Add global settings (#40)

2025-12-12 18:22:49 +01:00 · 2022-03-13 13:45:10 +01:00
parent 86daadc73d
commit 18a4dc54e7
30 changed files with 1297 additions and 255 deletions
--- a/definition/artifacts.yaml
+++ b/definition/artifacts.yaml
@@ -10,6 +10,7 @@ definitions:
    properties:
      name: { type: string, example: "2.2.2.2" }
      type: { type: string }
+      kind: { type: string }
      status: { type: string, example: "Unknown" }
      enrichments: { type: object, additionalProperties: { $ref: "#/definitions/Enrichment" } }

--- a/definition/settings.yaml
+++ b/definition/settings.yaml
@@ -10,7 +10,7 @@ paths:
      responses:
        "200":
          description: "successful operation"
-          schema: { $ref: "#/definitions/Settings" }
+          schema: { $ref: "#/definitions/SettingsResponse" }
          examples:
            test:
              version: "0.0.0-test"
@@ -21,31 +21,81 @@ paths:
                - { icon: "mdi-radioactive", id: "incident", name: "Incidents", default_template: "default", default_playbooks: [ ] }
                - { icon: "mdi-fingerprint", id: "investigation", name: "Forensic Investigations", default_template: "default", default_playbooks: [ ] }
                - { icon: "mdi-target", id: "hunt", name: "Threat Hunting", default_template: "default", default_playbooks: [ ] }
+              artifactKinds:
+                - { icon: "mdi-server", id: "asset", name: "Asset" }
+                - { icon: "mdi-bullseye", id: "ioc", name: "IOC" }
              artifactStates:
                - { icon: "mdi-help-circle-outline", id: "unknown", name: "Unknown", color: "info" }
                - { icon: "mdi-skull", id: "malicious", name: "Malicious", color: "error" }
                - { icon: "mdi-check", id: "clean", name: "Clean", color: "success" }
              roles: [
-                  "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write",
-                  "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read",
-                  "admin:userdata:write", "analyst:automation:read",
-                  "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read",
-                  "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read",
-                  "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write",
-                  "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write",
-                  "engineer:playbook:write", "engineer:rule:write", "engineer:template:write",
-                  "engineer:tickettype:write" ]
+                "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write",
+                "admin:log:read", "admin:settings:write", "admin:ticket:delete", "admin:user:write", "admin:userdata:read",
+                "admin:userdata:write", "analyst:automation:read",
+                "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read",
+                "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read",
+                "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write",
+                "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write",
+                "engineer:playbook:write", "engineer:rule:write", "engineer:template:write",
+                "engineer:tickettype:write" ]
      security: [ { roles: [ "settings:read" ] } ]
+    post:
+      tags: [ "settings" ]
+      summary: "Save settings"
+      operationId: "saveSettings"
+      parameters:
+        - { name: "settings", in: "body", description: "Save settings", required: true, schema: { $ref: "#/definitions/Settings" }, x-example: { timeformat: "YYYY-MM-DDThh:mm:ss", artifactKinds: [ { icon: "mdi-server", id: "asset", name: "Asset" }, { icon: "mdi-bullseye", id: "ioc", name: "IOC" } ], artifactStates: [ { icon: "mdi-help-circle-outline", id: "unknown", name: "Unknown", color: "info" },{ icon: "mdi-skull", id: "malicious", name: "Malicious", color: "error" },{ icon: "mdi-check", id: "clean", name: "Clean", color: "success" } ] } }
+      responses:
+        "200":
+          description: "successful operation"
+          schema: { $ref: "#/definitions/SettingsResponse" }
+          examples:
+            test:
+              version: "0.0.0-test"
+              tier: community
+              timeformat: "YYYY-MM-DDThh:mm:ss"
+              ticketTypes:
+                - { icon: "mdi-alert", id: "alert", name: "Alerts", default_template: "default", default_playbooks: [ ] }
+                - { icon: "mdi-radioactive", id: "incident", name: "Incidents", default_template: "default", default_playbooks: [ ] }
+                - { icon: "mdi-fingerprint", id: "investigation", name: "Forensic Investigations", default_template: "default", default_playbooks: [ ] }
+                - { icon: "mdi-target", id: "hunt", name: "Threat Hunting", default_template: "default", default_playbooks: [ ] }
+              artifactKinds:
+                - { icon: "mdi-server", id: "asset", name: "Asset" }
+                - { icon: "mdi-bullseye", id: "ioc", name: "IOC" }
+              artifactStates:
+                - { icon: "mdi-help-circle-outline", id: "unknown", name: "Unknown", color: "info" }
+                - { icon: "mdi-skull", id: "malicious", name: "Malicious", color: "error" }
+                - { icon: "mdi-check", id: "clean", name: "Clean", color: "success" }
+              roles: [
+                "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write",
+                "admin:log:read", "admin:settings:write", "admin:ticket:delete", "admin:user:write", "admin:userdata:read",
+                "admin:userdata:write", "analyst:automation:read",
+                "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read",
+                "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read",
+                "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write",
+                "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write",
+                "engineer:playbook:write", "engineer:rule:write", "engineer:template:write",
+                "engineer:tickettype:write" ]
+      security: [ { roles: [ "settings:write" ] } ]

 definitions:
  Settings:
    type: object
-    required: [ version, tier, timeformat, ticketTypes, artifactStates ]
+    required: [ timeformat, artifactKinds, artifactStates ]
+    properties:
+      timeformat: { title: "Time Format", type: string }
+      artifactKinds: { title: "Artifact Kinds", type: array, items: { $ref: "#/definitions/Type" } }
+      artifactStates: { title: "Artifact States", type: array, items: { $ref: "#/definitions/Type" } }
+
+  SettingsResponse:
+    type: object
+    required: [ version, tier, timeformat, ticketTypes, artifactKinds, artifactStates ]
    properties:
      version: { title: "Version", type: string }
      tier: { title: "Tier", type: string, enum: [ "community", "enterprise" ] }
      timeformat: { title: "Time Format", type: string }
      ticketTypes: { title: "Ticket Types", type: array, items: { $ref: "#/definitions/TicketTypeResponse" } }
+      artifactKinds: { title: "Artifact Kinds", type: array, items: { $ref: "#/definitions/Type" } }
      artifactStates: { title: "Artifact States", type: array, items: { $ref: "#/definitions/Type" } }
      roles: { title: "Roles", type: array, items: { type: string } }

--- a/definition/users.yaml
+++ b/definition/users.yaml
@@ -12,7 +12,7 @@ paths:
          description: "successful operation"
          schema: { $ref: "#/definitions/UserResponse" }
          examples:
-            test: { id: bob, roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], blocked: false, apikey: false }
+            test: { id: bob, roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:settings:write", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], blocked: false, apikey: false }
      security: [ { roles: [ "currentuser:read" ] } ]

  /users:
@@ -26,7 +26,7 @@ paths:
          schema: { type: array, items: { $ref: "#/definitions/UserResponse" } }
          examples:
            test:
-              - { id: bob, blocked: false, roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], apikey: false }
+              - { id: bob, blocked: false, roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:settings:write", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], apikey: false }
              - { id: script, roles: [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], blocked: false, apikey: true }
      security: [ { roles: [ "user:read" ] } ]
    post:
@@ -70,7 +70,7 @@ paths:
          examples:
            test:
              id: bob
-              roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ]
+              roles: [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:settings:write", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ]
              apikey: false
              blocked: false
      security: [ { roles: [ "user:write" ] } ]