You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by js...@apache.org on 2017/10/26 08:05:06 UTC
[1/3] metron git commit: METRON-1224 Add time range selection to
search control (iraghumitra via james-sirota) closes apache/metron#796
Repository: metron
Updated Branches:
refs/heads/master 128d4e7a8 -> 5243366c4
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/model/date-filter-value.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/model/date-filter-value.ts b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts
new file mode 100644
index 0000000..1318ce2
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export class DateFilterValue {
+ fromDate: number;
+ toDate: number;
+
+
+ constructor(fromDate = 0, toDate = 0) {
+ this.fromDate = fromDate;
+ this.toDate = toDate;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/model/filter.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts
index 24c54d8..441add4 100644
--- a/metron-interface/metron-alerts/src/app/model/filter.ts
+++ b/metron-interface/metron-alerts/src/app/model/filter.ts
@@ -15,12 +15,44 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+import {ElasticsearchUtils} from '../utils/elasticsearch-utils';
+import {TIMESTAMP_FIELD_NAME} from '../utils/constants';
+import {Utils} from '../utils/utils';
+import {DateFilterValue} from './date-filter-value';
+
export class Filter {
field: string;
value: string;
+ display: boolean;
+ dateFilterValue: DateFilterValue;
+
+ static fromJSON(objs: Filter[]): Filter[] {
+ let filters = [];
+ if (objs) {
+ for (let obj of objs) {
+ filters.push(new Filter(obj.field, obj.value, obj.display));
+ }
+ }
+ return filters;
+ }
- constructor(field: string, value: string) {
+ constructor(field: string, value: string, display = true) {
this.field = field;
this.value = value;
+ this.display = display;
+ }
+
+ getQueryString(): string {
+ if (this.field === TIMESTAMP_FIELD_NAME && !this.display) {
+ this.dateFilterValue = Utils.timeRangeToDateObj(this.value);
+ if (this.dateFilterValue !== null && this.dateFilterValue.toDate !== null) {
+ return ElasticsearchUtils.escapeESField(this.field) + ':' +
+ '(>=' + this.dateFilterValue.fromDate + ' AND ' + ' <=' + this.dateFilterValue.toDate + ')';
+ } else {
+ return ElasticsearchUtils.escapeESField(this.field) + ':' + this.value;
+ }
+ }
+
+ return ElasticsearchUtils.escapeESField(this.field) + ':' + ElasticsearchUtils.escapeESValue(this.value);
}
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/model/save-search.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/model/save-search.ts b/metron-interface/metron-alerts/src/app/model/save-search.ts
index b2ee765..173f60e 100644
--- a/metron-interface/metron-alerts/src/app/model/save-search.ts
+++ b/metron-interface/metron-alerts/src/app/model/save-search.ts
@@ -19,18 +19,21 @@
import {QueryBuilder} from '../alerts/alerts-list/query-builder';
import {ColumnMetadata} from './column-metadata';
import {SearchRequest} from './search-request';
+import {Filter} from './filter';
export class SaveSearch {
name = '';
lastAccessed = 0;
searchRequest: SearchRequest;
tableColumns: ColumnMetadata[];
+ filters: Filter[];
public static fromJSON(obj: SaveSearch): SaveSearch {
let saveSearch = new SaveSearch();
saveSearch.name = obj.name;
saveSearch.lastAccessed = obj.lastAccessed;
saveSearch.searchRequest = obj.searchRequest;
+ saveSearch.filters = Filter.fromJSON(obj.filters);
saveSearch.tableColumns = ColumnMetadata.fromJSON(obj.tableColumns);
return saveSearch;
@@ -43,6 +46,6 @@ export class SaveSearch {
let queryBuilder = new QueryBuilder();
queryBuilder.searchRequest = this.searchRequest;
- return queryBuilder.generateSelectForDisplay();
+ return queryBuilder.generateNameForSearchRequest();
}
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/service/search.service.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/service/search.service.ts b/metron-interface/metron-alerts/src/app/service/search.service.ts
index 71ed516..4bbcc2d 100644
--- a/metron-interface/metron-alerts/src/app/service/search.service.ts
+++ b/metron-interface/metron-alerts/src/app/service/search.service.ts
@@ -30,6 +30,7 @@ import {GroupRequest} from '../model/group-request';
import {GroupResult} from '../model/group-result';
import {INDEXES} from '../utils/constants';
import {ColumnMetadata} from '../model/column-metadata';
+import {QueryBuilder} from '../alerts/alerts-list/query-builder';
@Injectable()
export class SearchService {
@@ -83,11 +84,11 @@ export class SearchService {
.catch(HttpUtil.handleError);
}
- public pollSearch(searchRequest: SearchRequest): Observable<SearchResponse> {
+ public pollSearch(queryBuilder: QueryBuilder): Observable<SearchResponse> {
return this.ngZone.runOutsideAngular(() => {
return this.ngZone.run(() => {
return Observable.interval(this.interval * 1000).switchMap(() => {
- return this.search(searchRequest);
+ return this.search(queryBuilder.searchRequest);
});
});
});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html
new file mode 100644
index 0000000..475d7fc
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html
@@ -0,0 +1,17 @@
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+<div #inputText class="input-group">
+ <input class="form-control" [(ngModel)]="dateStr" (click)="toggleDatePicker($event)">
+ <span class="input-group-addon calendar"></span>
+</div>
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss
new file mode 100644
index 0000000..813b6a5
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@import "../../../variables";
+
+.calendar {
+ height: 35px;
+ background: #333333;
+ border: solid 1px #4D4D4D;
+ color: #999999;
+
+ &::after {
+ font-family: "FontAwesome";
+ content: '\f073';
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts
new file mode 100644
index 0000000..994ac02
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts
@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { DatePickerComponent } from './date-picker.component';
+
+describe('DatePickerComponent', () => {
+ let component: DatePickerComponent;
+ let fixture: ComponentFixture<DatePickerComponent>;
+
+ beforeEach(async(() => {
+ TestBed.configureTestingModule({
+ declarations: [ DatePickerComponent ]
+ })
+ .compileComponents();
+ }));
+
+ beforeEach(() => {
+ fixture = TestBed.createComponent(DatePickerComponent);
+ component = fixture.componentInstance;
+ fixture.detectChanges();
+ });
+
+ it('should be created', () => {
+ expect(component).toBeTruthy();
+ });
+});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts
new file mode 100644
index 0000000..3ed7df9
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts
@@ -0,0 +1,77 @@
+import { Component, OnInit, ViewChild, ElementRef, OnChanges, SimpleChanges, Input, Output, EventEmitter } from '@angular/core';
+import * as moment from 'moment/moment';
+import * as Pikaday from "pikaday-time";
+
+@Component({
+ selector: 'app-date-picker',
+ templateUrl: './date-picker.component.html',
+ styleUrls: ['./date-picker.component.scss']
+})
+export class DatePickerComponent implements OnInit, OnChanges {
+ defaultDateStr = 'now';
+ picker: Pikaday;
+ dateStr = this.defaultDateStr;
+
+ @Input() date = '';
+ @Input() minDate = '';
+ @Output() dateChange = new EventEmitter<string>();
+ @ViewChild('inputText') inputText: ElementRef;
+
+ constructor(private elementRef: ElementRef) {}
+
+ ngOnInit() {
+ let _datePickerComponent = this;
+ let pikadayConfig = {
+ field: this.elementRef.nativeElement,
+ showSeconds: true,
+ use24hour: true,
+ onSelect: function() {
+ _datePickerComponent.dateStr = this.getMoment().format('YYYY-MM-DD HH:mm:ss');
+ setTimeout(() => _datePickerComponent.dateChange.emit(_datePickerComponent.dateStr), 0);
+ }
+ };
+ this.picker = new Pikaday(pikadayConfig);
+ this.setDate();
+ }
+
+ ngOnChanges(changes: SimpleChanges) {
+ if (changes && changes['minDate'] && this.picker) {
+ this.setMinDate();
+ }
+
+ if (changes && changes['date'] && this.picker) {
+ this.setDate();
+ }
+ }
+
+ setDate() {
+ if (this.date === '') {
+ this.dateStr = this.defaultDateStr;
+ } else {
+ this.dateStr = this.date;
+ this.picker.setDate(this.dateStr);
+ }
+ }
+
+ setMinDate() {
+ let currentDate = new Date(this.dateStr).getTime();
+ let currentMinDate = new Date(this.minDate).getTime();
+ if (currentMinDate > currentDate) {
+ this.dateStr = this.defaultDateStr;
+ }
+ this.picker.setMinDate(new Date(this.minDate));
+ this.picker.setDate(moment(this.minDate).endOf('day').format('YYYY-MM-DD HH:mm:ss'));
+ }
+
+ toggleDatePicker($event) {
+ if (this.picker) {
+ if (this.picker.isVisible()) {
+ this.picker.hide();
+ } else {
+ this.picker.show();
+ }
+
+ $event.stopPropagation();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts
new file mode 100644
index 0000000..ded9881
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts
@@ -0,0 +1,15 @@
+import { NgModule } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import { FormsModule } from '@angular/forms';
+import {DatePickerComponent} from './date-picker.component';
+import {SharedModule} from '../shared.module';
+
+@NgModule({
+ imports: [
+ CommonModule,
+ FormsModule
+ ],
+ declarations: [DatePickerComponent],
+ exports: [DatePickerComponent]
+})
+export class DatePickerModule { }
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts
new file mode 100644
index 0000000..17cfef7
