reports

2026-01-30 20:03:32 +01:00 · 2025-08-18 09:54:40 -04:00
parent 9b125fbe53
commit a3cc6f025e
10 changed files with 483 additions and 0 deletions
--- a/salt/sensoroni/files/templates/reports/custom/generic_report1.md
+++ b/salt/sensoroni/files/templates/reports/custom/generic_report1.md
@@ -0,0 +1,39 @@
+{{- /* query.myDocEvents.Oql = metadata.type: _doc | groupby event.module, event.dataset | sortby @timestamp desc */ -}}
+{{- /* query.myDocEvents.MetricLimit = 10 */ -}}
+{{- /* query.myDocEvents.EventLimit = 100 */ -}}
+
+SECURITY ONION SAMPLE REPORT
+============================
+
+{{ if .Error }}
+**NOTE: This report encountered a problem extracting the relevant data and may not be complete.**
+
+**Error:** {{.Error}}
+{{ end }}
+
+
+Records must have been created or updated during the following time frame in order to be reflected in this report.
+
+**Report Start Date:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .BeginDate}}
+
+**Report End Date:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .EndDate}}
+
+## Sample Doc Events
+
+**Total Events:** {{ formatNumber "%d" "en" .Results.myDocEvents.TotalEvents}}
+
+### Event Counts By Module and Dataset
+
+| Count | Proportion | Module | Dataset |
+| ----- | ---------- | ------ | ------- |
+{{ range sortMetrics "Value" "desc" .Results.myDocEvents.Metrics.groupby_0_event_module_event_dataset -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} | {{index .Keys 1}} |
+{{end}}
+
+### Individual Events (Limited to first {{.Results.myDocEvents.Criteria.EventLimit}})
+
+| Event Time | Module | Dataset | Category |
+| ---------- | ------ | ------- | -------- |
+{{ range .Results.myDocEvents.Events -}}
+| {{.Timestamp}} | {{.Payload.event_module}} | {{.Payload.event_dataset}} | {{.Payload.event_category}} |
+{{end}}
--- a/salt/sensoroni/files/templates/reports/standard/case_report.md
+++ b/salt/sensoroni/files/templates/reports/standard/case_report.md
@@ -0,0 +1,133 @@
+SECURITY ONION CASE REPORT
+==========================
+
+## Case Details
+
+**Case ID:** {{.Case.Id}}
+
+**Title:** {{.Case.Title}}
+
+## Description
+
+{{.Case.Description}}
+
+## Details
+
+**Created:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .Case.CreateTime}}
+
+**Updated:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .Case.UpdateTime}}
+
+**Author:** {{getUserDetail "email" .Case.UserId}}
+
+**Status:** {{.Case.Status}}
+
+**TLP:** {{.Case.Tlp}}
+
+**PAP:** {{.Case.Pap}}
+
+**Severity:** {{.Case.Severity}}
+
+**Priority:** {{.Case.Priority}}
+
+**Category:** {{.Case.Category}}
+
+**Tags:** {{join .Case.Tags ", " }}
+
+**Assignee:** {{getUserDetail "email" .Case.AssigneeId}}
+
+**Hours Logged:** {{ formatNumber "%.2f" "en" .TotalHours}}
+
+## Comments
+
+{{ range sortComments "CreateTime" "asc" .Comments }}
+**Created:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .CreateTime}}
+
+**Updated:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .UpdateTime}}
+
+**Author:** {{getUserDetail "email" .UserId}}
+
+**Hours Logged:** {{ formatNumber "%.2f" "en" .Hours}}
+
+{{.Description}}
+
+---
+
+{{end}}
+
+## Detections
+
+{{ range sortDetections "Title" "asc" .Detections }}
+**Title:** {{.Title}}
+
+**Description:** {{.Description}}
+
+**Severity:** {{.Severity}}
+
+**Rule Engine:** {{.Engine}}
+
+**Rule Set:** {{.Ruleset}}
+
+**Community Rule:** {{.IsCommunity}}
+
+**Tags:** {{.Tags}}
+
+{{.Content}}
+
+---
+
+{{end}}
+
+## Attachments
+
+{{ range sortArtifacts "CreateTime" "asc" .Attachments }}
+**Added:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .CreateTime}}
+
+**Updated:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .UpdateTime}}
+
+**Added By:** {{getUserDetail "email" .UserId}}
+
+**TLP:** {{.Tlp}}
+
+**Filename:** {{.Value}}
+
+**Size:** {{ formatNumber "%.0d" "en" .StreamLen}} bytes
+
+**SHA256:** {{.Sha256}}
+
+**SHA1:** {{.Sha1}}
+
+**MD5:** {{.Md5}}
+
+**Tags:** {{.Tags}}
+
+**Protected (Zipped):** {{.Protected}}
+
+{{.Description}}
+
+---
+
+{{end}}
+
+## Observables
+
+| Date Added | Tlp | Type | IOC | Value | Description |
+| ---------- | --- | ---- | --- | ----- | ----------- |
+{{ range sortArtifacts "CreateTime" "asc" .Observables -}}
+| {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .CreateTime}} | {{.Tlp}} | {{.ArtifactType}} | {{.Ioc}} | {{.Value}} | {{.Description}} |
+{{end}}
+
+## Related Events
+
+| Event Time | Log ID | Source IP | Destination IP |
+| ---------- | ------ | --------- | -------------- |
+{{ range sortRelatedEvents "fields:soc_timestamp" "asc" .RelatedEvents -}}
+| {{.Fields.soc_timestamp}} | {{.Fields.log_id_uid}} | {{.Fields.source_ip}} | {{.Fields.destination_ip}} |
+{{end}}
+
+## Case History
+
+| Date | User | Object | Operation |
+| ---- | ---- | ------ | --------- |
+{{ range sortHistory "CreateTime" "asc" .History -}}
+| {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .CreateTime}} | {{getUserDetail "email" .UserId}} | {{.Kind}} | {{.Operation}} |
+{{end}}
--- a/salt/sensoroni/files/templates/reports/standard/productivity_report.md
+++ b/salt/sensoroni/files/templates/reports/standard/productivity_report.md
@@ -0,0 +1,189 @@
+SECURITY ONION PRODUCTIVITY REPORT
+==================================
+
+{{ if .Error }}
+**NOTE: This report encountered a problem extracting the relevant data and may not be complete.**
+
+**Error:** {{.Error}}
+{{ end }}
+
+
+Records must have been created or updated during the following time frame in order to be reflected in this report.
