eclecticiq · sangeetha-sacumen · Feb 6, 2023 · Feb 9, 2023 · Feb 28, 2023 · Feb 28, 2023
diff --git a/Eclecticiq-ic-app/app.manifest b/Eclecticiq-ic-app/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "Eclecticiq-ic-app",
-      "version": "1.0.0"
+      "version": "1.1.0"
     },
     "author": [
       {

diff --git a/Eclecticiq-ic-app/appserver/static/eiq_create_sighting_icon.png b/Eclecticiq-ic-app/appserver/static/eiq_create_sighting_icon.png
diff --git a/Eclecticiq-ic-app/appserver/static/lookup_observables.js b/Eclecticiq-ic-app/appserver/static/lookup_observables.js
@@ -0,0 +1,174 @@
+"use strict";
+
+const appName = "TA-eclecticiq";
+const appNamespace = {
+    owner: "nobody",
+    app: appName,
+    sharing: "app",
+};
+const pwRealm = "TA-eclecticiq_realm";
+
+
+// Splunk Web Framework Provided files
+require([
+    "underscore", "jquery", "splunkjs/splunk", "splunkjs/mvc",
+], function (_, $, splunk_js_sdk, mvc) {
+    console.log("start")
+    console.log("lookup_observables.js require(...) called");
+    tokens = mvc.Components.get("default");
+    var value = tokens.get("q")
+    var index = tokens.get("index")
+    var host = tokens.get("host")
+    var source = tokens.get("source")
+    var sourcetype = tokens.get("sourcetype")
+    var event_time = tokens.get("event_time")
+    var field_name = tokens.get("field_name")
+    $("#msg").css('color', 'blue');
+    $("#loading").text("Loading...")
+    console.log("initializing service")
+    var http = new splunk_js_sdk.SplunkWebHttp();
+    console.log("http initialized")
+    var service = new splunkjs.Service(
+        http,
+        appNamespace,
+    );
+    console.log("service initialized! getting storage passwords")
+
+    data = {}
+    data['value'] = value
+
+    completeSetup(data)
+    sighting_url = "create_sighting_dashboard?q=" + value
+    sighting_url = sighting_url + "&index=" + index + "&"
+    sighting_url = sighting_url + "&host=" + host + "&"
+    sighting_url = sighting_url + "&source=" + source + "&"
+    sighting_url = sighting_url + "&sourcetype=" + sourcetype + "&"
+    sighting_url = sighting_url + "&event_time=" + event_time + "&"
+    sighting_url = sighting_url + "&field_name=" + field_name
+
+    $("#create_sighting").click(function () { window.location.replace(sighting_url); });
+
+    async function makeRequest(url, data) {
+        return new Promise((resolve, reject) => {
+            const service = mvc.createService();
+            service.post(url, data, (err, resp) => {
+                if (err) {
+                    reject(err);
+                } else {
+                    resolve(resp);
+                }
+            })
+        })
+    }
+
+
+    // function for "Lookup observables"
+    async function completeSetup(data) {
+        console.log("lookup_observables.js completeSetup called");
+
+        try {
+            response = makeRequest('/services/lookup_observables', data);
+
+            await response;
+        } catch (e) {
+            console.log(e)
+
+        }
+
+        console.log("lookup_observables endpoint called.");
+
+
+    }
+    response.then(function (result) {
+        console.log("Response Received.")
+        $("#loading").text("")
+        console.log(result['data'][0])
+        if (result.data.length > 1) {
+            $("#mytable").append(createTable(result['data'][0]))
+        }
+        else {
+            $("#msg").css('color', 'black');
+            $("#loading").text("No data found!")