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts
@@ -0,0 +1,8 @@
+import { MapKeysPipe } from './map-keys.pipe';
+
+describe('MapKeysPipe', () => {
+ it('create an instance', () => {
+ const pipe = new MapKeysPipe();
+ expect(pipe).toBeTruthy();
+ });
+});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts
new file mode 100644
index 0000000..5bf8013
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts
@@ -0,0 +1,12 @@
+import { Pipe, PipeTransform } from '@angular/core';
+
+@Pipe({
+ name: 'mapKeys'
+})
+export class MapKeysPipe implements PipeTransform {
+
+ transform(value: any, args?: any): any {
+ return value ? Object.keys(value) : [];
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/shared.module.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/shared.module.ts b/metron-interface/metron-alerts/src/app/shared/shared.module.ts
index e26ec9b..41290a4 100644
--- a/metron-interface/metron-alerts/src/app/shared/shared.module.ts
+++ b/metron-interface/metron-alerts/src/app/shared/shared.module.ts
@@ -24,6 +24,7 @@ import { NavContentDirective } from './directives/nav-content.directive';
import { CenterEllipsesPipe } from './pipes/center-ellipses.pipe';
import { AlertSearchDirective } from './directives/alert-search.directive';
import { ColumnNameTranslatePipe } from './pipes/column-name-translate.pipe';
+import { MapKeysPipe } from './pipes/map-keys.pipe';
import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexagon.directive';
@NgModule({
@@ -37,6 +38,7 @@ import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexag
CenterEllipsesPipe,
AlertSearchDirective,
ColumnNameTranslatePipe,
+ MapKeysPipe,
AlertSeverityHexagonDirective
],
exports: [
@@ -48,6 +50,7 @@ import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexag
CenterEllipsesPipe,
AlertSearchDirective,
ColumnNameTranslatePipe,
+ MapKeysPipe,
AlertSeverityHexagonDirective
]
})
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html
new file mode 100644
index 0000000..b65528d
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html
@@ -0,0 +1,57 @@
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+<button class="btn btn-secondary btn-search" [disabled]="disabled" type="button" data-animation="false" data-toggle="collapse" data-target="#time-range" aria-expanded="false" aria-controls="time-range">
+ <span> {{selectedTimeRangeValue}} </span>
+ <br/> <span style="font-size: 8px;" *ngIf="selectedTimeRangeValue !== 'All time'"> {{fromDateStr}} to {{toDateStr}}</span>
+</button>
+
+<div #datePicker class="collapse" id="time-range">
+ <div class="card card-block">
+ <div class="container-fluid no-gutters h-100">
+ <div class="row h-100">
+ <div class="col-4 time-range">
+ <div class="title">Time Range</div> <br>
+ <form>
+ <div class="form-group">
+ <label>FROM</label>
+ <app-date-picker [(date)]="datePickerFromDate"> </app-date-picker>
+ </div>
+ <div class="form-group">
+ <label>TO</label>
+ <app-date-picker [(date)]="datePickerToDate"> </app-date-picker>
+ </div>
+ <button class="btn btn-primary pull-right" type="button" [disabled]='datePickerFromDate===""' (click)="applyCustomDate()">APPLY</button>
+ </form>
+ </div>
+ <div class="col-8 quick-ranges pr-0">
+ <div class="title"> Quick Ranges </div> <br>
+ <div class="row no-gutters">
+ <div class="col-3">
+ <span *ngFor="let key of timeRangeMappingCol1 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol1[key])"> {{ key }} </span> <br>
+ </div>
+ <div class="col-3">
+ <span *ngFor="let key of timeRangeMappingCol2 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol2[key])"> {{ key }} </span> <br>
+ </div>
+ <div class="col-3">
+ <span *ngFor="let key of timeRangeMappingCol3 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol3[key])"> {{ key }} </span> <br>
+ </div>
+ <div class="col-3">
+ <span *ngFor="let key of timeRangeMappingCol4 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol4[key])"> {{ key }} </span> <br>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+</div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss
new file mode 100644
index 0000000..7f5faf0
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@import "../../../variables";
+
+
+:host {
+ height: 100%;
+}
+
+.btn-search {
+ height: 100%;
+ color: $silver;
+ cursor: pointer;
+ line-height: 1;
+ padding: 2px 20px;
+ border-radius: 0px;
+ font-family: Roboto;
+ background: $mine-shaft-11;
+ border: 1px solid $tundora !important;
+
+ &:focus {
+ box-shadow: none;
+ }
+
+ &::after {
+ font-family: "FontAwesome";
+ content: '\f0d7';
+ padding-left: 5px;
+ color: $dusty-grey;
+ position: absolute;
+ top: 15px;
+ right: 5px;
+ }
+}
+
+.collapse, .collapsing {
+ position: absolute;
+ margin-top: 5px;
+ width: 930px;
+ height: 257px;
+ z-index: 99;
+ right: 0;
+
+ .card, .card-block {
+ height: inherit;
+ background: $mine-shaft-1;
+ border: 1px solid $mine-shaft-8;
+ }
+}
+
+.title {
+ font-size: 20px;
+}
+
+.time-range {
+ border-right: 1px solid $abbey;
+}
+
+.input-group {
+ position: relative;
+ width: 100%;
+
+ .form-control {
+ display: block;
+ flex-direction: initial;
+ justify-content: initial;
+ }
+}
+
+.quick-ranges {
+ span {
+ color: #1E87AF;
+ font-size: 14px;
+ line-height: 1.7;
+ cursor: pointer;
+ width: 100%;
+ display: block;
+ padding: 0px 5px;
+ font-family: Roboto;
+
+ &:hover {
+ background: #1F91BE;
+ color: #FDFEFE;
+ }
+ }
+}
+
+form {
+ margin-top: 5px;
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts
new file mode 100644
index 0000000..1e35979
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts
@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { TimeRangeComponent } from './time-range.component';
+
+describe('TimeRangeComponent', () => {
+ let component: TimeRangeComponent;
+ let fixture: ComponentFixture<TimeRangeComponent>;
+
+ beforeEach(async(() => {
+ TestBed.configureTestingModule({
+ declarations: [ TimeRangeComponent ]
+ })
+ .compileComponents();
+ }));
+
+ beforeEach(() => {
+ fixture = TestBed.createComponent(TimeRangeComponent);
+ component = fixture.componentInstance;
+ fixture.detectChanges();
+ });
+
+ it('should be created', () => {
+ expect(component).toBeTruthy();
+ });
+});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts
new file mode 100644
index 0000000..89f57a1
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts
@@ -0,0 +1,192 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit, ViewChild, ElementRef, HostListener, EventEmitter, Output, Input, OnChanges, SimpleChanges} from '@angular/core';
+import * as moment from 'moment/moment';
+
+import {Filter} from '../../model/filter';
+import {
+ DEFAULT_TIMESTAMP_FORMAT, CUSTOMM_DATE_RANGE_LABEL,
+ TIMESTAMP_FIELD_NAME, ALL_TIME
+} from '../../utils/constants';
+import {DateFilterValue} from '../../model/date-filter-value';
+
+@Component({
+ selector: 'app-time-range',
+ templateUrl: './time-range.component.html',
+ styleUrls: ['./time-range.component.scss']
+})
+export class TimeRangeComponent implements OnInit, OnChanges {
+ toDateStr = '';
+ fromDateStr = '';
+ datePickerFromDate = '';
+ datePickerToDate = '';
+ selectedTimeRangeValue = 'All time';
+
+ @Input() disabled = false;
+ @Input() selectedTimeRange: Filter;
+ @ViewChild('datePicker') datePicker: ElementRef;
+ @Output() timeRangeChange = new EventEmitter<Filter>();
+
+ timeRangeMappingCol1 = {
+ 'Last 7 days': 'last-7-days',
+ 'Last 30 days': 'last-30-days',
+ 'Last 60 days': 'last-60-days',
+ 'Last 90 days': 'last-90-days',
+ 'Last 6 months': 'last-6-months',
+ 'Last 1 year': 'last-1-year',
+ 'Last 2 years': 'last-2-years',
+ 'Last 5 years': 'last-5-years'
+ };
+ timeRangeMappingCol2 = {
+ 'Yesterday': 'yesterday',
+ 'Day before yesterday': 'day-before-yesterday',
+ 'This day last week': 'this-day-last-week',
+ 'Previous week': 'previous-week',
+ 'Previous month': 'previous-month',
+ 'Previous year': 'previous-year',
+ 'All time': ALL_TIME
+ };
+ timeRangeMappingCol3 = {
+ 'Today': 'today',
+ 'Today so far': 'today-so-far',
+ 'This week': 'this-week',
+ 'This week so far': 'this-week-so-far',
+ 'This month': 'this-month',
+ 'This year': 'this-year'
+ };
+ timeRangeMappingCol4 = {
+ 'Last 5 minutes': 'last-5-minutes',
+ 'Last 15 minutes': 'last-15-minutes',
+ 'Last 30 minutes': 'last-30-minutes',
+ 'Last 1 hour': 'last-1-hour',
+ 'Last 3 hours': 'last-3-hours',
+ 'Last 6 hours': 'last-6-hours',
+ 'Last 12 hours': 'last-12-hours',
+ 'Last 24 hours': 'last-24-hours'
+ };
+
+ constructor() { }
+
+ ngOnChanges(changes: SimpleChanges) {
+ if (changes && changes['selectedTimeRange']) {
+ this.onSelectedTimeRangeChange();
+ }
+ }
+
+ ngOnInit() {
+ }
+
+ onSelectedTimeRangeChange() {
+ let foundQuickRange = false;
+ let merged = Object.assign({}, this.timeRangeMappingCol1, this.timeRangeMappingCol2, this.timeRangeMappingCol3, this.timeRangeMappingCol4);
+ Object.keys(merged).forEach(key => {
+ if (this.selectedTimeRange.value === merged[key]) {
+ foundQuickRange = true;
+ this.selectedTimeRangeValue = key;
+ if (this.selectedTimeRange.dateFilterValue) {
+ this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT);
+ this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+ this.datePickerFromDate = '';
+ this.datePickerToDate = '';
+ }
+ }
+ });
+
+ if (!foundQuickRange) {
+ this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL;
+ this.toDateStr = this.selectedTimeRange.dateFilterValue.toDate !== null ?
+ moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT) :
+ 'now';
+ this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+ this.datePickerFromDate = this.fromDateStr;
+ this.datePickerToDate = this.selectedTimeRange.dateFilterValue.toDate !== null ? this.toDateStr : '';
+ }
+ }
+
+ getTimeRangeStr() {
+ let mappingVal = this.timeRangeMappingCol1[this.selectedTimeRangeValue];
+ if (!mappingVal) {
+ mappingVal = this.timeRangeMappingCol2[this.selectedTimeRangeValue];
+ }
+ if (!mappingVal) {
+ mappingVal = this.timeRangeMappingCol3[this.selectedTimeRangeValue];
+ }
+ if (!mappingVal) {
+ mappingVal = this.timeRangeMappingCol4[this.selectedTimeRangeValue];
+ }
+ return mappingVal;
+ }
+
+ selectTimeRange($event, range: string) {
+ this.hideDatePicker();
+ this.selectedTimeRangeValue = $event.target.textContent.trim();
+ this.datePickerFromDate = '';
+ this.datePickerToDate = '';
+ this.timeRangeChange.emit(new Filter(TIMESTAMP_FIELD_NAME, range, false));
+ }
+
+ hideDatePicker() {
+ this.datePicker.nativeElement.classList.remove('show');
+ }
+
+ applyCustomDate() {
+ this.hideDatePicker();
+ this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL;
+ this.toDateStr = this.datePickerToDate.length > 0 ? moment(this.datePickerToDate).format(DEFAULT_TIMESTAMP_FORMAT) : 'NOW';
+ this.fromDateStr = moment(this.datePickerFromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+ let toDate = this.datePickerToDate.length > 0 ? new Date(this.toDateStr).getTime() : null;
+ let fromDate = new Date(this.fromDateStr).getTime();
+ let toDateExpression = this.datePickerToDate.length > 0 ? (' AND ' + ' <=' + toDate) : '';
+
+ let value = '(>=' + fromDate + toDateExpression + ')';
+ let filter = new Filter(TIMESTAMP_FIELD_NAME, value, false);
+ filter.dateFilterValue = new DateFilterValue(fromDate, toDate);
+ this.timeRangeChange.emit(filter);
+ }
+
+ isPikaSelectElement(targetElement: HTMLElement): boolean {
+ while(targetElement) {
+ if (targetElement.classList.toString().startsWith('pika')){
+ return true;
+ }
+ targetElement = targetElement.parentElement;
+ }
+
+ return false;
+ }
+
+ @HostListener('document:click', ['$event', '$event.target'])
+ onClick(event: MouseEvent, targetElement: HTMLElement): void {
+ if (!targetElement) {
+ return;
+ }
+
+ if(this.isPikaSelectElement(targetElement)) {
+ return;
+ }
+
+ const clickedInside = this.datePicker.nativeElement.contains(targetElement);
+ if (!clickedInside) {
+ this.hideDatePicker();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts
new file mode 100644
index 0000000..412ea39
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts
@@ -0,0 +1,16 @@
+import { NgModule } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import {TimeRangeComponent} from './time-range.component';
+import {DatePickerModule} from '../date-picker/date-picker.module';
+import {SharedModule} from '../shared.module';
+
+@NgModule({
+ imports: [
+ CommonModule,
+ SharedModule,
+ DatePickerModule
+ ],
+ declarations: [TimeRangeComponent],
+ exports: [TimeRangeComponent]
+})
+export class TimeRangeModule { }
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/utils/constants.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/utils/constants.ts b/metron-interface/metron-alerts/src/app/utils/constants.ts
index b71f89e..156c65f 100644
--- a/metron-interface/metron-alerts/src/app/utils/constants.ts
+++ b/metron-interface/metron-alerts/src/app/utils/constants.ts
@@ -24,8 +24,14 @@ export const ALERTS_SAVED_SEARCH = 'metron-alerts-saved-search';
export const ALERTS_TABLE_METADATA = 'metron-alerts-table-metadata';
export const ALERTS_COLUMN_NAMES = 'metron-alerts-column-names';
+export let THREAT_SCORE_FIELD_NAME = 'threat:triage:score';
+export let TIMESTAMP_FIELD_NAME = 'timestamp';
+export let ALL_TIME = 'all-time';
+
+export let DEFAULT_TIMESTAMP_FORMAT = 'YYYY-MM-DD HH:mm:ss';
+export let CUSTOMM_DATE_RANGE_LABEL = 'Date Range';
+
export let TREE_SUB_GROUP_SIZE = 5;
export let DEFAULT_FACETS = ['source:type', 'ip_src_addr', 'ip_dst_addr', 'host', 'enrichments:geo:ip_dst_addr:country'];
export let DEFAULT_GROUPS = ['source:type', 'ip_src_addr', 'ip_dst_addr', 'host', 'enrichments:geo:ip_dst_addr:country'];
export let INDEXES = environment.indices ? environment.indices.split(',') : ['websphere', 'snort', 'asa', 'bro', 'yaf'];
-
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
index bbd4112..1f5bcfc 100644
--- a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
+++ b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
@@ -71,4 +71,16 @@ export class ElasticsearchUtils {
return message;
}
+
+ public static escapeESField(field: string) {
+ return field.replace(/:/g, '\\:');
+ }
+
+ public static escapeESValue(value: string) {
+ return String(value)
+ .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single special characters
+ .replace(/\|\|/g, '\\||') // replace ||
+ .replace(/\&\&/g, '\\&&'); // replace &&
+ }
+
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/utils/utils.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/utils/utils.ts b/metron-interface/metron-alerts/src/app/utils/utils.ts
new file mode 100644
index 0000000..57a6355
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/utils/utils.ts
@@ -0,0 +1,184 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import * as moment from 'moment/moment';
+
+import {DEFAULT_TIMESTAMP_FORMAT, TIMESTAMP_FIELD_NAME} from './constants';
+import {DateFilterValue} from '../model/date-filter-value';
+
+export class Utils {
+
+ public static timeRangeToDateObj(range:string) {
+ let timeRangeToDisplayStr = Utils.timeRangeToDisplayStr(range);
+ if (timeRangeToDisplayStr != null) {
+ let toDate = new Date((timeRangeToDisplayStr.toDate)).getTime();
+ let fromDate = new Date((timeRangeToDisplayStr.fromDate)).getTime();
+
+ return new DateFilterValue(fromDate, toDate);
+ }
+ let timeRangeToEpoc = Utils.parseTimeRange(range);
+ if (timeRangeToEpoc !== null) {
+ return new DateFilterValue(timeRangeToEpoc.fromDate, timeRangeToEpoc.toDate);
+ }
+ return null;
+ }
+
+ public static parseTimeRange(range:string) {
+ let parsed = range.replace(/^\(>=/, '')
+ .replace(/\)$/, '')
+ .replace(/<=/, '').split('AND');
+ if (parsed.length === 2 && !isNaN(Number(parsed[0])) && !isNaN(Number(parsed[1]))) {
+ return {toDate: Number(parsed[1]), fromDate: Number(parsed[0])};
+ }
+ if (parsed.length === 1 && !isNaN(Number(parsed[0]))) {
+ return {toDate: null, fromDate: Number(parsed[0])};
+ }
+
+ return null;
+ }
+
+ public static timeRangeToDisplayStr(range:string) {
+ let toDate = '';
+ let fromDate = '';
+
+ switch (range) {
+ case 'last-7-days':
+ fromDate = moment().subtract(7, 'days').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-30-days':
+ fromDate = moment().subtract(30, 'days').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-60-days':
+ fromDate = moment().subtract(60, 'days').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-90-days':
+ fromDate = moment().subtract(90, 'days').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-6-months':
+ fromDate = moment().subtract(6, 'months').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-1-year':
+ fromDate = moment().subtract(1, 'year').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-2-years':
+ fromDate = moment().subtract(2, 'years').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-5-years':
+ fromDate = moment().subtract(5, 'years').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'all-time':
+ fromDate = '1970-01-01T05:30:00+05:30';
+ toDate = '2100-01-01T05:30:00+05:30';
+ break;
+ case 'yesterday':
+ fromDate = moment().subtract(1, 'days').startOf('day').local().format();
+ toDate = moment().subtract(1, 'days').endOf('day').local().format();
+ break;
+ case 'day-before-yesterday':
+ fromDate = moment().subtract(2, 'days').startOf('day').local().format();
+ toDate = moment().subtract(2, 'days').endOf('day').local().format();
+ break;
+ case 'this-day-last-week':
+ fromDate = moment().subtract(7, 'days').startOf('day').local().format();
+ toDate = moment().subtract(7, 'days').endOf('day').local().format();
+ break;
+ case 'previous-week':
+ fromDate = moment().subtract(1, 'weeks').startOf('week').local().format();
+ toDate = moment().subtract(1, 'weeks').endOf('week').local().format();
+ break;
+ case 'previous-month':
+ fromDate = moment().subtract(1, 'months').startOf('month').local().format();
+ toDate = moment().subtract(1, 'months').endOf('month').local().format();
+ break;
+ case 'previous-year':
+ fromDate = moment().subtract(1, 'years').startOf('year').local().format();
+ toDate = moment().subtract(1, 'years').endOf('year').local().format();
+ break;
+ case 'today':
+ fromDate = moment().startOf('day').local().format();
+ toDate = moment().endOf('day').local().format();
+ break;
+ case 'today-so-far':
+ fromDate = moment().startOf('day').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'this-week':
+ fromDate = moment().startOf('week').local().format();
+ toDate = moment().endOf('week').local().format();
+ break;
+ case 'this-week-so-far':
+ fromDate = moment().startOf('week').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'this-month':
+ fromDate = moment().startOf('month').local().format();
+ toDate = moment().endOf('month').local().format();
+ break;
+ case 'this-year':
+ fromDate = moment().startOf('year').local().format();
