder.filters[0].display === false) { - return; - } - if (this.queryBuilder.query !== '*') { if (!savedSearch) { savedSearch = new SaveSearch(); savedSearch.searchRequest = this.queryBuilder.searchRequest; savedSearch.tableColumns = this.alertsColumns; - savedSearch.name = savedSearch.getDisplayString(); + savedSearch.filters = this.queryBuilder.filters; + savedSearch.searchRequest.query = ''; + savedSearch.name = this.queryBuilder.generateNameForSearchRequest(); } this.saveSearchService.saveAsRecentSearches(savedSearch).subscribe(() => { @@ -328,6 +344,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { this.searchResponse = results; this.pagination.total = results.total; this.alerts = results.results ? results.results : []; + this.setSelectedTimeRange(this.queryBuilder.filters); } showConfigureTable() { diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts index 9c973e114a..6cf1aff90c 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts @@ -30,27 +30,20 @@ export class QueryBuilder { private _displayQuery = this._query; private _filters: Filter[] = []; - set query(value: string) { - value = value.replace(/\\:/g, ':'); - this._query = value; - this.updateFilters(this._query, false); - this.onSearchChange(); - } - get query(): string { return this._query; } - set displayQuery(value: string) { - this._displayQuery = value; - this.updateFilters(this._displayQuery, true); - this.onSearchChange(); - } - get displayQuery(): string { return this._displayQuery; } + set filters(filters: Filter[]) { + filters.forEach(filter => { + this.addOrUpdateFilter(filter) + }); + } + get filters(): Filter[] { return this._filters; } @@ -63,7 +56,7 @@ export class QueryBuilder { set searchRequest(value: SearchRequest) { this._searchRequest = value; - this.query = this._searchRequest.query; + this.setSearch(this._searchRequest.query); } get groupRequest(): GroupRequest { @@ -71,6 +64,16 @@ export class QueryBuilder { return this._groupRequest; } + setSearch(query: string) { + this.updateFilters(query); + this.onSearchChange(); + } + + clearSearch() { + this._filters = []; + this.onSearchChange(); + } + addOrUpdateFilter(filter: Filter) { let existingFilterIndex = -1; let existingFilter = this._filters.find((tFilter, index) => { @@ -95,6 +98,11 @@ export class QueryBuilder { return (select.length === 0) ? '*' : select; } + generateNameForSearchRequest() { + let select = this._filters.map(filter => ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value).join(' AND '); + return (select.length === 0) ? '*' : select; + } + generateSelectForDisplay() { let appliedFilters = []; this._filters.reduce((appliedFilters, filter) => { @@ -110,7 +118,7 @@ export class QueryBuilder { } isTimeStampFieldPresent(): boolean { - return !!this._filters.find(filter => (filter.field === TIMESTAMP_FIELD_NAME)); + return this._filters.some(filter => (filter.field === TIMESTAMP_FIELD_NAME && !isNaN(Number(filter.value)))); } onSearchChange() { @@ -146,7 +154,7 @@ export class QueryBuilder { this.searchRequest.sort = [sortField]; } - private updateFilters(tQuery: string, updateNameTransform = false) { + private updateFilters(tQuery: string) { let query = tQuery; this.removeDisplayedFilters(); @@ -155,7 +163,6 @@ export class QueryBuilder { for (let term of terms) { let separatorPos = term.lastIndexOf(':'); let field = term.substring(0, separatorPos).replace('\\', ''); - field = updateNameTransform ? ColumnNamesService.getColumnDisplayKey(field) : field; let value = term.substring(separatorPos + 1, term.length); this.addOrUpdateFilter(new Filter(field, value)); } diff --git a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts index d3bd9da69e..b27da3ab5e 100644 --- a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts @@ -47,7 +47,9 @@ export class SaveSearchComponent implements OnInit { save() { this.saveSearch.searchRequest = this.saveSearchService.queryBuilder.searchRequest; this.saveSearch.tableColumns = this.saveSearchService.tableColumns; - + this.saveSearch.filters = this.saveSearchService.queryBuilder.filters; + this.saveSearch.searchRequest.query = ''; + this.saveSearchService.saveSearch(this.saveSearch).subscribe(() => { this.goBack(); }, error => { diff --git a/metron-interface/metron-alerts/src/app/model/date-filter-value.ts b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts new file mode 100644 index 0000000000..1318ce2004 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts @@ -0,0 +1,28 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +export class DateFilterValue { + fromDate: number; + toDate: number; + + + constructor(fromDate = 0, toDate = 0) { + this.fromDate = fromDate; + this.toDate = toDate; + } +} \ No newline at end of file diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts index 18e05d4daa..ac9e133e0c 100644 --- a/metron-interface/metron-alerts/src/app/model/filter.ts +++ b/metron-interface/metron-alerts/src/app/model/filter.ts @@ -16,11 +16,23 @@ * limitations under the License. */ import {ElasticsearchUtils} from '../utils/elasticsearch-utils'; +import {TIMESTAMP_FIELD_NAME} from '../utils/constants'; +import {Utils} from '../utils/utils'; +import {DateFilterValue} from './date-filter-value'; export class Filter { field: string; value: string; display: boolean; + dateFilterValue: DateFilterValue; + + static fromJSON(objs: Filter[]): Filter[] { + let filters = []; + for (let obj of objs) { + filters.push(new Filter(obj.field, obj.value, obj.display)); + } + return filters; + } constructor(field: string, value: string, display = true) { this.field = field; @@ -29,26 +41,16 @@ export class Filter { } getQueryString(): string { - return ElasticsearchUtils.escapeESField(this.field) + ':' + ElasticsearchUtils.escapeESValue(this.value); - } -} - -export class RangeFilter extends Filter { - gte: number; - lte: number; - - constructor(field:string, gte:number, lte:number, display = true) { - super(field, '', display); - this.gte = gte; - this.lte = lte; - this.value = this.getFilterValue(); - } - - getQueryString(): string { - return ElasticsearchUtils.escapeESField(this.field) + ':' + this.getFilterValue(); - } + if (this.field === TIMESTAMP_FIELD_NAME && !this.display) { + this.dateFilterValue = Utils.timeRangeToDateObj(this.value); + if (this.dateFilterValue !== null) { + return ElasticsearchUtils.escapeESField(this.field) + ':' + + '(>=' + this.dateFilterValue.fromDate + ' AND ' + ' <=' + this.dateFilterValue.toDate + ')'; + } else { + return ElasticsearchUtils.escapeESField(this.field) + ':' + this.value; + } + } - getFilterValue() { - return '(>=' + this.gte + ' AND ' + ' <=' + this.lte + ')'; + return ElasticsearchUtils.escapeESField(this.field) + ':' + ElasticsearchUtils.escapeESValue(this.value); } } diff --git a/metron-interface/metron-alerts/src/app/model/save-search.ts b/metron-interface/metron-alerts/src/app/model/save-search.ts index b2ee765670..173f60e1ff 100644 --- a/metron-interface/metron-alerts/src/app/model/save-search.ts +++ b/metron-interface/metron-alerts/src/app/model/save-search.ts @@ -19,18 +19,21 @@ import {QueryBuilder} from '../alerts/alerts-list/query-builder'; import {ColumnMetadata} from './column-metadata'; import {SearchRequest} from './search-request'; +import {Filter} from './filter'; export class SaveSearch { name = ''; lastAccessed = 0; searchRequest: SearchRequest; tableColumns: ColumnMetadata[]; + filters: Filter[]; public static fromJSON(obj: SaveSearch): SaveSearch { let saveSearch = new SaveSearch(); saveSearch.name = obj.name; saveSearch.lastAccessed = obj.lastAccessed; saveSearch.searchRequest = obj.searchRequest; + saveSearch.filters = Filter.fromJSON(obj.filters); saveSearch.tableColumns = ColumnMetadata.fromJSON(obj.tableColumns); return saveSearch; @@ -43,6 +46,6 @@ export class SaveSearch { let queryBuilder = new QueryBuilder(); queryBuilder.searchRequest = this.searchRequest; - return queryBuilder.generateSelectForDisplay(); + return queryBuilder.generateNameForSearchRequest(); } } diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts index c2225a55e0..8df0fadaf1 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -17,8 +17,13 @@ */ import { Component, OnInit, ViewChild, ElementRef, HostListener, EventEmitter, Output, Input, OnChanges, SimpleChanges} from '@angular/core'; import * as moment from 'moment/moment'; -import {Filter, RangeFilter} from '../../model/filter'; -import {DEFAULT_TIMESTAMP_FORMAT, CUSTOMM_DATE_RANGE_LABEL} from '../../utils/constants'; + +import {Filter} from '../../model/filter'; +import { + DEFAULT_TIMESTAMP_FORMAT, CUSTOMM_DATE_RANGE_LABEL, + TIMESTAMP_FIELD_NAME, ALL_TIME +} from '../../utils/constants'; +import {DateFilterValue} from '../../model/date-filter-value'; @Component({ selector: 'app-time-range', @@ -33,6 +38,7 @@ export class TimeRangeComponent implements OnInit, OnChanges { selectedTimeRangeValue = 'All time'; @Input() disabled = false; + @Input() selectedTimeRange: Filter; @ViewChild('datePicker') datePicker: ElementRef; @Output() timeRangeChange = new EventEmitter(); @@ -53,7 +59,7 @@ export class TimeRangeComponent implements OnInit, OnChanges { 'Previous week': 'previous-week', 'Previous month': 'previous-month', 'Previous year': 'previous-year', - 'All time': 'all-time' + 'All time': ALL_TIME }; timeRangeMappingCol3 = { 'Today': 'today', @@ -77,13 +83,33 @@ export class TimeRangeComponent implements OnInit, OnChanges { constructor() { } ngOnChanges(changes: SimpleChanges) { - if (changes && !changes['disabled'].currentValue){ - this.setDate(this.getTimeRangeStr()); + if (changes && changes['selectedTimeRange']) { + this.onSelectedTimeRangeChange(); } } ngOnInit() { - this.setDate(this.getTimeRangeStr()); + } + + onSelectedTimeRangeChange() { + let foundQuickRange = false; + let merged = Object.assign({}, this.timeRangeMappingCol1, this.timeRangeMappingCol2, this.timeRangeMappingCol3, this.timeRangeMappingCol4); + Object.keys(merged).forEach(key => { + if (this.selectedTimeRange.value === merged[key]) { + foundQuickRange = true; + this.selectedTimeRangeValue = key; + if (this.selectedTimeRange.dateFilterValue) { + this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + } + } + }); + + if (!foundQuickRange) { + this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; + this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + } } getTimeRangeStr() { @@ -105,149 +131,25 @@ export class TimeRangeComponent implements OnInit, OnChanges { this.selectedTimeRangeValue = $event.target.textContent.trim(); this.datePickerFromDate = ''; this.datePickerToDate = ''; - this.setDate(range); + this.timeRangeChange.emit(new Filter(TIMESTAMP_FIELD_NAME, range, false)); } hideDatePicker() { this.datePicker.nativeElement.classList.remove('show'); } - setDate(range:string) { - let toDate = ''; - let fromDate = ''; - - switch (range) { - case 'last-7-days': - fromDate = moment().subtract(7, 'days').local().format(); - toDate = moment().local().format(); - break; - case 'last-30-days': - fromDate = moment().subtract(30, 'days').local().format(); - toDate = moment().local().format(); - break; - case 'last-60-days': - fromDate = moment().subtract(60, 'days').local().format(); - toDate = moment().local().format(); - break; - case 'last-90-days': - fromDate = moment().subtract(90, 'days').local().format(); - toDate = moment().local().format(); - break; - case 'last-6-months': - fromDate = moment().subtract(6, 'months').local().format(); - toDate = moment().local().format(); - break; - case 'last-1-year': - fromDate = moment().subtract(1, 'year').local().format(); - toDate = moment().local().format(); - break; - case 'last-2-years': - fromDate = moment().subtract(2, 'years').local().format(); - toDate = moment().local().format(); - break; - case 'last-5-years': - fromDate = moment().subtract(5, 'years').local().format(); - toDate = moment().local().format(); - break; - case 'all-time': - fromDate = '1970-01-01T05:30:00+05:30'; - toDate = '2100-01-01T05:30:00+05:30'; - break; - case 'yesterday': - fromDate = moment().subtract(1, 'days').startOf('day').local().format(); - toDate = moment().subtract(1, 'days').endOf('day').local().format(); - break; - case 'day-before-yesterday': - fromDate = moment().subtract(2, 'days').startOf('day').local().format(); - toDate = moment().subtract(2, 'days').endOf('day').local().format(); - break; - case 'this-day-last-week': - fromDate = moment().subtract(7, 'days').startOf('day').local().format(); - toDate = moment().subtract(7, 'days').endOf('day').local().format(); - break; - case 'previous-week': - fromDate = moment().subtract(1, 'weeks').startOf('week').local().format(); - toDate = moment().subtract(1, 'weeks').endOf('week').local().format(); - break; - case 'previous-month': - fromDate = moment().subtract(1, 'months').startOf('month').local().format(); - toDate = moment().subtract(1, 'months').endOf('month').local().format(); - break; - case 'previous-year': - fromDate = moment().subtract(1, 'years').startOf('year').local().format(); - toDate = moment().subtract(1, 'years').endOf('year').local().format(); - break; - case 'today': - fromDate = moment().startOf('day').local().format(); - toDate = moment().endOf('day').local().format(); - break; - case 'today-so-far': - fromDate = moment().startOf('day').local().format(); - toDate = moment().local().format(); - break; - case 'this-week': - fromDate = moment().startOf('week').local().format(); - toDate = moment().endOf('week').local().format(); - break; - case 'this-week-so-far': - fromDate = moment().startOf('week').local().format(); - toDate = moment().local().format(); - break; - case 'this-month': - fromDate = moment().startOf('month').local().format(); - toDate = moment().endOf('month').local().format(); - break; - case 'this-year': - fromDate = moment().startOf('year').local().format(); - toDate = moment().endOf('year').local().format(); - break; - case 'last-5-minutes': - fromDate = moment().subtract(5, 'minutes').local().format(); - toDate = moment().local().format(); - break; - case 'last-15-minutes': - fromDate = moment().subtract(15, 'minutes').local().format(); - toDate = moment().local().format(); - break; - case 'last-30-minutes': - fromDate = moment().subtract(30, 'minutes').local().format(); - toDate = moment().local().format(); - break; - case 'last-1-hour': - fromDate = moment().subtract(60, 'minutes').local().format(); - toDate = moment().local().format(); - break; - case 'last-3-hours': - fromDate = moment().subtract(3, 'hours').local().format(); - toDate = moment().local().format(); - break; - case 'last-6-hours': - fromDate = moment().subtract(6, 'hours').local().format(); - toDate = moment().local().format(); - break; - case 'last-12-hours': - fromDate = moment().subtract(12, 'hours').local().format(); - toDate = moment().local().format(); - break; - case 'last-24-hours': - fromDate = moment().subtract(24, 'hours').local().format(); - toDate = moment().local().format(); - break; - } - - this.applyRange(toDate, fromDate); - } - - applyRange(toDate:string, fromDate:string) { - this.toDateStr = moment(toDate).format(DEFAULT_TIMESTAMP_FORMAT); - this.fromDateStr = moment(fromDate).format(DEFAULT_TIMESTAMP_FORMAT); - this.timeRangeChange.emit(new RangeFilter('timestamp', new Date((fromDate)).getTime(), new Date((toDate)).getTime(), false)); - } - applyCustomDate() { - this.applyRange(this.datePickerToDate, this.datePickerFromDate); - this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; this.hideDatePicker(); + this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; + this.toDateStr = moment(this.datePickerToDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.fromDateStr = moment(this.datePickerFromDate).format(DEFAULT_TIMESTAMP_FORMAT); + + let toDate = new Date(this.toDateStr).getTime(); + let fromDate = new Date(this.fromDateStr).getTime(); + let value = '(>=' + fromDate + ' AND ' + ' <=' + toDate + ')'; + let filter = new Filter(TIMESTAMP_FIELD_NAME, value, false); + filter.dateFilterValue = new DateFilterValue(fromDate, toDate); + this.timeRangeChange.emit(filter); } isPikaSelectElement(targetElement: HTMLElement): boolean { diff --git a/metron-interface/metron-alerts/src/app/utils/constants.ts b/metron-interface/metron-alerts/src/app/utils/constants.ts index e866379d04..156c65fb91 100644 --- a/metron-interface/metron-alerts/src/app/utils/constants.ts +++ b/metron-interface/metron-alerts/src/app/utils/constants.ts @@ -26,8 +26,9 @@ export const ALERTS_COLUMN_NAMES = 'metron-alerts-column-names'; export let THREAT_SCORE_FIELD_NAME = 'threat:triage:score'; export let TIMESTAMP_FIELD_NAME = 'timestamp'; +export let ALL_TIME = 'all-time'; -export let DEFAULT_TIMESTAMP_FORMAT = 'YYYY-MM-DD H:m:s'; +export let DEFAULT_TIMESTAMP_FORMAT = 'YYYY-MM-DD HH:mm:ss'; export let CUSTOMM_DATE_RANGE_LABEL = 'Date Range'; export let TREE_SUB_GROUP_SIZE = 5; diff --git a/metron-interface/metron-alerts/src/app/utils/utils.ts b/metron-interface/metron-alerts/src/app/utils/utils.ts new file mode 100644 index 0000000000..2aa7740bd3 --- /dev/null +++ b/metron-interface/metron-alerts/src/app/utils/utils.ts @@ -0,0 +1,180 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import * as moment from 'moment/moment'; + +import {DEFAULT_TIMESTAMP_FORMAT, TIMESTAMP_FIELD_NAME} from './constants'; +import {DateFilterValue} from '../model/date-filter-value'; + +export class Utils { + + public static timeRangeToDateObj(range: string) { + let timeRangeToDisplayStr = Utils.timeRangeToDisplayStr(range); + if (timeRangeToDisplayStr != null) { + let toDate = new Date((timeRangeToDisplayStr.toDate)).getTime(); + let fromDate = new Date((timeRangeToDisplayStr.fromDate)).getTime(); + + return new DateFilterValue(fromDate, toDate); + } + let timeRangeToEpoc = Utils.parseTimeRange(range); + if (timeRangeToEpoc !