+        }
+    }
+    ).catch(function (error) {
+        // log and rethrow 
+        console.log(error);
+        $("#msg").css('color', 'red');
+        $("#loading").text(error["data"]);
+        stop();
+    });;
+
+    function createTable(data) {
+
+        var table_header = `<table class="table table-striped tableChart chart1Top"  style="width: 100%; color: black;  border: 1px solid #dddddd;
+                            height: 30px;" id="chart1">
+                                <thead>
+                                    <tr role="row" style="background-color: #42b598 !important;">
+                                        <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+                                            Title</th>
+                                        <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+                                            Description</th>
+                                             <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+
+                                             Source Name</th>
+                                             <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+
+                                            Tags</th>
+                                             <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+
+                                             Threat Start</th>
+                                             <th class="sorting_asc" tabindex="0" scope="col"
+                                            rowspan="1" colspan="1" aria-sort="ascending"
+                                             style="width: 700px; background-color: #42b598 !important;">
+
+
+                                            Observables</th>
+                                    </tr>
+                                </thead> <tbody>`
+
+        var tbody = ""
+        for (item in data) {
+            if (item < data.length - 1) {
+                var str_htm = "<tr>"
+                str_htm = str_htm + "<td>" + data[item]["title"] + "</td>"
+                str_htm = str_htm + "<td>" + data[item]["description"] + "</td>"
+                str_htm = str_htm + "<td>" + data[item]["source_name"] + "</td>"
+                str_htm = str_htm + "<td>" + data[item]["tags"] + "</td>"
+                str_htm = str_htm + "<td>" + data[item]["threat_start_time"] + "</td>"
+                start = "<td><table  class=\"table table-striped tableChart chart1Top\"  style=\"width: 100%; color: black;  border: 1px solid #dddddd;height: 30px;\" id=\"chart\"><thead><th role=\"row\" style=\"background-color: #42b598;\">Kind</th><th role=\"row\" style=\"background-color: #42b598;\">Value</th><th role=\"row\" style=\"background-color: #42b598;\">Maliciousness</th></thead><tbody>"
+
+                for (var item1 in data[item]['observables']) {
+                    if (item1 < data[item]['observables'].length) {
+                        start = start + "<tr><td>" + data[item]['observables'][item1]["type"] + "</td>" + "<td>" + data[item]['observables'][item1]["value"] + "</td>" + "<td>" + data[item]['observables'][item1]["classification"] + "</td></tr>"
+                    }
+                }
+
+                start = start + "</tbody></table></td>"
+                str_htm = str_htm + start
+                tbody = tbody + str_htm + "</tr>"
+
+            }
+
+        }
+        tbody = tbody + "</tbody>"
+        table_header = table_header + tbody + "</table>"
+        return table_header
+    }
+
+
+});
+
+
+
+
diff --git a/Eclecticiq-ic-app/appserver/static/setup_page.css b/Eclecticiq-ic-app/appserver/static/setup_page.css
@@ -0,0 +1,41 @@
+#main_container {
+    padding: 2px;
+    margin-left: 1%;
+}
+.span{
+    font-weight: bold;
+}
+#setup_button {
+    border-radius: 8%;
+    margin-top: 15px;
+}
+
+.success {
+    margin-top: 15px;
+    color: green;
+    display: none;
+}
+
+.error {
+    margin-top: 15px;
+    color: darkred;
+    display: none;
+}
+
+#error_details {
+    margin-top: 15px;
+    display: none;
+}
+#msg {
+    color:darkblue;
+}
+button {
+    background-color: #4CAF50; /* Green */
+    border: none;
+    color: white;
+    padding: 10px 20px;
+    text-align: center;
+    text-decoration: none;
+    display: inline-block;
+    font-size: 15px;
+  }
diff --git a/Eclecticiq-ic-app/appserver/static/setup_page.js b/Eclecticiq-ic-app/appserver/static/setup_page.js
@@ -0,0 +1,144 @@
+"use strict";
+
+const appName = "TA-eclecticiq";
+const appNamespace = {
+    owner: "nobody",
+    app: appName,
+    sharing: "app",
+};
+const pwRealm = "TA-eclecticiq_realm";
+
+// Splunk Web Framework Provided files
+require([
+    "jquery", "splunkjs/splunk", "splunkjs/mvc"
+], function ($, splunkjs, mvc) {
+    console.log("setup_page.js require(...) called");
+    $("#setup_button").prop('disabled', false);
+    tokens = mvc.Components.get("default");
+    var value = tokens.get("q")
+    var index = tokens.get("index")
+    var host = tokens.get("host")
+    var source = tokens.get("source")
+    var sourcetype = tokens.get("sourcetype")
+    var time = tokens.get("event_time")
+    var field = tokens.get("field_name")
+    var event_hash = tokens.get("raw") 
+    var http = new splunkjs.SplunkWebHttp();
+
+    // console.log("sessionkey = "+splunkjs.Context)
+
+    var service = new splunkjs.Service(
+        http,
+        appNamespace,
+    );
+
+    $("#sighting_value").val(value)
+    console.log("Sighting of : " + String(value))
+    $("#sighting_title").val("Sighting of : " + String(value))
+
+    // Register .on( "click", handler ) for "Complete Setup" button
+    $("#setup_button").click(completeSetup);
+
+    async function makeRequest(url, data) {
+        return new Promise((resolve, reject) => {
+            const service = mvc.createService();
+            service.post(url, data, (err, resp) => {
+                if (err) {
+                    reject(err);
+                } else {
+                    resolve(resp);
+                }
+            })
+        })
+    }
+
+    // onclick function for "Complete Setup" button from setup_page_dashboard.xml
+async function completeSetup() {
+    console.log("setup_page.js completeSetup called");
+    $("#msg").text("")
+    $("#setup_button").prop('disabled', true);
+    $("#loading").text("Loading...")