+ toDate = moment().endOf('year').local().format();
+ break;
+ case 'last-5-minutes':
+ fromDate = moment().subtract(5, 'minutes').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-15-minutes':
+ fromDate = moment().subtract(15, 'minutes').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-30-minutes':
+ fromDate = moment().subtract(30, 'minutes').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-1-hour':
+ fromDate = moment().subtract(60, 'minutes').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-3-hours':
+ fromDate = moment().subtract(3, 'hours').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-6-hours':
+ fromDate = moment().subtract(6, 'hours').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-12-hours':
+ fromDate = moment().subtract(12, 'hours').local().format();
+ toDate = moment().local().format();
+ break;
+ case 'last-24-hours':
+ fromDate = moment().subtract(24, 'hours').local().format();
+ toDate = moment().local().format();
+ break;
+ default:
+ return null;
+ }
+
+ toDate = moment(toDate).format(DEFAULT_TIMESTAMP_FORMAT);
+ fromDate = moment(fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+ return {toDate: toDate, fromDate: fromDate};
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/styles.scss
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/styles.scss b/metron-interface/metron-alerts/src/styles.scss
index b34fc39..0958685 100644
--- a/metron-interface/metron-alerts/src/styles.scss
+++ b/metron-interface/metron-alerts/src/styles.scss
@@ -20,6 +20,7 @@
@import "_variables.scss";
@import "slider.scss";
@import "metron-dialog.scss";
+@import "../node_modules/pikaday-time/scss/pikaday.scss";
@import "hexagon";
body,
@@ -243,6 +244,14 @@ form
}
}
+.pika-select {
+ height: 20px;
+ -webkit-appearance: none;
+ -moz-appearance: none;
+ appearance: none;
+ padding: 0px 15px;
+}
+
.tooltip-inner {
opacity: 0.9;
font-size: 11px;
@@ -258,5 +267,3 @@ hr {
margin: 0.3rem 0;
padding: 0;
}
-
-
[3/3] metron git commit: METRON-1224 Add time range selection to
search control (iraghumitra via james-sirota) closes apache/metron#796
Posted by js...@apache.org.
METRON-1224 Add time range selection to search control (iraghumitra via james-sirota) closes apache/metron#796
Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/5243366c
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/5243366c
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/5243366c
Branch: refs/heads/master
Commit: 5243366c48ef8d485af678e7c48b5f34170007b2
Parents: 128d4e7
Author: iraghumitra <ra...@gmail.com>
Authored: Thu Oct 26 01:04:23 2017 -0700
Committer: jsirota <js...@apache.org>
Committed: Thu Oct 26 01:04:23 2017 -0700
----------------------------------------------------------------------
.../e2e/alerts-list/alerts-list.e2e-spec.ts | 191 ++++++++++++++++++
.../e2e/alerts-list/alerts-list.po.ts | 138 +++++++++++--
.../configure-table/configure-table.e2e-spec.ts | 22 +++
.../save-search/save-search.e2e-spec.ts | 8 +-
.../e2e/mock-data/alerts_ui_e2e_index.data | 20 +-
metron-interface/metron-alerts/package.json | 5 +-
.../metron-alerts/src/_variables.scss | 23 +++
.../alerts-list/alerts-list.component.html | 3 +
.../alerts-list/alerts-list.component.scss | 4 +-
.../alerts/alerts-list/alerts-list.component.ts | 45 ++++-
.../alerts/alerts-list/alerts-list.module.ts | 3 +-
.../src/app/alerts/alerts-list/query-builder.ts | 83 +++++---
.../alerts/save-search/save-search.component.ts | 4 +-
.../src/app/model/date-filter-value.ts | 28 +++
.../metron-alerts/src/app/model/filter.ts | 34 +++-
.../metron-alerts/src/app/model/save-search.ts | 5 +-
.../src/app/service/search.service.ts | 5 +-
.../date-picker/date-picker.component.html | 17 ++
.../date-picker/date-picker.component.scss | 31 +++
.../date-picker/date-picker.component.spec.ts | 25 +++
.../shared/date-picker/date-picker.component.ts | 77 ++++++++
.../shared/date-picker/date-picker.module.ts | 15 ++
.../src/app/shared/pipes/map-keys.pipe.spec.ts | 8 +
.../src/app/shared/pipes/map-keys.pipe.ts | 12 ++
.../src/app/shared/shared.module.ts | 3 +
.../shared/time-range/time-range.component.html | 57 ++++++
.../shared/time-range/time-range.component.scss | 106 ++++++++++
.../time-range/time-range.component.spec.ts | 25 +++
.../shared/time-range/time-range.component.ts | 192 +++++++++++++++++++
.../app/shared/time-range/time-range.module.ts | 16 ++
.../metron-alerts/src/app/utils/constants.ts | 8 +-
.../src/app/utils/elasticsearch-utils.ts | 12 ++
.../metron-alerts/src/app/utils/utils.ts | 184 ++++++++++++++++++
metron-interface/metron-alerts/src/styles.scss | 11 +-
34 files changed, 1342 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
index 6b2ffd0..b0574ee 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
@@ -147,4 +147,195 @@ describe('metron-alerts App', function() {
});
+ it('should have all time-range controls', () => {
+ let quickRanges = [
+ 'Last 7 days', 'Last 30 days', 'Last 60 days', 'Last 90 days', 'Last 6 months', 'Last 1 year', 'Last 2 years', 'Last 5 years',
+ 'Yesterday', 'Day before yesterday', 'This day last week', 'Previous week', 'Previous month', 'Previous year', 'All time',
+ 'Today', 'Today so far', 'This week', 'This week so far', 'This month', 'This year',
+ 'Last 5 minutes', 'Last 15 minutes', 'Last 30 minutes', 'Last 1 hour', 'Last 3 hours', 'Last 6 hours', 'Last 12 hours', 'Last 24 hours'
+ ];
+
+ page.clickDateSettings();
+ expect(page.getTimeRangeTitles()).toEqual(['Time Range', 'Quick Ranges']);
+ expect(page.getQuickTimeRanges()).toEqual(quickRanges);
+ expect(page.getValueForManualTimeRange()).toEqual([ 'now', 'now' ]);
+ expect(page.isManulaTimeRangeApplyButtonPresent()).toEqual(true);
+ expect(page.getTimeRangeButtonText()).toEqual('All time');
+ page.clickDateSettings();
+
+ });
+
+ it('should have all time range values populated - 1', () => {
+ let secInADay = (24 * 60 * 60 * 1000);
+
+ page.clickClearSearch();
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['All time'], 'for all-time');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 7 days');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 7 days', String(secInADay * 7)], 'for last 7 days');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 30 days');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 30 days', String(secInADay * 30)], 'for last 30 days');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 60 days');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 60 days', String(secInADay * 60)], 'for last 60 days');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 90 days');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 90 days', String(secInADay * 90)], 'for last 90 days');
+
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 1 year');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 1 year', String(secInADay * 365)], 'for last 1 year');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 2 years');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 2 years', String((secInADay * 365 * 2) + secInADay)], 'for last 2 years');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 5 years');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 5 years', String((secInADay * 365 * 5) + secInADay)], 'for last 5 years');
+
+ page.clickClearSearch();
+ });
+
+ it('should have all time range values populated - 2', () => {
+ let secInADay = (24*60*60*1000);
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Yesterday');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Yesterday', String(secInADay - 1000)], 'yesterday');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Day before yesterday');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Day before yesterday', String(secInADay - 1000)], 'day before yesterday');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('This day last week');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This day last week', String(secInADay - 1000)], 'this day last week');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Previous week');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Previous week', String((secInADay * 7) - (1000))], 'for previous week');
+
+ page.clickClearSearch();
+ });
+
+ it('should have all time range values populated - 3', () => {
+ let secInADay = (24*60*60*1000);
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Today');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Today', String(secInADay - 1000)], 'for today');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('This week');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This week', String((secInADay*7) - 1000)], 'for this week');
+
+ page.clickClearSearch();
+ });
+
+ it('should have all time range values populated - 4', () => {
+ let secInADay = (24*60*60*1000);