== null) { + return new DateFilterValue(timeRangeToEpoc.fromDate, timeRangeToEpoc.toDate); + } + return null; + } + public static parseTimeRange(range: string) { + let parsed = range.replace(/^\(>=/,'') + .replace(/\)$/,'') + .replace(/<=/,'').split('AND'); + if (parsed.length === 2 && !isNaN(Number(parsed[0])) && !isNaN(Number(parsed[1]))) { + return {toDate: Number(parsed[1]), fromDate: Number(parsed[0])}; + } + + return null; + } + + public static timeRangeToDisplayStr(range:string) { + let toDate = ''; + let fromDate = ''; + + switch (range) { + case 'last-7-days': + fromDate = moment().subtract(7, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-30-days': + fromDate = moment().subtract(30, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-60-days': + fromDate = moment().subtract(60, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-90-days': + fromDate = moment().subtract(90, 'days').local().format(); + toDate = moment().local().format(); + break; + case 'last-6-months': + fromDate = moment().subtract(6, 'months').local().format(); + toDate = moment().local().format(); + break; + case 'last-1-year': + fromDate = moment().subtract(1, 'year').local().format(); + toDate = moment().local().format(); + break; + case 'last-2-years': + fromDate = moment().subtract(2, 'years').local().format(); + toDate = moment().local().format(); + break; + case 'last-5-years': + fromDate = moment().subtract(5, 'years').local().format(); + toDate = moment().local().format(); + break; + case 'all-time': + fromDate = '1970-01-01T05:30:00+05:30'; + toDate = '2100-01-01T05:30:00+05:30'; + break; + case 'yesterday': + fromDate = moment().subtract(1, 'days').startOf('day').local().format(); + toDate = moment().subtract(1, 'days').endOf('day').local().format(); + break; + case 'day-before-yesterday': + fromDate = moment().subtract(2, 'days').startOf('day').local().format(); + toDate = moment().subtract(2, 'days').endOf('day').local().format(); + break; + case 'this-day-last-week': + fromDate = moment().subtract(7, 'days').startOf('day').local().format(); + toDate = moment().subtract(7, 'days').endOf('day').local().format(); + break; + case 'previous-week': + fromDate = moment().subtract(1, 'weeks').startOf('week').local().format(); + toDate = moment().subtract(1, 'weeks').endOf('week').local().format(); + break; + case 'previous-month': + fromDate = moment().subtract(1, 'months').startOf('month').local().format(); + toDate = moment().subtract(1, 'months').endOf('month').local().format(); + break; + case 'previous-year': + fromDate = moment().subtract(1, 'years').startOf('year').local().format(); + toDate = moment().subtract(1, 'years').endOf('year').local().format(); + break; + case 'today': + fromDate = moment().startOf('day').local().format(); + toDate = moment().endOf('day').local().format(); + break; + case 'today-so-far': + fromDate = moment().startOf('day').local().format(); + toDate = moment().local().format(); + break; + case 'this-week': + fromDate = moment().startOf('week').local().format(); + toDate = moment().endOf('week').local().format(); + break; + case 'this-week-so-far': + fromDate = moment().startOf('week').local().format(); + toDate = moment().local().format(); + break; + case 'this-month': + fromDate = moment().startOf('month').local().format(); + toDate = moment().endOf('month').local().format(); + break; + case 'this-year': + fromDate = moment().startOf('year').local().format(); + toDate = moment().endOf('year').local().format(); + break; + case 'last-5-minutes': + fromDate = moment().subtract(5, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-15-minutes': + fromDate = moment().subtract(15, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-30-minutes': + fromDate = moment().subtract(30, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-1-hour': + fromDate = moment().subtract(60, 'minutes').local().format(); + toDate = moment().local().format(); + break; + case 'last-3-hours': + fromDate = moment().subtract(3, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-6-hours': + fromDate = moment().subtract(6, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-12-hours': + fromDate = moment().subtract(12, 'hours').local().format(); + toDate = moment().local().format(); + break; + case 'last-24-hours': + fromDate = moment().subtract(24, 'hours').local().format(); + toDate = moment().local().format(); + break; + default: + return null; + } + + toDate = moment(toDate).format(DEFAULT_TIMESTAMP_FORMAT); + fromDate = moment(fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + + return {toDate: toDate, fromDate: fromDate}; + } +} \ No newline at end of file From 02eaaa43f379912592092cc9fce768d85d96730c Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Mon, 23 Oct 2017 22:13:30 +0530 Subject: [PATCH 06/11] Changed the value of placeholder from now/d to now --- .../metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts | 2 +- .../src/app/shared/date-picker/date-picker.component.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts index c7f7a19e2c..af5a92aaa7 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts @@ -158,7 +158,7 @@ describe('metron-alerts App', function() { page.clickDateSettings(); expect(page.getTimeRangeTitles()).toEqual(['Time Range', 'Quick Ranges']); expect(page.getQuickTimeRanges()).toEqual(quickRanges); - expect(page.getValueForManualTimeRange()).toEqual([ 'now/d', 'now/d' ]); + expect(page.getValueForManualTimeRange()).toEqual([ 'now', 'now' ]); expect(page.isManulaTimeRangeApplyButtonPresent()).toEqual(true); expect(page.getTimeRangeButtonText()).toEqual('All time'); diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts index ca9bf5f2a7..3ed7df94c5 100644 --- a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts @@ -8,7 +8,7 @@ import * as Pikaday from "pikaday-time"; styleUrls: ['./date-picker.component.scss'] }) export class DatePickerComponent implements OnInit, OnChanges { - defaultDateStr = 'now/d'; + defaultDateStr = 'now'; picker: Pikaday; dateStr = this.defaultDateStr; From df819f003c9e7aef9b2e191cea62aa135e61513b Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Tue, 24 Oct 2017 14:15:40 +0530 Subject: [PATCH 07/11] Handled the case where filter fields are not available in an existing saved search --- metron-interface/metron-alerts/src/app/model/filter.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts index ac9e133e0c..7d32a47391 100644 --- a/metron-interface/metron-alerts/src/app/model/filter.ts +++ b/metron-interface/metron-alerts/src/app/model/filter.ts @@ -28,8 +28,10 @@ export class Filter { static fromJSON(objs: Filter[]): Filter[] { let filters = []; - for (let obj of objs) { - filters.push(new Filter(obj.field, obj.value, obj.display)); + if (objs) { + for (let obj of objs) { + filters.push(new Filter(obj.field, obj.value, obj.display)); + } } return filters; } From e69099b0dd79888347d89cb7923668379f480598 Mon Sep 17 00:00:00 2001 From: merrimanr Date: Tue, 24 Oct 2017 15:23:52 -0500 Subject: [PATCH 08/11] fixed sliding window queries --- .../src/app/alerts/alerts-list/alerts-list.component.ts | 2 +- .../metron-alerts/src/app/service/search.service.ts | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts index 9613eb96fa..228c4f75ce 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts @@ -389,7 +389,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { tryStartPolling() { if (!this.pauseRefresh) { this.tryStopPolling(); - this.refreshTimer = this.searchService.pollSearch(this.queryBuilder.searchRequest).subscribe(results => { + this.refreshTimer = this.searchService.pollSearch(this.queryBuilder).subscribe(results => { this.setData(results); }); } diff --git a/metron-interface/metron-alerts/src/app/service/search.service.ts b/metron-interface/metron-alerts/src/app/service/search.service.ts index 71ed5160fd..4bbcc2d641 