+
+**Report Start Date:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .BeginDate}}
+
+**Report End Date:** {{formatDateTime "Mon Jan 02 15:04:05 -0700 2006" .EndDate}}
+
+## Ingested Events
+
+**Total Events:** {{ formatNumber "%d" "en" .TotalEvents}}
+
+### Events By Module
+
+| Count | Proportion | Module |
+| ----- | ---------- | ------ |
+{{ range sortMetrics "Value" "desc" .TotalEventsByModule -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Events By Module and Severity Label
+
+| Count | Proportion | Module | Severity |
+| ----- | ---------- | ------ | -------- |
+{{ range sortMetrics "Value" "desc" .TotalEventsByModuleDataset -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} | {{index .Keys 1}} |
+{{end}}
+
+## Alerts
+
+**Total Alerts:** {{ formatNumber "%d" "en" .TotalAlerts}}
+
+{{ range sortMetrics "Value" "desc" .TotalAlertsByAcknowledged -}}
+  {{ if index .Keys 0 | eq "true" }}
+**Acknowledged Alerts:** {{ formatNumber "%.0f" "en" .Value}} ({{ formatNumber "%.1f" "en" .Percentage}}%)
+  {{ end }}
+{{end}}
+
+{{ range sortMetrics "Value" "desc" .TotalAlertsByEscalated -}}
+  {{ if index .Keys 0 | eq "true" }}
+**Escalated Alerts:** {{ formatNumber "%.0f" "en" .Value}} ({{ formatNumber "%.1f" "en" .Percentage}}%)
+  {{ end }}
+{{end}}
+
+### Alerts By Severity
+
+| Count | Proportion | Severity |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalAlertsBySeverityLabel -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Alerts By Module
+
+| Count | Proportion | Module |
+| ----- | ---------- | ------ |
+{{ range sortMetrics "Value" "desc" .TotalAlertsByModule -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Alerts By Module and Severity Label
+
+| Count | Proportion | Module | Severity |
+| ----- | ---------- | ------ | -------- |
+{{ range sortMetrics "Value" "desc" .TotalAlertsByModuleSeverityLabel -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} | {{index .Keys 1}} |
+{{end}}
+
+### Alerts By Ruleset
+
+| Count | Proportion | Ruleset |
+| ----- | ---------- | ------- |
+{{ range sortMetrics "Value" "desc" .TotalAlertsByRuleset -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Alerts By Rule Category
+
+| Count | Proportion | Category |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalAlertsByCategory -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+## Cases
+
+**Total Cases:** {{ formatNumber "%d" "en" .TotalCases}}
+
+**Average Elapsed Time To Complete:** {{ formatNumber "%.1f" "en" .AverageHoursToComplete }} hours
+
+### Cases By Status
+
+| Count | Proportion | Status |
+| ----- | ---------- | ------ |
+{{ range sortMetrics "Value" "desc" .TotalCasesByStatus -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Assignee
+
+| Count | Proportion | Assignee |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByAssignee -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0 | getUserDetail "email"}} |
+{{end}}
+
+### Cases By Status and Assignee
+
+| Count | Proportion | Status | Assignee |
+| ----- | ---------- | ------ | -------- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByStatusAssignee -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} | {{index .Keys 1 | getUserDetail "email"}} |
+{{end}}
+
+### Cases By Severity
+
+| Count | Proportion | Severity |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalCasesBySeverity -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Priority
+
+| Count | Proportion | Priority |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByPriority -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Traffic Light Protocol (TLP)
+
+| Count | Proportion | TLP |
+| ----- | ---------- | ----|
+{{ range sortMetrics "Value" "desc" .TotalCasesByTlp -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Permissible Actions Protocol (PAP)
+
+| Count | Proportion | PAP |
+| ----- | ---------- | --- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByPap -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Category
+
+| Count | Proportion | Category |
+| ----- | ---------- | -------- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByCategory -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Cases By Tags
+
+| Count | Proportion | Tags |
+| ----- | ---------- | ---- |
+{{ range sortMetrics "Value" "desc" .TotalCasesByTags -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0}} |
+{{end}}
+
+### Comments By User
+
+| Count | Proportion | User |
+| ----- | ---------- | ---- |
+{{ range sortMetrics "Value" "desc" .TotalCommentsByUserId -}}
+| {{ formatNumber "%.0f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0 | getUserDetail "email"}} |
+{{end}}
+
+## Time Tracking
+
+**Total Hours:** {{ formatNumber "%.2f" "en" .TotalHours}}
+
+### Hours By User
+
+| Hours | Proportion | User |
+| ----- | ---------- | ---- |
+{{ range sortMetrics "Value" "desc" .TotalHoursByUserId -}}
+| {{ formatNumber "%.2f" "en" .Value}} | {{ formatNumber "%.1f" "en" .Percentage}}% | {{index .Keys 0 | getUserDetail "email"}} |
+{{end}}