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 5 minutes');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 5 minutes', String(5 * 60 * 1000)], 'for last 5 minutes');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 15 minutes');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 15 minutes', String(15 * 60 * 1000)], 'for last 15 minutes');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 30 minutes');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 30 minutes', String(30 * 60 * 1000)], 'for last 30 minutes');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 1 hour');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 1 hour', String(60 * 60 * 1000)], 'for last 1 hour');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 3 hours');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 3 hours', String(3 * 60 * 60 * 1000)], 'for last 3 hours');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 6 hours');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 6 hours', String(6 * 60 * 60 * 1000)], 'for last 6 hours');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 12 hours');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 12 hours', String(12 * 60 * 60 * 1000)], 'for last 12 hours');
+
+ page.clickDateSettings();
+ page.selectQuickTimeRange('Last 24 hours');
+ expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 24 hours', String(24 * 60 * 60 * 1000)], 'for last 24 hours');
+
+ page.clickClearSearch();
+ });
+
+ it('should disable date picker when timestamp is present in search', () => {
+ page.clickTableText('2017-09-13 18:02:20');
+ expect(page.isDateSeettingDisabled()).toEqual(true);
+
+ page.clickClearSearch();
+ expect(page.isDateSeettingDisabled()).toEqual(false);
+
+ page.clickTableText('alerts_ui_e2e');
+ expect(page.isDateSeettingDisabled()).toEqual(false);
+
+ page.clickClearSearch();
+ });
+
+ it('should have now included when to date is empty', () => {
+ page.clickDateSettings();
+ page.setDate(0, '2017', 'September', '13', '23', '29', '35');
+ page.selectTimeRangeApplyButton();
+ expect(page.getTimeRangeButtonTextForNow()).toEqual([ 'Date Range', '2017-09-13 23:29:35 to now' ]);
+
+ page.clickClearSearch();
+ });
+
+ it('should have all time-range included while searching', () => {
+ page.clearLocalStorage();
+ page.clickDateSettings();
+
+ /* Select Last 5years for time range */
+ page.selectQuickTimeRange('Last 5 years');
+ expect(page.getTimeRangeButtonText()).toEqual('Last 5 years');
+
+ /* Select custom date for time range */
+ page.clickDateSettings();
+ page.setDate(0, '2017', 'September', '13', '23', '29', '35');
+ page.setDate(1, '2017', 'September', '13', '23', '29', '40');
+ page.selectTimeRangeApplyButton();
+ expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)');
+
+ /* Save custom date in saved searches */
+ page.saveSearch('e2e-2');
+ page.clickSavedSearch();
+ expect(page.getRecentSearchOptions()).toContain('timestamp:last-5-years', 'for recent search options');
+ expect(page.getSavedSearchOptions()).toEqual(['e2e-2'],
+ 'for saved search options');
+ page.clickCloseSavedSearch();
+
+ /* Clear Search should should show all rows */
+ page.clickClearSearch();
+ expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)');
+
+ /* Load the saved search */
+ page.clickSavedSearch();
+ page.loadSavedSearch('e2e-2');
+ expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)');
+
+ /* Load recent search */
+ page.clickSavedSearch();
+ page.loadRecentSearch('last-5-years');
+ expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)');
+
+ });
+
});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
index 7fee303..4a97917 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
@@ -17,7 +17,7 @@
*/
import {browser, element, by, protractor} from 'protractor';
-import {waitForElementVisibility, waitForElementPresence} from '../utils/e2e_util';
+import {waitForElementVisibility, waitForElementPresence, waitForElementInVisibility} from '../utils/e2e_util';
export class MetronAlertsPage {
navigateTo() {
@@ -124,7 +124,7 @@ export class MetronAlertsPage {
}
getSettingsLabels() {
- return element.all(by.css('form label:not(.switch)')).getText();
+ return element.all(by.css('app-configure-rows form label:not(.switch)')).getText();
}
getRefreshRateOptions() {
@@ -152,12 +152,14 @@ export class MetronAlertsPage {
}
clickConfigureTable() {
- element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon')).click();
+ let gearIcon = element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon'));
+ waitForElementVisibility(gearIcon).then(() => gearIcon.click());
browser.sleep(1000);
}
clickCloseSavedSearch() {
element(by.css('app-saved-searches .close-button')).click();
+ browser.sleep(2000);
}
clickSavedSearch() {
@@ -170,7 +172,7 @@ export class MetronAlertsPage {
}
clickTableText(name: string) {
- waitForElementPresence(element.all(by.css('app-table-view tbody tr'))).then(() => element.all(by.linkText(name)).get(0).click());
+ waitForElementPresence(element.all(by.css('app-table-view tbody tr a'))).then(() => element.all(by.linkText(name)).get(0).click());
}
clickClearSearch() {
@@ -195,26 +197,22 @@ export class MetronAlertsPage {
getRecentSearchOptions() {
browser.sleep(1000);
- let map = {};
- let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(0);
- return recentSearches.all(by.css('a')).getText().then(title => {
- return recentSearches.all(by.css('.collapse.show')).getText().then(values => {
- map[title] = values;
- return map;
- });
- });
+ return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('li')).getText();
+ }
+
+ getDefaultRecentSearchValue() {
+ browser.sleep(1000);
+ return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('i')).getText();
}
getSavedSearchOptions() {
browser.sleep(1000);
- let map = {};
- let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(1);
- return recentSearches.all(by.css('a')).getText().then(title => {
- return recentSearches.all(by.css('.collapse.show')).getText().then(values => {
- map[title] = values;
- return map;
- });
- });
+ return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('li')).getText();
+ }
+
+ getDefaultSavedSearchValue() {
+ browser.sleep(1000);
+ return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('i')).getText();
}
getSelectedColumnNames() {
@@ -288,8 +286,108 @@ export class MetronAlertsPage {
});
}
+ isDateSeettingDisabled() {
+ return element.all(by.css('app-time-range button.btn.btn-search[disabled=""]')).count().then((count) => { return (count === 1); });
+ }
+
+ clickDateSettings() {
+ element(by.css('app-time-range button.btn-search')).click();
+ browser.sleep(2000);
+ }
+
+ getTimeRangeTitles() {
+ return element.all(by.css('app-time-range .title')).getText();
+ }
+
+ getQuickTimeRanges() {
+ return element.all(by.css('app-time-range .quick-ranges span')).getText();
+ }
+
+ getValueForManualTimeRange() {
+ return element.all(by.css('app-time-range input.form-control')). getAttribute('value');
+ }
+
+ isManulaTimeRangeApplyButtonPresent() {
+ return element.all(by.css('app-time-range')).all(by.buttonText('APPLY')).count().then(count => count === 1);
+ }
+
+ selectQuickTimeRange(quickRange: string) {
+ element.all(by.cssContainingText('.quick-ranges span', quickRange)).get(0).click();
+ browser.sleep(2000);
+ }
+
+ getTimeRangeButtonText() {
+ return element.all(by.css('app-time-range button.btn-search span')).get(0).getText();
+ }
+
+ setDate(index: number, year: string, month: string, day: string, hour: string, min: string, sec: string) {
+ element.all(by.css('app-time-range .calendar')).get(index).click()
+ .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).element(by.cssContainingText('option', hour)).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).element(by.cssContainingText('option', min)).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).element(by.cssContainingText('option', sec)).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).element(by.cssContainingText('option', year)).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).click())
+ .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).element(by.cssContainingText('option', month)).click())
+ .then(() => element.all(by.css('.pika-table')).get(index).element(by.buttonText(day)).click())
+ .then(() => waitForElementInVisibility(element.all(by.css('.pika-single')).get(index)));
+
+ browser.sleep(1000);
+ }
+
+ selectTimeRangeApplyButton() {
+ return element(by.css('app-time-range')).element(by.buttonText('APPLY')).click();
+ }
+
+ getChangesAlertTableTitle(previousText: string) {
+ // browser.pause();
+ let title = element(by.css('.col-form-label-lg'));
+ return this.waitForTextChange(title, previousText).then(() => {
+ return title.getText();
+ });
+ }
+
getAlertStatusById(id: string) {
return element(by.css('a[title="' + id +'"]'))
.element(by.xpath('../..')).all(by.css('td a')).get(8).getText();
}
+
+ loadSavedSearch(name: string) {
+ element.all(by.css('app-saved-searches metron-collapse')).get(1).element(by.css('li[title="'+ name +'"]')).click();
+ browser.sleep(1000);
+ }
+
+ loadRecentSearch(name: string) {
+ element.all(by.css('app-saved-searches metron-collapse')).get(0).all(by.css('li')).get(2).click();
+ browser.sleep(1000);
+ }
+
+ getTimeRangeButtonTextForNow() {
+ return element.all(by.css('app-time-range button span')).getText();
+ }
+
+ getTimeRangeButtonAndSubText() {
+ return waitForElementInVisibility(element(by.css('#time-range')))
+ .then(() => element.all(by.css('app-time-range button span')).getText())
+ .then(arr => {
+ let retArr = [arr[0]];
+ for (let i=1; i < arr.length; i++) {
+ let dateStr = arr[i].split(' to ');
+ let fromTime = new Date(dateStr[0]).getTime();
+ let toTime = new Date(dateStr[1]).getTime();
+ retArr.push((toTime - fromTime) + '');
+ }
+ return retArr;
+ });
+ }
+
+ renameColumn(name: string, value: string) {
+ element(by.cssContainingText('app-configure-table span', name))
+ .element(by.xpath('../..'))