100644 --- a/metron-interface/metron-alerts/src/app/service/search.service.ts +++ b/metron-interface/metron-alerts/src/app/service/search.service.ts @@ -30,6 +30,7 @@ import {GroupRequest} from '../model/group-request'; import {GroupResult} from '../model/group-result'; import {INDEXES} from '../utils/constants'; import {ColumnMetadata} from '../model/column-metadata'; +import {QueryBuilder} from '../alerts/alerts-list/query-builder'; @Injectable() export class SearchService { @@ -83,11 +84,11 @@ export class SearchService { .catch(HttpUtil.handleError); } - public pollSearch(searchRequest: SearchRequest): Observable { + public pollSearch(queryBuilder: QueryBuilder): Observable { return this.ngZone.runOutsideAngular(() => { return this.ngZone.run(() => { return Observable.interval(this.interval * 1000).switchMap(() => { - return this.search(searchRequest); + return this.search(queryBuilder.searchRequest); }); }); }); From fc189888d37f9c8c40bf009b8d3801aa76b2a981 Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Wed, 25 Oct 2017 03:40:47 +0530 Subject: [PATCH 09/11] Handled the 'now' TS for To Date field in time-range --- .../src/app/alerts/alerts-list/query-builder.ts | 5 +++-- .../src/app/shared/time-range/time-range.component.html | 6 +++--- .../src/app/shared/time-range/time-range.component.ts | 8 +++++--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts index 6cf1aff90c..e9f96eb7c1 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts @@ -65,7 +65,7 @@ export class QueryBuilder { } setSearch(query: string) { - this.updateFilters(query); + this.updateFilters(query, true); this.onSearchChange(); } @@ -154,7 +154,7 @@ export class QueryBuilder { this.searchRequest.sort = [sortField]; } - private updateFilters(tQuery: string) { + private updateFilters(tQuery: string, updateNameTransform = false) { let query = tQuery; this.removeDisplayedFilters(); @@ -163,6 +163,7 @@ export class QueryBuilder { for (let term of terms) { let separatorPos = term.lastIndexOf(':'); let field = term.substring(0, separatorPos).replace('\\', ''); + field = updateNameTransform ? ColumnNamesService.getColumnDisplayKey(field) : field; let value = term.substring(separatorPos + 1, term.length); this.addOrUpdateFilter(new Filter(field, value)); } diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html index 62b5405abe..b65528da69 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html @@ -29,16 +29,16 @@
- +
- +
Quick Ranges

- {{ key }}
+ {{ key }}
{{ key }}
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts index 8df0fadaf1..c6b37d181d 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -141,12 +141,14 @@ export class TimeRangeComponent implements OnInit, OnChanges { applyCustomDate() { this.hideDatePicker(); this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; - this.toDateStr = moment(this.datePickerToDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.toDateStr = this.datePickerToDate.length > 0 ? moment(this.datePickerToDate).format(DEFAULT_TIMESTAMP_FORMAT) : 'NOW'; this.fromDateStr = moment(this.datePickerFromDate).format(DEFAULT_TIMESTAMP_FORMAT); - let toDate = new Date(this.toDateStr).getTime(); + let toDate = this.datePickerToDate.length > 0 ? new Date(this.toDateStr).getTime() : null; let fromDate = new Date(this.fromDateStr).getTime(); - let value = '(>=' + fromDate + ' AND ' + ' <=' + toDate + ')'; + let toDateExpression = this.datePickerToDate.length > 0 ? (' AND ' + ' <=' + toDate) : ''; + + let value = '(>=' + fromDate + toDateExpression + ')'; let filter = new Filter(TIMESTAMP_FIELD_NAME, value, false); filter.dateFilterValue = new DateFilterValue(fromDate, toDate); this.timeRangeChange.emit(filter); From d9b802a6ca381ea10c7c38830b2ef47b9e2dc79a Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Thu, 26 Oct 2017 02:49:11 +0530 Subject: [PATCH 10/11] Added E2E tests for time-range --- .../e2e/alerts-list/alerts-list.e2e-spec.ts | 167 +++++++++++++++++- .../e2e/alerts-list/alerts-list.po.ts | 76 +++++--- .../configure-table.e2e-spec.ts | 22 +++ .../save-search/save-search.e2e-spec.ts | 8 +- .../metron-alerts/src/app/model/filter.ts | 2 +- .../shared/time-range/time-range.component.ts | 4 +- .../metron-alerts/src/app/utils/utils.ts | 16 +- 7 files changed, 262 insertions(+), 33 deletions(-) diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts index af5a92aaa7..30d078b6a7 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts @@ -147,7 +147,7 @@ describe('metron-alerts App', function() { }); - it('sould have all time-range controls', () => { + it('should have all time-range controls', () => { let quickRanges = [ 'Last 7 days', 'Last 30 days', 'Last 60 days', 'Last 90 days', 'Last 6 months', 'Last 1 year', 'Last 2 years', 'Last 5 years', 'Yesterday', 'Day before yesterday', 'This day last week', 'Previous week', 'Previous month', 'Previous year', 'All time', @@ -161,19 +161,182 @@ describe('metron-alerts App', function() { expect(page.getValueForManualTimeRange()).toEqual([ 'now', 'now' ]); expect(page.isManulaTimeRangeApplyButtonPresent()).toEqual(true); expect(page.getTimeRangeButtonText()).toEqual('All time'); + page.clickDateSettings(); + + }); + + it('should have all time range values populated - 1', () => { + let secInADay = (24 * 60 * 60 * 1000); + + page.clickClearSearch(); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['All time'], 'for all-time'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 7 days'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 7 days', String(secInADay * 7)], 'for last 7 days'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 30 days'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 30 days', String(secInADay * 30)], 'for last 30 days'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 60 days'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 60 days', String(secInADay * 60)], 'for last 60 days'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 90 days'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 90 days', String(secInADay * 90)], 'for last 90 days'); + + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 1 year'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 1 year', String(secInADay * 365)], 'for last 1 year'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 2 years'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 2 years', String((secInADay * 365 * 2) + secInADay)], 'for last 2 years'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 5 years'); + expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 5 years', String((secInADay * 365 * 5) + secInADay)], 'for last 5 years'); + + page.clickClearSearch(); + }); + + it('should have all time range values populated - 2', () => { + let secInADay = (24*60*60*1000); + + page.clickDateSettings(); + page.selectQuickTimeRange('Yesterday'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Yesterday', String(secInADay - 1000)], 'yesterday'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Day before yesterday'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Day before yesterday', String(secInADay - 1000)], 'day before yesterday'); + + page.clickDateSettings(); + page.selectQuickTimeRange('This day last week'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'This day last week', String(secInADay - 1000)], 'this day last week'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Previous week'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Previous week', String((secInADay * 7) - (1000))], 'for previous week'); + + page.clickClearSearch(); + }); + + it('should have all time range values populated - 3', () => { + let secInADay = (24*60*60*1000); + + page.clickDateSettings(); + page.selectQuickTimeRange('Today'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Today', String(secInADay - 1000)], 'for today'); + page.clickDateSettings(); + page.selectQuickTimeRange('This week'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'This week', String((secInADay*7) - 1000)], 'for this week'); + + page.clickClearSearch(); }); - it('sould have all time-range included while searching', () => { + it('should have all time range values populated - 4', () => { + let secInADay = (24*60*60*1000); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 5 minutes'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 5 minutes', String(5 * 60 * 1000)], 'for last 5 minutes'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 15 minutes'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 15 minutes', String(15 * 60 * 1000)], 'for last 15 