Skip to content

Commit

Permalink
Minor stuff
Browse files Browse the repository at this point in the history
  • Loading branch information
@frikky
frikky committed Oct 10, 2023
1 parent dd8f877 commit 8a24ea6
Showing 1 changed file with 79 additions and 29 deletions.
108 changes: 79 additions & 29 deletions shared.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,40 +70,40 @@ func GetUsecaseData() string {
"list": [
{
"name": "Email management",
"priority": 100,
"type": "communication",
"last": "cases",
"priority": 100,
"type": "communication",
"last": "cases",
"items": {
"name": "Release a quarantined message",
"items": {}
}
},
{
"name": "EDR to ticket",
"priority": 100,
"type": "edr",
"last": "cases",
"priority": 100,
"type": "edr",
"last": "cases",
"items": {
"name": "Get host information",
"items": {}
}
},
{
"name": "SIEM to ticket",
"priority": 100,
"type": "siem",
"last": "cases",
"description": "Ensure tickets are forwarded to the correct destination. Alternatively add enrichment on it's way there.",
"video": "https://www.youtube.com/watch?v=FBISHA7V15c&t=197s&ab_channel=OpenSecure",
"blogpost": "https://medium.com/shuffle-automation/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12",
"reference_image": "/images/detectionframework.png",
"priority": 100,
"type": "siem",
"last": "cases",
"description": "Ensure tickets are forwarded to the correct destination. Alternatively add enrichment on it's way there.",
"video": "https://www.youtube.com/watch?v=FBISHA7V15c&t=197s&ab_channel=OpenSecure",
"blogpost": "https://medium.com/shuffle-automation/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12",
"reference_image": "/images/detectionframework.png",
"items": {}
},
{
"type": "cases",
"last": "cases",
"type": "cases",
"last": "cases",
"name": "2-way Ticket synchronization",
"priority": 60,
"priority": 60,
"items": {}
},
{
Expand All @@ -122,25 +122,25 @@ func GetUsecaseData() string {
},
{
"name": "Assign tickets",
"type": "cases",
"priority": 60,
"type": "cases",
"priority": 30,
"items": {}
},
{
"name": "Firewall alerts",
"priority": 90,
"type": "network",
"last": "cases",
"priority": 90,
"type": "network",
"last": "cases",
"items": {
"name": "URL filtering",
"items": {}
}
},
{
"name": "IDS/IPS alerts",
"type": "network",
"last": "cases",
"priority": 90,
"type": "network",
"last": "cases",
"priority": 30,
"items": {
"name": "Manage policies",
"items": {}
Expand Down Expand Up @@ -196,8 +196,9 @@ func GetUsecaseData() string {
"list": [
{
"name": "Search SIEM (Sigma)",
"priority": 90,
"type": "siem",
"priority": 90,
"type": "siem",
"last": "cases",
"items": {
"name": "Endpoint",
"items": {}
Expand All @@ -207,12 +208,14 @@ func GetUsecaseData() string {
"name": "Search EDR (OSQuery)",
"type": "edr",
"priority": 90,
"last": "cases",
"items": {}
},
{
"name": "Search emails (Sublime)",
"priority": 90,
"type": "communication",
"last": "cases",
"items": {
"name": "Check headers and IOCs",
"items": {}
Expand All @@ -222,12 +225,14 @@ func GetUsecaseData() string {
"name": "Search IOCs (ioc-finder)",
"priority": 50,
"type": "intel",
"last": "cases",
"items": {}
},
{
"name": "Search files (Yara)",
"priority": 50,
"type": "intel",
"last": "cases",
"items": {}
},
{
Expand All @@ -240,12 +245,14 @@ func GetUsecaseData() string {
"name": "IDS & IPS (Snort/Surricata)",
"priority": 50,
"type": "network",
"last": "cases",
"items": {}
},
{
"name": "Honeypot access",
"priority": 50,
"type": "network",
"priority": 50,
"type": "network",
"last": "cases",
"items": {
"name": "...",
"items": {}
Expand Down Expand Up @@ -4163,7 +4170,8 @@ func SetNewWorkflow(resp http.ResponseWriter, request *http.Request) {
if len(workflows) > 0 {
org.Tutorials[tutorialIndex].Done = true
//org.Tutorials[tutorialIndex].Link = "/search?tab=workflows"
org.Tutorials[tutorialIndex].Link = "/usecases"
//org.Tutorials[tutorialIndex].Link = "/usecases"
org.Tutorials[tutorialIndex].Link = "/welcome?tab=3"
}

updated = true
Expand Down Expand Up @@ -19526,6 +19534,7 @@ func GetWorkflowSuggestions(ctx context.Context, user User, org *Org, orgUpdated
usecasesAdded += 1
}


var usecases UsecaseLinks
err = json.Unmarshal([]byte(GetUsecaseData()), &usecases)
if err != nil {
Expand Down Expand Up @@ -19670,6 +19679,8 @@ func GetWorkflowSuggestions(ctx context.Context, user User, org *Org, orgUpdated
}
}

usecaseDescription += "&" + subusecase.Description

// Should find info about the usecase
// No description as this has custom rendering
org, innerUpdate = AddPriority(*org, Priority{
Expand Down Expand Up @@ -19700,6 +19711,45 @@ func GetWorkflowSuggestions(ctx context.Context, user User, org *Org, orgUpdated
}
}

log.Printf("[DEBUG] Inside workflow suggestions. Usecases: %d", usecasesAdded)
if usecasesAdded < 3 {
log.Printf("[DEBUG] Should check if workflows still are the same amount or not to change priorities")

// Check all existing priorities if they should still be closed, or reopened
for prioIndex, priority := range org.Priorities {
if priority.Type != "usecase" {
continue
}

// Check if the usecase is still in the workflow list
usecaseName := strings.ReplaceAll(priority.Name, "Suggested Usecase: ", "")

found := false
for _, workflow := range workflows {
//usecaseIds = append(usecaseIds, workflow.UsecaseIds...)
for _, usecase := range workflow.UsecaseIds {
if usecase == usecaseName {
found = true
break
}
}

if found {
break
}
}

if !found {
if usecasesAdded < 3 {
orgUpdated = true
org.Priorities[prioIndex].Active = true
} else {
break
}
}
}
}


//if usecasesAdded <= 3 {
// return GetWorkflowSuggestions(ctx, user, org, orgUpdated, amount+1)
Expand Down

0 comments on commit 8a24ea6

Please sign in to comment.