+ .element(by.css('.input')).sendKeys(value);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
index 0834960..ddad558 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
@@ -56,6 +56,28 @@ describe('metron-alerts configure table', function() {
page.toggleSelectCol('guid', 'method');
expect(page.getSelectedColumnNames()).toEqualBcoz(newColNamesColumnConfig, 'for guid added to selected column names');
page.saveConfigureColumns();
+ });
+
+ it('should rename columns from table configuration', () => {
+ page.clearLocalStorage();
+ page.navigateTo();
+
+ page.clickConfigureTable();
+ page.renameColumn('enrichments:geo:ip_dst_addr:country', 'Country');
+ page.saveConfigureColumns();
+
+ page.clickTableText('FR');
+ expect(page.getSearchText()).toEqual('Country:FR');
+ expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)');
+ page.clickClearSearch();
+
+ expect(page.getChangesAlertTableTitle('Alerts (25)')).toEqual('Alerts (169)');
+ page.setSearchText('Country:FR');
+ expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)');
+ page.clickClearSearch();
+
+ let columnNames = ['Score','id', 'timestamp','source:type','ip_src_addr','Country','ip_dst_addr','host','alert_status','',''];
+ expect(page.getTableColumnNames()).toEqualBcoz(columnNames, 'for renamed column names for alert list table');
});
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
index b606284..350f11e 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
@@ -47,8 +47,10 @@ describe('metron-alerts Search', function() {
page.clickSavedSearch();
expect(page.getSavedSearchTitle()).toEqualBcoz('Searches', 'for saved searches title');
- expect(page.getRecentSearchOptions()).toEqualBcoz({ 'Recent Searches': [ 'No Recent Searches' ] }, 'for recent search options');
- expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'No Saved Searches' ] }, 'for saved search options');
+ expect(page.getRecentSearchOptions()).toEqualBcoz([], 'for recent search options');
+ expect(page.getSavedSearchOptions()).toEqualBcoz([], 'for saved search options');
+ expect(page.getDefaultRecentSearchValue()).toEqualBcoz([ 'No Recent Searches' ], 'for recent search default value');
+ expect(page.getDefaultSavedSearchValue()).toEqualBcoz([ 'No Saved Searches' ], 'for saved search default value');
page.clickCloseSavedSearch();
});
@@ -56,7 +58,7 @@ describe('metron-alerts Search', function() {
it('should have all save search controls and they save search should be working', () => {
page.saveSearch('e2e-1');
page.clickSavedSearch();
- expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'e2e-1' ] }, 'for saved search options e2e-1');
+ expect(page.getSavedSearchOptions()).toEqualBcoz([ 'e2e-1' ], 'for saved search options e2e-1');
page.clickCloseSavedSearch();
});
[2/3] metron git commit: METRON-1224 Add time range selection to
search control (iraghumitra via james-sirota) closes apache/metron#796
Posted by js...@apache.org.
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
index f75c220..e3ffbe7 100644
--- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
+++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
@@ -209,25 +209,25 @@
{"create": { "_id": "72f00fcd-2347-d75b-5c0a-08086f9e2a23"}}
{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325676512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569374","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CHVSUC3iOxb3UpVxWd","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CHVSUC3iOxb3UpVxWd trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.
0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569378","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574181","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325676512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569375","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569378","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid"
:"72f00fcd-2347-d75b-5c0a-08086f9e2a23","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
{"create": { "_id": "dcb3afed-1b68-d88a-7adb-f38183867920"}}
-{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80
w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505325677512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":
"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973}
+{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80
w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":
"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973}
{"create": { "_id": "50d6e395-0f31-a9c3-143e-25d7f44aadde"}}
{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325678512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cn2j4crCA6ckU3XP5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cn2j4crCA6ckU3XP5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325678512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569383","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"
50d6e395-0f31-a9c3-143e-25d7f44aadde","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
{"create": { "_id": "e90a5ca0-599d-05f2-18c4-13b563606f2e"}}
-{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505325679512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitter
bolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
+{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitter
bolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
{"create": { "_id": "fdb3c737-37fb-8bdf-6ace-78e8c41972a7"}}
{"bro_timestamp":1505325680512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569384","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":32,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:32 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121
","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"node1","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325680512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574845","guid":"fdb3c737-37fb-8bdf-6ace-78e8c41972a7","response_body_len":0}
{"create": { "_id": "735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0"}}
{"bro_timestamp":1505325681512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569387","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":22,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:22 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569389","host":"node1","adapter:geoad
apter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325681512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569387","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569389","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0","response_body_len":0}
{"create": { "_id": "09552ace-9c09-8069-a3f0-73e146579030"}}
-{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505325682512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterb
olt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825}
+{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterb
olt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825}
{"create": { "_id": "1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}}
{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325683512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671569393","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574077","uid":"C1fDU21X4Ys3xP7137","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C1fDU21X4Ys3xP7137 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":
"1492671569395","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325683512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569393","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569395","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}
{"create": { "_id": "ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}}
{"qclass_name":"C_INTERNET","bro_timestamp":1505325684512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671569399","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574077","uid":"CqrOfMusHaczrDBz8","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CqrOfMusHaczrDBz8 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569401","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitt
er:end:ts":"1492671574182","qclass":1,"timestamp":1505325684512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569399","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569401","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}
{"create": { "_id": "a105fca8-ec40-a98f-b64e-06e4d97a800f"}}
-{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505325685512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo
lt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
+{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo
lt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
{"create": { "_id": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1"}}
-{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.
30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505325686512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":
"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
+{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.
30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":
"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
{"create": { "_id": "ba44eb73-69d8-ccd2-f08b-636f9c15b261"}}
{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325687512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573813","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CLKLkp1z9ZWAE0eou","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CLKLkp1z9ZWAE0eou referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in st
atus_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FrcnSsZqVzpjB9o3j\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573817","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrcnSsZqVzpjB9o3j"],"timestamp":1505325687512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573813","request_body_len":0,"enri
chments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"ba44eb73-69d8-ccd2-f08b-636f9c15b261","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635}
{"create": { "_id": "6a437817-ef04-e264-2eef-5edd0b37d280"}}
@@ -311,11 +311,11 @@
{"create": { "_id": "3cf6c636-ea29-4654-1632-c38a2c130f1c"}}
{"bro_timestamp":1505325727512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594637","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2;
.NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOUZap2sbK6jyWeLZ8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594637","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594644","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOUZap2sbK6jyWeLZ8"],"timestamp":1505325727512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo
lt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"3cf6c636-ea29-4654-1632-c38a2c130f1c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
{"create": { "_id": "fd436051-cfdd-c29a-e07c-a08a83740b23"}}
-{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geo
adapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325728512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0}
+{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geo
adapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0}
{"create": { "_id": "d41c8e3b-0b86-9084-2f6a-82db51a337fe"}}
{"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325729512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"C5DBCB4BP3zJovMQlf","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C5DBCB4BP3zJovMQlf resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FMZdAx3UlrSOgAQdsj\"] host:comarksecurity.com status_msg:OK id
.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:72.34.49.86 resp_fuids:[\"FtEGkz1CUNMfkJKrZh\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FtEGkz1CUNMfkJKrZh"],"timestamp":1505325729512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_add
r:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FMZdAx3UlrSOgAQdsj"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"d41c8e3b-0b86-9084-2f6a-82db51a337fe","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14}
{"create": { "_id": "777d9c8c-4c97-08bd-09ba-66e9366cccd5"}}
-{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts
":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505325730512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"}
+{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts
":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"}
{"create": { "_id": "0e99ba49-46a8-8efe-098f-15456c107bc9"}}
{"bro_timestamp":1505325731512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30
729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325731512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"0
e99ba49-46a8-8efe-098f-15456c107bc9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
{"create": { "_id": "e9a942f0-9410-a2ef-79d3-297448ca7a9a"}}
@@ -323,13 +323,13 @@
{"create": { "_id": "cadf2f10-468c-2ad9-625c-39dce0668ea0"}}
{"bro_timestamp":1505325733512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2
; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FPOfpJ1mfdIRvALw8j\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594643","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPOfpJ1mfdIRvALw8j"],"timestamp":1505325733512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594643","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitte
rbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"cadf2f10-468c-2ad9-625c-39dce0668ea0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534}
{"create": { "_id": "becc5966-68a2-e67d-3493-b7bc9514e3c9"}}
-{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.