minutes'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 30 minutes'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 30 minutes', String(30 * 60 * 1000)], 'for last 30 minutes'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 1 hour'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 1 hour', String(60 * 60 * 1000)], 'for last 1 hour'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 3 hours'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 3 hours', String(3 * 60 * 60 * 1000)], 'for last 3 hours'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 6 hours'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 6 hours', String(6 * 60 * 60 * 1000)], 'for last 6 hours'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 12 hours'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 12 hours', String(12 * 60 * 60 * 1000)], 'for last 12 hours'); + + page.clickDateSettings(); + page.selectQuickTimeRange('Last 24 hours'); + expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 24 hours', String(24 * 60 * 60 * 1000)], 'for last 24 hours'); + + page.clickClearSearch(); + }); + + it('should disable date picker when timestamp is present in search', () => { + page.clickTableText('2017-09-13 18:02:20'); + expect(page.isDateSeettingDisabled()).toEqual(true); + + page.clickClearSearch(); + expect(page.isDateSeettingDisabled()).toEqual(false); + + page.clickTableText('alerts_ui_e2e'); + expect(page.isDateSeettingDisabled()).toEqual(false); + + page.clickClearSearch(); + }); + + it('should have now included when to date is empty', () => { + page.clickDateSettings(); + page.setDate(0, '2017', 'September', '13', '23', '29', '35'); + page.selectTimeRangeApplyButton(); + expect(page.getTimeRangeButtonTextForNow()).toEqual([ 'Date Range', '2017-09-13 23:29:35 to NOW' ]); + + page.clickClearSearch(); + }); + + it('should have all time-range included while searching', () => { + page.clearLocalStorage(); + page.clickDateSettings(); + + /* Select Last 5years for time range */ page.selectQuickTimeRange('Last 5 years'); expect(page.getTimeRangeButtonText()).toEqual('Last 5 years'); + /* Select custom date for time range */ page.clickDateSettings(); page.setDate(0, '2017', 'September', '13', '23', '29', '35'); page.setDate(1, '2017', 'September', '13', '23', '29', '40'); page.selectTimeRangeApplyButton(); + expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)'); + /* Save custom date in saved searches */ + page.saveSearch('e2e-2'); + page.clickSavedSearch(); + expect(page.getRecentSearchOptions()).toEqual(['timestamp:(>=15...=1505325580000)', 'timestamp:last-5-years'], + 'for recent search options'); + expect(page.getSavedSearchOptions()).toEqual(['e2e-2'], + 'for saved search options'); + page.clickCloseSavedSearch(); + + /* Clear Search should should show all rows */ + page.clickClearSearch(); + expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)'); + + /* Load the saved search */ + page.clickSavedSearch(); + page.loadSavedSearch('e2e-2'); expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)'); + + /* Load recent search */ + page.clickSavedSearch(); + page.loadRecentSearch('last-5-years'); + expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)'); + }); }); diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts index 2745d94992..078ae07fbb 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts @@ -152,12 +152,14 @@ export class MetronAlertsPage { } clickConfigureTable() { - element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon')).click(); + let gearIcon = element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon')); + waitForElementVisibility(gearIcon).then(() => gearIcon.click()); browser.sleep(1000); } clickCloseSavedSearch() { element(by.css('app-saved-searches .close-button')).click(); + browser.sleep(2000); } clickSavedSearch() { @@ -170,7 +172,7 @@ export class MetronAlertsPage { } clickTableText(name: string) { - waitForElementPresence(element.all(by.css('app-table-view tbody tr'))).then(() => element.all(by.linkText(name)).get(0).click()); + waitForElementPresence(element.all(by.css('app-table-view tbody tr a'))).then(() => element.all(by.linkText(name)).get(0).click()); } clickClearSearch() { @@ -195,26 +197,22 @@ export class MetronAlertsPage { getRecentSearchOptions() { browser.sleep(1000); - let map = {}; - let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(0); - return recentSearches.all(by.css('a')).getText().then(title => { - return recentSearches.all(by.css('.collapse.show')).getText().then(values => { - map[title] = values; - return map; - }); - }); + return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('li')).getText(); + } + + getDefaultRecentSearchValue() { + browser.sleep(1000); + return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('i')).getText(); } getSavedSearchOptions() { browser.sleep(1000); - let map = {}; - let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(1); - return recentSearches.all(by.css('a')).getText().then(title => { - return recentSearches.all(by.css('.collapse.show')).getText().then(values => { - map[title] = values; - return map; - }); - }); + return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('li')).getText(); + } + + getDefaultSavedSearchValue() { + browser.sleep(1000); + return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('i')).getText(); } getSelectedColumnNames() { @@ -288,6 +286,10 @@ export class MetronAlertsPage { }); } + isDateSeettingDisabled() { + return element.all(by.css('app-time-range button.btn.btn-search[disabled=""]')).count().then((count) => { return (count === 1); }); + } + clickDateSettings() { element(by.css('app-time-range button.btn-search')).click(); browser.sleep(2000); @@ -310,8 +312,8 @@ export class MetronAlertsPage { } selectQuickTimeRange(quickRange: string) { - element(by.cssContainingText('.quick-ranges span', quickRange)).click(); - browser.sleep(1000); + element.all(by.cssContainingText('.quick-ranges span', quickRange)).get(0).click(); + browser.sleep(2000); } getTimeRangeButtonText() { @@ -352,4 +354,38 @@ export class MetronAlertsPage { return element(by.css('a[title="' + id +'"]')) .element(by.xpath('../..')).all(by.css('td a')).get(8).getText(); } + + loadSavedSearch(name: string) { + element.all(by.css('app-saved-searches metron-collapse')).get(1).element(by.css('li[title="'+ name +'"]')).click(); + browser.sleep(1000); + } + + loadRecentSearch(name: string) { + element.all(by.css('app-saved-searches metron-collapse')).get(0).all(by.css('li')).get(2).click(); + browser.sleep(1000); + } + + getTimeRangeButtonTextForNow() { + return element.all(by.css('app-time-range button span')).getText(); + } + + getTimeRangebuttonText() { + return element.all(by.css('app-time-range button span')).getText().then(arr => { + let retArr = [arr[0]]; + for (let i=1; i < arr.length; i++) { + let dateStr = arr[i].split(' to '); + let fromTime = new Date(dateStr[0]).getTime(); + let toTime = new Date(dateStr[1]).getTime(); + retArr.push((toTime - fromTime) + ''); + } + return retArr; + }); + } + + renameColumn(name: string, value: string) { + element(by.cssContainingText('app-configure-table span', name)) + .element(by.xpath('../..')) + .element(by.css('.input')).sendKeys(value); + } + } diff --git a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts index 08349601ee..ddad558078 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts @@ -56,6 +56,28 @@ describe('metron-alerts configure table', function() { page.toggleSelectCol('guid', 'method'); expect(page.getSelectedColumnNames()).toEqualBcoz(newColNamesColumnConfig, 'for guid added to selected column names'); page.saveConfigureColumns(); + }); + + it('should rename columns from table configuration', () => { + page.clearLocalStorage(); + page.navigateTo(); + + page.clickConfigureTable(); + page.renameColumn('enrichments:geo:ip_dst_addr:country', 'Country'); + page.saveConfigureColumns(); + + page.clickTableText('FR'); + expect(page.getSearchText()).toEqual('Country:FR'); + expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)'); + page.clickClearSearch(); + + expect(page.getChangesAlertTableTitle('Alerts (25)')).toEqual('Alerts (169)'); + page.setSearchText('Country:FR'); + expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)'); + page.clickClearSearch(); + + let columnNames = ['Score','id', 'timestamp','source:type','ip_src_addr','Country','ip_dst_addr','host','alert_status','','']; + expect(page.getTableColumnNames()).toEqualBcoz(columnNames, 'for renamed column names for alert list table'); }); diff --git a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts index b6062849c7..350f11efa1 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts @@ -47,8 +47,10 @@ describe('metron-alerts Search', function() { page.clickSavedSearch(); expect(page.getSavedSearchTitle()).toEqualBcoz('Searches', 'for saved searches title'); - expect(page.getRecentSearchOptions()).toEqualBcoz({ 'Recent Searches': [ 'No Recent Searches' ] }, 'for recent search options'); - expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'No Saved Searches' ] }, 'for saved search options'); + expect(page.getRecentSearchOptions()).toEqualBcoz([], 'for recent search options'); + expect(page.getSavedSearchOptions()).toEqualBcoz([], 'for saved search options'); + expect(page.getDefaultRecentSearchValue()).toEqualBcoz([ 'No Recent Searches' ], 'for recent search default value'); + expect(page.getDefaultSavedSearchValue()).toEqualBcoz([ 'No Saved Searches' ], 'for saved search default value'); page.clickCloseSavedSearch(); }); @@ -56,7 +58,7 @@ describe('metron-alerts Search', function() { it('should have all save search controls and they save search should be working', () => { page.saveSearch('e2e-1'); page.clickSavedSearch(); - expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'e2e-1' ] }, 'for saved search options e2e-1'); + expect(page.getSavedSearchOptions()).toEqualBcoz([ 'e2e-1' ], 'for saved search options e2e-1'); page.clickCloseSavedSearch(); }); diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts index 7d32a47391..441add4bd9 100644 --- a/metron-interface/metron-alerts/src/app/model/filter.ts +++ b/metron-interface/metron-alerts/src/app/model/filter.ts @@ -45,7 +45,7 @@ export class Filter { getQueryString(): string { if (this.field === TIMESTAMP_FIELD_NAME && !this.display) { this.dateFilterValue = Utils.timeRangeToDateObj(this.value); - if (this.dateFilterValue !== null) { + if (this.dateFilterValue !== null && this.dateFilterValue.toDate !== null) { return ElasticsearchUtils.escapeESField(this.field) + ':' + '(>=' + this.dateFilterValue.fromDate + ' AND ' + ' <=' + this.dateFilterValue.toDate + ')'; } else { diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts index c6b37d181d..243d433bd1 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -107,7 +107,9 @@ export class TimeRangeComponent implements OnInit, OnChanges { if (!foundQuickRange) { this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; - this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT); + this.toDateStr = this.selectedTimeRange.dateFilterValue.toDate !== null ? + moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT) : + 'NOW'; this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT); } } diff --git a/metron-interface/metron-alerts/src/app/utils/utils.ts b/metron-interface/metron-alerts/src/app/utils/utils.ts index 2aa7740bd3..57a6355bb0 100644 --- a/metron-interface/metron-alerts/src/app/utils/utils.ts +++ b/metron-interface/metron-alerts/src/app/utils/utils.ts @@ -22,7 +22,7 @@ import {DateFilterValue} from '../model/date-filter-value'; export class Utils { - public static timeRangeToDateObj(range: string) { + public static timeRangeToDateObj(range:string) { let timeRangeToDisplayStr = Utils.timeRangeToDisplayStr(range); if (timeRangeToDisplayStr != null) { let toDate = new Date((timeRangeToDisplayStr.toDate)).getTime(); @@ -36,13 +36,17 @@ export class Utils { } return null; } - public static parseTimeRange(range: string) { - let parsed = range.replace(/^\(>=/,'') - .replace(/\)$/,'') - .replace(/<=/,'').split('AND'); + + public static parseTimeRange(range:string) { + let parsed = range.replace(/^\(>=/, '') + .replace(/\)$/, '') + .replace(/<=/, '').split('AND'); if (parsed.length === 2 && !isNaN(Number(parsed[0])) && !isNaN(Number(parsed[1]))) { return {toDate: Number(parsed[1]), fromDate: Number(parsed[0])}; } + if (parsed.length === 1 && !isNaN(Number(parsed[0]))) { + return {toDate: null, fromDate: Number(parsed[0])}; + } return null; } @@ -177,4 +181,4 @@ export class Utils { return {toDate: toDate, fromDate: fromDate}; } -} \ No newline at end of file +} From 863765ea1d8c80eb9a4ba0a8dbec4dd0ed5f19b0 Mon Sep 17 00:00:00 2001 From: iraghumitra Date: Wed, 25 Oct 2017 17:49:58 -0700 Subject: [PATCH 11/11] Fixes for TZ issues in E2E tests --- .../e2e/alerts-list/alerts-list.e2e-spec.ts | 49 +++++++++---------- .../e2e/alerts-list/alerts-list.po.ts | 24 ++++----- .../e2e/mock-data/alerts_ui_e2e_index.data | 20 ++++---- .../shared/time-range/time-range.component.ts | 8 ++- 4 files changed, 54 insertions(+), 47 deletions(-) diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts index 30d078b6a7..b0574eea06 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts @@ -169,36 +169,36 @@ describe('metron-alerts App', function() { let secInADay = (24 * 60 * 60 * 1000); page.clickClearSearch(); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['All time'], 'for all-time'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['All time'], 'for all-time'); page.clickDateSettings(); page.selectQuickTimeRange('Last 7 days'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 7 days', String(secInADay * 7)], 'for last 7 days'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 7 days', String(secInADay * 7)], 'for last 7 days'); page.clickDateSettings(); page.selectQuickTimeRange('Last 30 days'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 30 days', String(secInADay * 30)], 'for last 30 days'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 30 days', String(secInADay * 30)], 'for last 30 days'); page.clickDateSettings(); page.selectQuickTimeRange('Last 60 days'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 60 days', String(secInADay * 60)], 'for last 60 days'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 60 days', String(secInADay * 60)], 'for last 60 days'); page.clickDateSettings(); page.selectQuickTimeRange('Last 90 days'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 90 days', String(secInADay * 90)], 'for last 90 days'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 90 days', String(secInADay * 90)], 'for last 90 days'); page.clickDateSettings(); page.selectQuickTimeRange('Last 1 year'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 1 year', String(secInADay * 365)], 'for last 1 year'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 1 year', String(secInADay * 365)], 'for last 1 year'); page.clickDateSettings(); page.selectQuickTimeRange('Last 2 years'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 2 years', String((secInADay * 365 * 2) + secInADay)], 'for last 2 years'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 2 years', String((secInADay * 365 * 2) + secInADay)], 'for last 2 years'); page.clickDateSettings(); page.selectQuickTimeRange('Last 5 years'); - expect(page.getTimeRangebuttonText()).toEqualBcoz(['Last 5 years', String((secInADay * 365 * 5) + secInADay)], 'for last 5 years'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 5 years', String((secInADay * 365 * 5) + secInADay)], 'for last 5 years'); page.clickClearSearch(); }); @@ -208,19 +208,19 @@ describe('metron-alerts App', function() { page.clickDateSettings(); page.selectQuickTimeRange('Yesterday'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Yesterday', String(secInADay - 1000)], 'yesterday'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Yesterday', String(secInADay - 1000)], 'yesterday'); page.clickDateSettings(); page.selectQuickTimeRange('Day before yesterday'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Day before yesterday', String(secInADay - 1000)], 'day before yesterday'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Day before yesterday', String(secInADay - 1000)], 'day before yesterday'); page.clickDateSettings(); page.selectQuickTimeRange('This day last week'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'This day last week', String(secInADay - 1000)], 'this day last week'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This day last week', String(secInADay - 1000)], 'this day last week'); page.clickDateSettings(); page.selectQuickTimeRange('Previous week'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Previous week', String((secInADay * 7) - (1000))], 'for previous week'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Previous week', String((secInADay * 7) - (1000))], 'for previous week'); page.clickClearSearch(); }); @@ -230,11 +230,11 @@ describe('metron-alerts