Tags: socfortress/CoPilot
Tags
Network connectors (#207) * Refactor customer network connector processing in routes.py * provision fortinet network connector things * Fix client ID comparison in delete_agent function * added network connectors api/types * added external services pages * add fortinet dashboards * Add Fortinet dashboard schema and provisioning logic * Add FortinetDashboard to provision_dashboards function * Create fortinet dashboards during provisioning * Refactor code to collect content pack ID by name in Graylog services * Refactor content pack input ID retrieval in Graylog services * decomission of network connector * Update Docker workflow to notify Discord after successful image build and push * Update Discord webhook version in Docker workflow * Update branch name in Docker workflow from network-connectors to main * Update Docker workflow messages for backend and frontend image updates * Refactor database name format in create_grafana_datasource function * crowdstrike content pack templates * crowdstrike integration markdown * Add Crowdstrike integration and authentication keys * crowdstrike provisioning things * provision and decom crowdstrike * falconhose * Update branch name in Docker workflow from network-connectors to main * Add directory creation for customer docker compose and falconhose cfg * Replace spaces with underscores in customer names * Replace spaces with underscores in customer names * Update Docker Compose volume path for CrowdStrike integration * update o365 dashboards * Update branch name in Docker workflow from network-connectors to main * Add get_customer_default_settings_attribute function to provision.py * build to fix grafana url in office365 * Update branch name in Docker workflow from network-connectors to main * lower customer code in office365 index creation and grafana datasource creation * add validator to customer code * add grafana orgid to provision request for insert to DB * Fix typo in create_office365_utc_rule function * updated dependencies * updated networkConnectors api * added services components * updated networkConnectors page * updated customer integration components * Update branch name in Docker workflow from network-connectors to main * updated networkConnectors api/types * added customer network connectors components * updated dependencies * added fortinet form * move sap siem to modules * Update branch name in Docker workflow from network-connectors to main * Update URLs in SAP SIEM integration to use copilot-sap-module instead of localhost * updated url check * chore: Update available content packs overview in Graylog provision route * chore: Refactor decommission network connector route and service * refactor: Update Elasticsearch index retrieval to include open indices only * chore: Update IndicesStats model with optional fields for docs_count and store_size * added decommissionNetworkConnector feature * chore: Refactor decommission network connector route and service * precommit fixes * chore: Update branch name in Docker workflow --------- Co-authored-by: Davide Di Modica <[email protected]>
Reporting (#179) * Update type hints for monitoring alert creation * Update index set and event stream titles and descriptions * Refactor Office365 provision functions * Update title and description formatting in build_index_set_config and build_event_stream_config * Update index and event stream configuration * Update index and event stream titles in SAP SIEM provision service * Add data links to Grafana datasource * Add dataLinks to GrafanaJsonData and create_grafana_datasource * updated dependencies * added reporting api/types * added Report Creation page * Add Grafana datasource URLs for data_vulnerability_cve and _id fields * updated Report Creation page * Add job functionality to scheduler * Fix timestamp_utc fallback in create_alert_details function * Add logging for agent details retrieval * default to `timestamp` if timefield is None * Update job time interval and add job metadata * licensing test and github action docker build * test reading auth secret * updated Report Creation page * license key checks * Refactor code to enable browser testing using Playwright * initial testing of reporting using playwright * Add async support for agent synchronization. Remove the background task and run every 15 minutes * Refactor sync_all_agents function to pass session parameter to sync_agents * Add GenerateReportRequest to create_report function * just use chromium browser * Add GenerateReportResponse class and update create_report function signature * migrage reporting to grafana connector * updated Report Creation page * license try catch * added print media query * updated connector form * updated report page * added playwrite test page * added report template * updated dependencies * updated report page * active response log analysis update * sap siem analysis 10 minute window * Update threshold and add time range parameter for SAP SIEM multiple logins analysis * Update index names in sap_siem_multiple_logins.py * same login failures multiple diff ips * same user failed diff geo location * Successful same user login from different locations * brute force failed logins * Refactor brute force failed logins route to handle multiple IPs * brute_force_failed_logins_same_ip * sap_siem_successful_login_after_failures * change index name * add sap siem to scheduler * sap siem correction for multiple IPs attempting to login with same user followed by a success. Added a correction to update the assets tab with the correct data * pdf generation * Update Jinja2 version to 3.1.2 * sort on the page number * remove reportlab * updated report page (added d&d) * updated report panels drag & drop * Update event stream configuration in graylog.py * Update dashboard enum names * Commented out Office365 related code * Update Office365Dashboard enum value for SUMMARY * Update index skipping logic in IndexConfigModel * Update IndexConfigModel.is_valid_index method to allow non-"wazuh_" index names and exclude "deflector" index. * Update Graylog schema for optional TLS and TCP keepalive * updated report panels drag & drop * updated report panels drag & drop * modify wazuh agent config * Refactor GenerateReportRequest schema in Grafana reporting module * remodel report generation to fit new request schema * use playwright for pdf generation * Update custom_attributes field description in SingleCaseModel * Add default value for custom_attributes in SingleCaseModel constructor * Update custom_attributes field in SingleCaseModel * test frontend auto build * Add dependency installation step to Docker workflow * Update dependencies in docker.yml and frontend/package-lock.json * Fix template value for CUSTOMER_CODE in provision_custom_alert * Fix incorrect client creation error message * Add InfluxDB alerts fetching functionality to verification check. the ping and version will return true even if API token is not valid * Update YouTube Tutorial link in README * Fix cover-box typo and adjust screenshot styling * Update Wazuh group configuration and replace placeholder with cluster name * Fix placeholder replacement in wazuh_manager.py * Add wazuh_worker_hostname field to default settings and schema * Add wazuhWorkerHostname field to ProvisioningDefaultSettingsPayload and CustomerProvisioningDefaultSettings * updated report panels drag & drop * updated report template * haproxy provisioning connector * Add Grafana data link for O365 datasource * Add feature enum and API endpoint to add a feature to a license * Add feature check for reporting * Update error message for disabled feature * office365 fix all office365 api keys now added to same office365 block * delete wazuh_config.xml * Add optional field for event definition configuration * Refactor Config class in graylog/schema/events.py * Add HAPROXY_PROVISIONING_URL to .env.example * Add ExpressionItem class to handle complex expressions in Conditions * Add SeriesItem model to Config class * Add logging for Graylog alert definition provisioned response * Add event_limit field to GraylogAlertProvisionConfig * Add event limit to provision functions * Commented out license check in create_report function * Add panel width and height to RequestPanel model * updated report api * Update generate_panel_urls to include a theme parameter * Add license-related API endpoints and models * Update edr av malware ioc dashboard template * Add ProvisionHaProxyRequest to customer_provisioning schema * Add EDR_NETWORK_CONNECTIONS dashboard * update grafana dashboard templates * Add wazuh_agent_status field to WazuhAgent model and Agents table * Update wazuh_agent_status default value * updated report editor * Add company name, timerange text, and logo to GenerateReportRequest * Add theme field to GrafanaGenerateIframeLinksRequest and RequestPanel models * Update report template and remove unnecessary files * Update headless option in browser launch * Add playwright dependencies installation step * Update Grafana login handling and launch browser in headless mode * Fix login issue in Grafana service * precommit fixes * RSA PUB KEY into build as env * Add RSA_PUBLIC_KEY to build-args in docker.yml * more precommit fixes * Add PRODUCT_ID environment variable * added report panel height settings * Update branch name in Docker workflow * Add HTTPException for feature not enabled * precommit fixes --------- Co-authored-by: Davide Di Modica <[email protected]>
Stack provisioning (#167) * Update provision_content_pack_route description * added stack provisioning api/types * Fix customer_meta retrieval and use dictionary key access for field values * added stack provisioning form * precommit fixes --------- Co-authored-by: Davide Di Modica <[email protected]>
Sapi siem integration (#149) * Fix integration name with spaces and add SAP SIEM integration and auth keys * Add SAP SIEM integration router * Refactor auth key extraction for Mimecast and SAP SIEM integrations * Refactor SAP SIEM route and collect SAP SIEM request * Refactor SAP SIEM integration code to support multiple API keys * Add SAP SIEM schema and services for collecting and checking suspicious logins * Add event_timestamp and case_created fields to Result model and SapSiemSource model * Update index name in find_suscpicious_logins function * Refactor fetch_and_validate_data function to accept keyword arguments * Add asset schema and update case with asset information * Remove temporary code for testing * Add customer_code field to SapSiemSource and SuspiciousLogin models * Add errDetails field to SapSiemSource and SuspiciousLogin models * Add SAP SIEM suspicious logins analysis route * Add scroll functionality for retrieving search results * Add event_analyzed flag to Elasticsearch document * Add SAP SIEM multiple logins analysis route * Convert loginID to lowercase before adding to ip_to_login_ids * Add event_analyzed_multiple_logins field to Result class * Add SapSiemMultipleLogins model and update sap_siem_multiple_logins_same_ip function * Refactor code to improve performance and readability * Add function to update event_analyzed_multiple_logins flag in Elasticsearch document * Add update_event_analyzed_multiple_logins_flag function call * Update customer code and handle exception in sap_siem_multiple_logins.py * docs * precommit fixes * Update SAP SIEM integration and scheduler*** * Add new columns to existing tables * Add optional extra_data parameter to update_job function * Add optional threshold parameter to run_sap_siem_suspicious_logins_analysis and run_sap_siem_multiple_logins_same_ip_analysis * Refactor invoke_sap_siem_integration_suspicious_logins_analysis() to use a default threshold value * Add scheduler jobs for SAP SIEM integration * Fix scroll clearing in SAP SIEM services * grafana sap siem user dashboard * Add SapSiemDashboard and provision_sap_siem function * Update SapSiemDashboard enum and provision function * Grafana dashboard change * Remove alert creation provisiong from connectors table * Update docker-compose.yml to version v0.0.3
PreviousNext