Skip to content

Commit

Permalink
Fix findings page crash and rule severity correctness (#1160)
Browse files Browse the repository at this point in the history
* bug fix

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* fix correlation finding severity

Signed-off-by: Joanne Wang <[email protected]>

---------

Signed-off-by: Amardeepsingh Siglani <[email protected]>
Signed-off-by: Joanne Wang <[email protected]>
Co-authored-by: Amardeepsingh Siglani <[email protected]>
  • Loading branch information
jowg-amazon and amsiglan authored Sep 11, 2024
1 parent 58fc39f commit 1164b98
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 20 deletions.
43 changes: 34 additions & 9 deletions public/pages/Findings/containers/Findings/Findings.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import {
import {
BREADCRUMBS,
DEFAULT_DATE_RANGE,
DEFAULT_EMPTY_DATA,
FindingTabId,
MAX_RECENTLY_USED_TIME_RANGES,
} from '../../../../utils/constants';
Expand All @@ -49,6 +50,7 @@ import {
getDuration,
getIsNotificationPluginInstalled,
setBreadcrumbs,
isThreatIntelQuery,
} from '../../../../utils/helpers';
import { RuleSource } from '../../../../../server/models/interfaces';
import { NotificationsStart } from 'opensearch-dashboards/public';
Expand All @@ -66,6 +68,7 @@ import {
} from '../../../../../types';
import { ThreatIntelFindingsTable } from '../../components/FindingsTable/ThreatIntelFindingsTable';
import { PageHeader } from '../../../../components/PageHeader/PageHeader';
import { RuleSeverityValue, RuleSeverityPriority } from '../../../Rules/utils/constants';

interface FindingsProps extends RouteComponentProps, DataSourceProps {
detectorService: DetectorsService;
Expand Down Expand Up @@ -436,7 +439,8 @@ class Findings extends Component<FindingsProps, FindingsState> {
const ruleLevel =
finding.detectionType === 'Threat intelligence'
? 'high'
: (findingsState as DetectionRulesFindingsState).rules[finding.queries[0].id].level;
: (findingsState as DetectionRulesFindingsState).rules[finding.queries[0].id]?.level ||
DEFAULT_EMPTY_DATA;
visData.push({
finding: 1,
time: findingTime.getTime(),
Expand Down Expand Up @@ -521,13 +525,30 @@ class Findings extends Component<FindingsProps, FindingsState> {
} = this.props;
if (selectedTabId === FindingTabId.DetectionRules && Object.keys(rules).length > 0) {
findings = findings.map((finding: any) => {
const rule = rules[finding.queries[0].id];
if (rule) {
finding['ruleName'] = rule.title;
finding['ruleSeverity'] =
rule.level === 'critical' ? rule.level : finding['ruleSeverity'] || rule.level;
finding['tags'] = rule.tags;
}
const matchedRules: RuleSource[] = [];
finding.queries.forEach((query: any) => {
if (rules[query.id]) {
matchedRules.push(rules[query.id]);
}
});

matchedRules.sort((a, b) => {
return RuleSeverityPriority[a.level as RuleSeverityValue] <
RuleSeverityPriority[b.level as RuleSeverityValue]
? -1
: 1;
});

finding['ruleName'] =
matchedRules[0]?.title ||
(finding.queries.find(({ id }) => isThreatIntelQuery(id))
? 'Threat intel'
: DEFAULT_EMPTY_DATA);
finding['ruleSeverity'] =
matchedRules[0]?.level === 'critical'
? 'critical'
: finding['ruleSeverity'] || matchedRules[0]?.level || DEFAULT_EMPTY_DATA;
finding['tags'] = matchedRules[0]?.tags || [];
return finding;
});
}
Expand Down Expand Up @@ -625,7 +646,11 @@ class Findings extends Component<FindingsProps, FindingsState> {
<EuiFlexItem>
{!findings || findings.length === 0 ? (
<EuiEmptyPrompt
title={<EuiText size="s"><h2>No findings</h2></EuiText>}
title={
<EuiText size="s">
<h2>No findings</h2>
</EuiText>
}
body={
<EuiText size="s">
{this.state.findingStateByTabId[this.state.selectedTabId].emptyPromptBody}
Expand Down
36 changes: 26 additions & 10 deletions public/pages/Rules/utils/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,22 @@ export const ruleTypes: {

const paletteColors = euiPaletteForStatus(5);

export enum RuleSeverityValue {
Critical = 'critical',
High = 'high',
Medium = 'medium',
Low = 'low',
Informational = 'informational',
}

export const RuleSeverityPriority: Record<RuleSeverityValue, string> = {
[RuleSeverityValue.Critical]: '1',
[RuleSeverityValue.High]: '2',
[RuleSeverityValue.Medium]: '3',
[RuleSeverityValue.Low]: '4',
[RuleSeverityValue.Informational]: '5',
};

export const ruleSeverity: {
name: string;
value: string;
Expand All @@ -23,32 +39,32 @@ export const ruleSeverity: {
}[] = [
{
name: 'Critical',
value: 'critical',
priority: '1',
value: RuleSeverityValue.Critical,
priority: RuleSeverityPriority[RuleSeverityValue.Critical],
color: { background: paletteColors[4], text: 'white' },
},
{
name: 'High',
value: 'high',
priority: '2',
value: RuleSeverityValue.High,
priority: RuleSeverityPriority[RuleSeverityValue.High],
color: { background: paletteColors[3], text: 'white' },
},
{
name: 'Medium',
value: 'medium',
priority: '3',
value: RuleSeverityValue.Medium,
priority: RuleSeverityPriority[RuleSeverityValue.Medium],
color: { background: paletteColors[2], text: 'black' },
},
{
name: 'Low',
value: 'low',
priority: '4',
value: RuleSeverityValue.Low,
priority: RuleSeverityPriority[RuleSeverityValue.Low],
color: { background: paletteColors[1], text: 'white' },
},
{
name: 'Informational',
value: 'informational',
priority: '5',
value: RuleSeverityValue.Informational,
priority: RuleSeverityPriority[RuleSeverityValue.Informational],
color: { background: paletteColors[0], text: 'white' },
},
];
Expand Down
14 changes: 13 additions & 1 deletion public/store/CorrelationsStore.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import { NotificationsStart } from 'opensearch-dashboards/public';
import { errorNotificationToast } from '../utils/helpers';
import { DEFAULT_EMPTY_DATA } from '../utils/constants';
import { DataStore } from './DataStore';
import { RuleSource } from '../../server/models/interfaces';
import { RuleSeverityPriority, RuleSeverityValue } from '../pages/Rules/utils/constants';

export interface ICorrelationsCache {
[key: string]: CorrelationRule[];
Expand Down Expand Up @@ -275,7 +277,17 @@ export class CorrelationsStore implements ICorrelationsStore {
const findings = await DataStore.findings.getFindingsByIds(findingIds);
findings.forEach((f) => {
const detector = detectorsMap[f.detectorId];
const rule = allRules.find((rule) => rule._id === f.queries[0].id);
const queryIds = f.queries.map((query) => query.id);
const matchedRules = allRules.filter((rule) => queryIds.includes(rule._id));
matchedRules.sort((a, b) => {
return RuleSeverityPriority[a._source.level as RuleSeverityValue] <
RuleSeverityPriority[b._source.level as RuleSeverityValue]
? -1
: 1;
});

const rule = allRules.find((rule) => rule._id === matchedRules[0]?._id);

findingsMap[f.id] = {
...f,
id: f.id,
Expand Down

0 comments on commit 1164b98

Please sign in to comment.