App', function() { page.clickDateSettings(); page.selectQuickTimeRange('Today'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Today', String(secInADay - 1000)], 'for today'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Today', String(secInADay - 1000)], 'for today'); page.clickDateSettings(); page.selectQuickTimeRange('This week'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'This week', String((secInADay*7) - 1000)], 'for this week'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This week', String((secInADay*7) - 1000)], 'for this week'); page.clickClearSearch(); }); @@ -244,35 +244,35 @@ describe('metron-alerts App', function() { page.clickDateSettings(); page.selectQuickTimeRange('Last 5 minutes'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 5 minutes', String(5 * 60 * 1000)], 'for last 5 minutes'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 5 minutes', String(5 * 60 * 1000)], 'for last 5 minutes'); page.clickDateSettings(); page.selectQuickTimeRange('Last 15 minutes'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 15 minutes', String(15 * 60 * 1000)], 'for last 15 minutes'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 15 minutes', String(15 * 60 * 1000)], 'for last 15 minutes'); page.clickDateSettings(); page.selectQuickTimeRange('Last 30 minutes'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 30 minutes', String(30 * 60 * 1000)], 'for last 30 minutes'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 30 minutes', String(30 * 60 * 1000)], 'for last 30 minutes'); page.clickDateSettings(); page.selectQuickTimeRange('Last 1 hour'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 1 hour', String(60 * 60 * 1000)], 'for last 1 hour'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 1 hour', String(60 * 60 * 1000)], 'for last 1 hour'); page.clickDateSettings(); page.selectQuickTimeRange('Last 3 hours'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 3 hours', String(3 * 60 * 60 * 1000)], 'for last 3 hours'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 3 hours', String(3 * 60 * 60 * 1000)], 'for last 3 hours'); page.clickDateSettings(); page.selectQuickTimeRange('Last 6 hours'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 6 hours', String(6 * 60 * 60 * 1000)], 'for last 6 hours'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 6 hours', String(6 * 60 * 60 * 1000)], 'for last 6 hours'); page.clickDateSettings(); page.selectQuickTimeRange('Last 12 hours'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 12 hours', String(12 * 60 * 60 * 1000)], 'for last 12 hours'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 12 hours', String(12 * 60 * 60 * 1000)], 'for last 12 hours'); page.clickDateSettings(); page.selectQuickTimeRange('Last 24 hours'); - expect(page.getTimeRangebuttonText()).toEqualBcoz([ 'Last 24 hours', String(24 * 60 * 60 * 1000)], 'for last 24 hours'); + expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 24 hours', String(24 * 60 * 60 * 1000)], 'for last 24 hours'); page.clickClearSearch(); }); @@ -294,7 +294,7 @@ describe('metron-alerts App', function() { page.clickDateSettings(); page.setDate(0, '2017', 'September', '13', '23', '29', '35'); page.selectTimeRangeApplyButton(); - expect(page.getTimeRangeButtonTextForNow()).toEqual([ 'Date Range', '2017-09-13 23:29:35 to NOW' ]); + expect(page.getTimeRangeButtonTextForNow()).toEqual([ 'Date Range', '2017-09-13 23:29:35 to now' ]); page.clickClearSearch(); }); @@ -317,8 +317,7 @@ describe('metron-alerts App', function() { /* Save custom date in saved searches */ page.saveSearch('e2e-2'); page.clickSavedSearch(); - expect(page.getRecentSearchOptions()).toEqual(['timestamp:(>=15...=1505325580000)', 'timestamp:last-5-years'], - 'for recent search options'); + expect(page.getRecentSearchOptions()).toContain('timestamp:last-5-years', 'for recent search options'); expect(page.getSavedSearchOptions()).toEqual(['e2e-2'], 'for saved search options'); page.clickCloseSavedSearch(); diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts index 078ae07fbb..4a97917365 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts @@ -368,17 +368,19 @@ export class MetronAlertsPage { getTimeRangeButtonTextForNow() { return element.all(by.css('app-time-range button span')).getText(); } - - getTimeRangebuttonText() { - return element.all(by.css('app-time-range button span')).getText().then(arr => { - let retArr = [arr[0]]; - for (let i=1; i < arr.length; i++) { - let dateStr = arr[i].split(' to '); - let fromTime = new Date(dateStr[0]).getTime(); - let toTime = new Date(dateStr[1]).getTime(); - retArr.push((toTime - fromTime) + ''); - } - return retArr; + + getTimeRangeButtonAndSubText() { + return waitForElementInVisibility(element(by.css('#time-range'))) + .then(() => element.all(by.css('app-time-range button span')).getText()) + .then(arr => { + let retArr = [arr[0]]; + for (let i=1; i < arr.length; i++) { + let dateStr = arr[i].split(' to '); + let fromTime = new Date(dateStr[0]).getTime(); + let toTime = new Date(dateStr[1]).getTime(); + retArr.push((toTime - fromTime) + ''); + } + return retArr; }); } diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data index f75c220ff0..e3ffbe7804 100644 --- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data +++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data @@ -209,25 +209,25 @@ {"create": { "_id": "72f00fcd-2347-d75b-5c0a-08086f9e2a23"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325676512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569374","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CHVSUC3iOxb3UpVxWd","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CHVSUC3iOxb3UpVxWd trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569378","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574181","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325676512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569375","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569378","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"72f00fcd-2347-d75b-5c0a-08086f9e2a23","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "dcb3afed-1b68-d88a-7adb-f38183867920"}} -{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505325677512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973} +{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973} {"create": { "_id": "50d6e395-0f31-a9c3-143e-25d7f44aadde"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325678512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cn2j4crCA6ckU3XP5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cn2j4crCA6ckU3XP5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325678512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569383","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"50d6e395-0f31-a9c3-143e-25d7f44aadde","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "e90a5ca0-599d-05f2-18c4-13b563606f2e"}} -{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505325679512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} +{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "fdb3c737-37fb-8bdf-6ace-78e8c41972a7"}} {"bro_timestamp":1505325680512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569384","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":32,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:32 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"node1","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325680512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574845","guid":"fdb3c737-37fb-8bdf-6ace-78e8c41972a7","response_body_len":0} {"create": { "_id": "735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0"}} {"bro_timestamp":1505325681512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569387","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":22,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:22 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569389","host":"node1","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325681512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569387","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569389","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0","response_body_len":0} {"create": { "_id": "09552ace-9c09-8069-a3f0-73e146579030"}} -{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505325682512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} +{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} {"create": { "_id": "1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}} {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325683512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671569393","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574077","uid":"C1fDU21X4Ys3xP7137","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C1fDU21X4Ys3xP7137 