0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325734512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid"
:"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
+{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.
0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid"
:"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
{"create": { "_id": "4d864bb0-0cb1-4005-f707-c62f7b0e7264"}}
-{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts"
:"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505325735512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"}
+{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts"
:"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"}
{"create": { "_id": "4c732cb0-05cc-bdb4-9898-886a93129aba"}}
{"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325736512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CvI6xrY2n5mRaFjFa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CvI6xrY2n5mRaFjFa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE73U6RnooUIz1k3l\"] host:comarksecurity.com status_msg:OK id.o
rig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:72.34.49.86 resp_fuids:[\"FbCMi2mD3uLfGjK7j\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FbCMi2mD3uLfGjK7j"],"timestamp":1505325736512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:po
stalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671598092","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FE73U6RnooUIz1k3l"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"OK","guid":"4c732cb0-05cc-bdb4-9898-886a93129aba","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996}
{"create": { "_id": "cb6a4983-48ac-4c00-2f44-9d1bd9b50575"}}
-{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:en
d:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325737512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0}
+{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:en
d:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0}
{"create": { "_id": "a5e95569-a9ee-c024-ace7-7d0e2613b29a"}}
{"qclass_name":"C_INTERNET","bro_timestamp":1505325738512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671598104","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","trans_id":0,"adapter:geoadapter:begin:ts":"1492671598093","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671596.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","Z":0,"adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","qclass":1,
"timestamp":1505325738512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671598090","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"a5e95569-a9ee-c024-ace7-7d0e2613b29a"}
{"create": { "_id": "fa91598f-51b2-2b60-11f2-6fbabc162b7e"}}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/package.json
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/package.json b/metron-interface/metron-alerts/package.json
index bc2c726..1be70f3 100644
--- a/metron-interface/metron-alerts/package.json
+++ b/metron-interface/metron-alerts/package.json
@@ -21,12 +21,14 @@
"@angular/platform-browser": "^4.0.0",
"@angular/platform-browser-dynamic": "^4.0.0",
"@angular/router": "^4.0.0",
+ "@types/moment": "^2.13.0",
"ace-builds": "^1.2.6",
"bootstrap": "4.0.0-alpha.6",
"core-js": "^2.4.1",
"font-awesome": "^4.7.0",
- "ng2-dragula": "^1.5.0",
"moment": "^2.18.1",
+ "pikaday-time": "^1.6.1",
+ "ng2-dragula": "^1.5.0",
"rxjs": "^5.1.0",
"web-animations-js": "^2.2.2",
"zone.js": "^0.8.4"
@@ -38,6 +40,7 @@
"@types/jasmine": "2.5.38",
"@types/moment": "^2.13.0",
"@types/node": "~6.0.60",
+ "@types/pikaday-time": "^1.4.2",
"codelyzer": "~2.0.0",
"compression": "1.6.2",
"elementor": "^2.1.0",
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/_variables.scss
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/_variables.scss b/metron-interface/metron-alerts/src/_variables.scss
index 44ed9f6..21cdfdf 100644
--- a/metron-interface/metron-alerts/src/_variables.scss
+++ b/metron-interface/metron-alerts/src/_variables.scss
@@ -49,6 +49,7 @@ $mine-shaft-7: #2C2C2C;
$mine-shaft-8: #353535;
$mine-shaft-9: #2B2B2B;
$mine-shaft-10: #303030;
+$mine-shaft-11: #3A3A3A;
$dove-grey: #737373;
$tundora: #4D4D4D;
$tundora-1: #404040;
@@ -86,6 +87,7 @@ $eastern-blue: #1F91BE;
$mantis: #80BF4D;
$sky-blue: #75D2ED;
$outer-space: #2E3A3F;
+$abbey: #58595B;
$white: #FFFFFF;
$iron: #D1D3D4;
$rolling-stone: #808285;
@@ -110,6 +112,27 @@ $nav-content-nav-width: 200px;
$login-label: #606060;
$black: #000000;
+
+//Pikaday
+$pd-text-color: #999999;
+$pd-title-color: #999999;
+$pd-title-bg: #3D3D3D;
+$pd-picker-bg: #3D3D3D;
+$pd-picker-border: #4D4D4D;
+$pd-picker-border-bottom: #353535;
+$pd-picker-shadow: rgba(0,0,0,.5);
+$pd-th-color: #999;
+$pd-day-color: #999999;
+$pd-day-bg: #2D2D2D;
+$pd-day-hover-color: #FDFEFE;
+$pd-day-hover-bg: #1F91BE;
+$pd-day-today-color: #FFFFFF;
+$pd-day-selected-color: #1E87AF;
+$pd-day-selected-bg: tranparent;
+$pd-day-selected-shadow: tranparent;
+$pd-day-disabled-color: #999;
+$pd-week-color: #999;
+
@mixin place-holder-text
{
font-family: Roboto;
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
index bcecef3..63b4e41 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
@@ -24,6 +24,9 @@
<button class="btn btn-secondary btn-search-clear" type="button" (click)="onClear()"></button>
</span>
<span class="input-group-btn">
+ <app-time-range (timeRangeChange)="onTimeRangeChange($event)" [disabled]="timeStampfilterPresent" [selectedTimeRange]="selectedTimeRange"> </app-time-range>
+ </span>
+ <span class="input-group-btn">
<button class="btn btn-secondary btn-search" type="button" (click)="onSearch(alertSearchDirective.getSeacrhText())"></button>
</span>
</div>
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
index a803df0..01b8f9a 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
@@ -66,7 +66,7 @@ $searchbox-height: 42px;
.btn-saved-searches {
font-size: 15px;
-
+ font-family: Roboto;
background: $mine-shaft-5;
border: 1px solid $tundora;
color: $silver-chalice;
@@ -86,7 +86,7 @@ $searchbox-height: 42px;
.btn-search-clear {
border-top: 1px solid $tundora;
border-bottom: 1px solid $tundora;
- border-right: 1px solid $blue-chill;
+ border-right: 1px solid $tundora;
background: $mine-shaft-1;
border-left: none;
padding: 0px 5px 0px 0px;
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
index 06d3fb2..228c4f7 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
@@ -35,8 +35,9 @@ import {MetronDialogBox, DialogType} from '../../shared/metron-dialog-box';
import {AlertSearchDirective} from '../../shared/directives/alert-search.directive';
import {SearchResponse} from '../../model/search-response';
import {ElasticsearchUtils} from '../../utils/elasticsearch-utils';
-import {TableViewComponent} from './table-view/table-view.component';
import {Filter} from '../../model/filter';
+import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants';
+import {TableViewComponent} from './table-view/table-view.component';
import {Pagination} from '../../model/pagination';
import {PatchRequest} from '../../model/patch-request';
@@ -58,7 +59,9 @@ export class AlertsListComponent implements OnInit, OnDestroy {
refreshTimer: Subscription;
pauseRefresh = false;
lastPauseRefreshValue = false;
- threatScoreFieldName = 'threat:triage:score';
+ timeStampfilterPresent = false;
+ selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false);
+ threatScoreFieldName = THREAT_SCORE_FIELD_NAME;
@ViewChild('table') table: ElementRef;
@ViewChild('dataViewComponent') dataViewComponent: TableViewComponent;
@@ -104,12 +107,23 @@ export class AlertsListComponent implements OnInit, OnDestroy {
let queryBuilder = new QueryBuilder();
queryBuilder.setGroupby(this.queryBuilder.groupRequest.groups.map(group => group.field));
queryBuilder.searchRequest = savedSearch.searchRequest;
+ queryBuilder.filters = savedSearch.filters;
this.queryBuilder = queryBuilder;
+ this.setSelectedTimeRange(savedSearch.filters);
this.prepareColumnData(savedSearch.tableColumns, []);
+ this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent();
this.search(true, savedSearch);
});
}
+ setSelectedTimeRange(filters: Filter[]) {
+ filters.forEach(filter => {
+ if (filter.field === TIMESTAMP_FIELD_NAME && filter.dateFilterValue) {
+ this.selectedTimeRange = JSON.parse(JSON.stringify(filter));
+ }
+ });
+ }
+
calcColumnsToDisplay() {
let availableWidth = document.documentElement.clientWidth - (200 + (15 * 4)); /* screenwidth - (navPaneWidth + (paddings))*/
availableWidth = availableWidth - (55 + 25 + 25); /* availableWidth - (score + colunSelectIcon +selectCheckbox )*/