+
+    // Value of password_input from setup_page_dashboard.xml
+    const sighting_value = $('#sighting_value').val();
+    const sighting_desc = $('#sighting_desc').val();
+    const sighting_title = $('#sighting_title').val();
+    const sighting_tags = $('#sighting_tags').val();
+    // taking value from the drop down
+    var sighting_type_obj = document.getElementById("sighting_type");
+    var sighting_type = sighting_type_obj.options[sighting_type_obj.selectedIndex].text;
+
+    var confidence_level_obj = document.getElementById("confidence_level");
+    var confidence_level = confidence_level_obj.options[confidence_level_obj.selectedIndex].text;
+    if(sighting_value == ""){
+        $("#loading").text("")
+        $("#msg").css('color', 'red');
+        $("#msg").text("Sighting Value field is required!")
+        $("#setup_button").prop('disabled', false);
+        return
+    }
+    if(sighting_desc == ""){
+        $("#loading").text("")
+        $("#msg").css('color', 'red');
+        $("#msg").text("Sighting Description field is required!")
+        $("#setup_button").prop('disabled', false);
+        return
+    }
+    if(sighting_title == ""){
+        $("#loading").text("")
+        $("#msg").css('color', 'red');
+        $("#msg").text("Sighting Title field is required!")
+        $("#setup_button").prop('disabled', false);
+        return
+    }
+    if(sighting_tags == ""){
+        $("#loading").text("")
+        $("#msg").css('color', 'red');
+        $("#msg").text("Sighting Tags field is required!")
+        $("#setup_button").prop('disabled', false);
+        return
+    }
+    const data = {}
+    data["sighting_value"]=sighting_value
+    data["sighting_desc"]=sighting_desc
+    data["sighting_title"]=sighting_title
+    data["sighting_tags"]=sighting_tags
+    data['confidence_level']=confidence_level
+    data['sighting_type']=sighting_type
+
+    data["src"] = ""
+    data["dest"] = ""
+    data["event_hash"] = ""
+    data["feed_id_eiq"] = ""
+    data["meta_entity_url_eiq"] = ""
+
+    console.log(data)
+
+    if(index!=undefined){data["index"] = index}else{data["index"]=""}
+    if(host!=undefined){data["host"] = host}else{data["host"]=""}
+    if(source!=undefined){data["source"] = source}else{data["source"]=""}
+    if(sourcetype!=undefined){data["sourcetype"] = sourcetype}else{data["sourcetype"]=""}
+    if(time!=undefined){data["time"] = time}else{data["time"]=""}
+    if(field!=undefined){data["field"] = field}else{data["field"]=""}
+    if(event_hash!=undefined){data["_raw"] = event_hash}else{data["_raw"]=""}
+
+
+    try
+    { 
+        let response = await makeRequest('/services/create_sighting', data);
+        $("#loading").text("")
+        $("#msg").css('color', 'blue');
+        $("#msg").text(response["data"])
+        $("#setup_button").prop('disabled', false);
+        }catch(e){
+                $("#loading").text("")
+                console.log(e)
+                $("#msg").css('color', 'red');
+                $("#msg").text(e["data"])
+                $("#setup_button").prop('disabled', false);
+                stop();
+        }
+    }
+})
+
+