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569395","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325683512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569393","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569395","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"1ff42d27-d69b-eab5-a2ca-7875ebf8336e"} {"create": { "_id": "ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}} {"qclass_name":"C_INTERNET","bro_timestamp":1505325684512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671569399","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574077","uid":"CqrOfMusHaczrDBz8","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CqrOfMusHaczrDBz8 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569401","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325684512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569399","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569401","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"} {"create": { "_id": "a105fca8-ec40-a98f-b64e-06e4d97a800f"}} -{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505325685512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} +{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1"}} -{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505325686512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} +{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} {"create": { "_id": "ba44eb73-69d8-ccd2-f08b-636f9c15b261"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325687512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573813","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CLKLkp1z9ZWAE0eou","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CLKLkp1z9ZWAE0eou referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FrcnSsZqVzpjB9o3j\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573817","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrcnSsZqVzpjB9o3j"],"timestamp":1505325687512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573813","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"ba44eb73-69d8-ccd2-f08b-636f9c15b261","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635} {"create": { "_id": "6a437817-ef04-e264-2eef-5edd0b37d280"}} @@ -311,11 +311,11 @@ {"create": { "_id": "3cf6c636-ea29-4654-1632-c38a2c130f1c"}} {"bro_timestamp":1505325727512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594637","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOUZap2sbK6jyWeLZ8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594637","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594644","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOUZap2sbK6jyWeLZ8"],"timestamp":1505325727512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"3cf6c636-ea29-4654-1632-c38a2c130f1c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "fd436051-cfdd-c29a-e07c-a08a83740b23"}} -{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325728512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0} +{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0} {"create": { "_id": "d41c8e3b-0b86-9084-2f6a-82db51a337fe"}} {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325729512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"C5DBCB4BP3zJovMQlf","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C5DBCB4BP3zJovMQlf resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FMZdAx3UlrSOgAQdsj\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:72.34.49.86 resp_fuids:[\"FtEGkz1CUNMfkJKrZh\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FtEGkz1CUNMfkJKrZh"],"timestamp":1505325729512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FMZdAx3UlrSOgAQdsj"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"d41c8e3b-0b86-9084-2f6a-82db51a337fe","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} {"create": { "_id": "777d9c8c-4c97-08bd-09ba-66e9366cccd5"}} -{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505325730512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"} +{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"} {"create": { "_id": "0e99ba49-46a8-8efe-098f-15456c107bc9"}} {"bro_timestamp":1505325731512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325731512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"0e99ba49-46a8-8efe-098f-15456c107bc9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} {"create": { "_id": "e9a942f0-9410-a2ef-79d3-297448ca7a9a"}} @@ -323,13 +323,13 @@ {"create": { "_id": "cadf2f10-468c-2ad9-625c-39dce0668ea0"}} {"bro_timestamp":1505325733512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FPOfpJ1mfdIRvALw8j\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594643","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPOfpJ1mfdIRvALw8j"],"timestamp":1505325733512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594643","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"cadf2f10-468c-2ad9-625c-39dce0668ea0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} {"create": { "_id": "becc5966-68a2-e67d-3493-b7bc9514e3c9"}} -{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325734512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} +{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "4d864bb0-0cb1-4005-f707-c62f7b0e7264"}} -{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505325735512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"} +{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"} {"create": { "_id": "4c732cb0-05cc-bdb4-9898-886a93129aba"}} {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325736512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CvI6xrY2n5mRaFjFa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CvI6xrY2n5mRaFjFa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE73U6RnooUIz1k3l\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:72.34.49.86 resp_fuids:[\"FbCMi2mD3uLfGjK7j\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FbCMi2mD3uLfGjK7j"],"timestamp":1505325736512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671598092","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FE73U6RnooUIz1k3l"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"OK","guid":"4c732cb0-05cc-bdb4-9898-886a93129aba","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} {"create": { "_id": "cb6a4983-48ac-4c00-2f44-9d1bd9b50575"}} -{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325737512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0} +{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0} {"create": { "_id": "a5e95569-a9ee-c024-ace7-7d0e2613b29a"}} {"qclass_name":"C_INTERNET","bro_timestamp":1505325738512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671598104","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","trans_id":0,"adapter:geoadapter:begin:ts":"1492671598093","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671596.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","Z":0,"adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","qclass":1,"timestamp":1505325738512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671598090","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"a5e95569-a9ee-c024-ace7-7d0e2613b29a"} {"create": { "_id": "fa91598f-51b2-2b60-11f2-6fbabc162b7e"}} diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts index 243d433bd1..89f57a1053 100644 --- a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts +++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts @@ -101,6 +101,9 @@ export class TimeRangeComponent implements OnInit, OnChanges { if (this.selectedTimeRange.dateFilterValue) { this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT); this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + + this.datePickerFromDate = ''; + this.datePickerToDate = ''; } } }); @@ -109,8 +112,11 @@ export class TimeRangeComponent implements OnInit, OnChanges { this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL; this.toDateStr = this.selectedTimeRange.dateFilterValue.toDate !== null ? moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT) : - 'NOW'; + 'now'; this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT); + + this.datePickerFromDate = this.fromDateStr; + this.datePickerToDate = this.selectedTimeRange.dateFilterValue.toDate !== null ? this.toDateStr : ''; } }