@@ -157,14 +171,16 @@ export class AlertsListComponent implements OnInit, OnDestroy {
}
onClear() {
- this.queryBuilder.displayQuery = '';
+ this.timeStampfilterPresent = false;
+ this.queryBuilder.clearSearch();
+ this.selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false);
this.search();
}
onSearch($event) {
- this.queryBuilder.displayQuery = $event;
+ this.queryBuilder.setSearch($event);
+ this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent();
this.search();
-
return false;
}
@@ -186,6 +202,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
}
onAddFilter(filter: Filter) {
+ this.timeStampfilterPresent = (filter.field === TIMESTAMP_FIELD_NAME);
this.queryBuilder.addOrUpdateFilter(filter);
this.search();
}
@@ -214,6 +231,16 @@ export class AlertsListComponent implements OnInit, OnDestroy {
this.colNumberTimerId = setTimeout(() => { this.calcColumnsToDisplay(); }, 500);
}
+ onTimeRangeChange(filter: Filter) {
+ if (filter.value === ALL_TIME) {
+ this.queryBuilder.removeFilter(filter.field);
+ } else {
+ this.queryBuilder.addOrUpdateFilter(filter);
+ }
+
+ this.search();
+ }
+
prepareColumnData(configuredColumns: ColumnMetadata[], defaultColumns: ColumnMetadata[]) {
this.alertsColumns = (configuredColumns && configuredColumns.length > 0) ? configuredColumns : defaultColumns;
this.queryBuilder.setFields(this.getColumnNamesForQuery());
@@ -255,6 +282,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
}
removeFilter(field: string) {
+ this.timeStampfilterPresent = (field === TIMESTAMP_FIELD_NAME) ? false : this.timeStampfilterPresent;
this.queryBuilder.removeFilter(field);
this.search();
}
@@ -301,7 +329,9 @@ export class AlertsListComponent implements OnInit, OnDestroy {
savedSearch = new SaveSearch();
savedSearch.searchRequest = this.queryBuilder.searchRequest;
savedSearch.tableColumns = this.alertsColumns;
- savedSearch.name = savedSearch.getDisplayString();
+ savedSearch.filters = this.queryBuilder.filters;
+ savedSearch.searchRequest.query = '';
+ savedSearch.name = this.queryBuilder.generateNameForSearchRequest();
}
this.saveSearchService.saveAsRecentSearches(savedSearch).subscribe(() => {
@@ -314,6 +344,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
this.searchResponse = results;
this.pagination.total = results.total;
this.alerts = results.results ? results.results : [];
+ this.setSelectedTimeRange(this.queryBuilder.filters);
}
showConfigureTable() {
@@ -358,7 +389,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
tryStartPolling() {
if (!this.pauseRefresh) {
this.tryStopPolling();
- this.refreshTimer = this.searchService.pollSearch(this.queryBuilder.searchRequest).subscribe(results => {
+ this.refreshTimer = this.searchService.pollSearch(this.queryBuilder).subscribe(results => {
this.setData(results);
});
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
index 27b7e2e..6e0dd2a 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
@@ -27,6 +27,7 @@ import {ListGroupModule} from '../../shared/list-group/list-grup.module';
import {CollapseModule} from '../../shared/collapse/collapse.module';
import {MetronTablePaginationModule} from '../../shared/metron-table/metron-table-pagination/metron-table-pagination.module';
import {ConfigureRowsModule} from '../configure-rows/configure-rows.module';
+import {TimeRangeModule} from '../../shared/time-range/time-range.module';
import {GroupByModule} from '../../shared/group-by/group-by.module';
import {AlertFiltersComponent} from './alert-filters/alert-filters.component';
import {TableViewComponent} from './table-view/table-view.component';
@@ -34,7 +35,7 @@ import {TreeViewComponent} from './tree-view/tree-view.component';
@NgModule({
imports: [routing, SharedModule, ConfigureRowsModule, MetronSorterModule, MetronTablePaginationModule,
- ListGroupModule, CollapseModule, GroupByModule],
+ ListGroupModule, CollapseModule, GroupByModule, TimeRangeModule],
exports: [AlertsListComponent],
declarations: [AlertsListComponent, TableViewComponent, TreeViewComponent, AlertFiltersComponent],
providers: [DecimalPipe, SearchService]
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
index 863e127..e9f96eb 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
@@ -19,6 +19,7 @@ import {Filter} from '../../model/filter';
import {ColumnNamesService} from '../../service/column-names.service';
import {SearchRequest} from '../../model/search-request';
import {SortField} from '../../model/sort-field';
+import {TIMESTAMP_FIELD_NAME} from '../../utils/constants';
import {GroupRequest} from '../../model/group-request';
import {Group} from '../../model/group';
@@ -29,27 +30,20 @@ export class QueryBuilder {
private _displayQuery = this._query;
private _filters: Filter[] = [];
- set query(value: string) {
- value = value.replace(/\\:/g, ':');
- this._query = value;
- this.updateFilters(this._query, false);
- this.onSearchChange();
- }
-
get query(): string {
return this._query;
}
- set displayQuery(value: string) {
- this._displayQuery = value;
- this.updateFilters(this._displayQuery, true);
- this.onSearchChange();
- }
-
get displayQuery(): string {
return this._displayQuery;
}
+ set filters(filters: Filter[]) {
+ filters.forEach(filter => {
+ this.addOrUpdateFilter(filter)
+ });
+ }
+
get filters(): Filter[] {
return this._filters;
}
@@ -62,7 +56,7 @@ export class QueryBuilder {
set searchRequest(value: SearchRequest) {
this._searchRequest = value;
- this.query = this._searchRequest.query;
+ this.setSearch(this._searchRequest.query);
}
get groupRequest(): GroupRequest {
@@ -70,10 +64,28 @@ export class QueryBuilder {
return this._groupRequest;
}
+ setSearch(query: string) {
+ this.updateFilters(query, true);
+ this.onSearchChange();
+ }
+
+ clearSearch() {
+ this._filters = [];
+ this.onSearchChange();
+ }
+
addOrUpdateFilter(filter: Filter) {
- let existingFilter = this._filters.find(tFilter => tFilter.field === filter.field);
+ let existingFilterIndex = -1;
+ let existingFilter = this._filters.find((tFilter, index) => {
+ if (tFilter.field === filter.field) {
+ existingFilterIndex = index;
+ return true;
+ }
+ return false;
+ });
+
if (existingFilter) {
- existingFilter.value = filter.value;
+ this._filters.splice(existingFilterIndex, 1, filter);
} else {
this._filters.push(filter);
}
@@ -82,22 +94,33 @@ export class QueryBuilder {
}
generateSelect() {
- let select = this._filters.map(filter => {
- return filter.field.replace(/:/g, '\\:') +
- ':' +
- String(filter.value)
- .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single special characters
- .replace(/\|\|/g, '\\||') // replace ||
- .replace(/\&\&/g, '\\&&'); // replace &&
- }).join(' AND ');
+ let select = this._filters.map(filter => filter.getQueryString()).join(' AND ');
return (select.length === 0) ? '*' : select;
}
- generateSelectForDisplay() {
+ generateNameForSearchRequest() {
let select = this._filters.map(filter => ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value).join(' AND ');
return (select.length === 0) ? '*' : select;
}
+ generateSelectForDisplay() {
+ let appliedFilters = [];
+ this._filters.reduce((appliedFilters, filter) => {
+ if (filter.display) {
+ appliedFilters.push(ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value);
+ }
+
+ return appliedFilters;
+ }, appliedFilters);
+
+ let select = appliedFilters.join(' AND ');
+ return (select.length === 0) ? '*' : select;
+ }
+
+ isTimeStampFieldPresent(): boolean {
+ return this._filters.some(filter => (filter.field === TIMESTAMP_FIELD_NAME && !isNaN(Number(filter.value))));
+ }
+
onSearchChange() {
this._query = this.generateSelect();
this._displayQuery = this.generateSelectForDisplay();
@@ -133,7 +156,7 @@ export class QueryBuilder {
private updateFilters(tQuery: string, updateNameTransform = false) {
let query = tQuery;
- this._filters = [];
+ this.removeDisplayedFilters();
if (query && query !== '' && query !== '*') {
let terms = query.split(' AND ');
@@ -146,4 +169,12 @@ export class QueryBuilder {
}
}
}
+
+ private removeDisplayedFilters() {
+ for (let i = this._filters.length-1; i >= 0; i--) {
+ if (this._filters[i].display) {
+ this._filters.splice(i, 1);
+ }
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
index d3bd9da..b27da3a 100644
--- a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
@@ -47,7 +47,9 @@ export class SaveSearchComponent implements OnInit {
save() {
this.saveSearch.searchRequest = this.saveSearchService.queryBuilder.searchRequest;
this.saveSearch.tableColumns = this.saveSearchService.tableColumns;
-
+ this.saveSearch.filters = this.saveSearchService.queryBuilder.filters;
+ this.saveSearch.searchRequest.query = '';
+
this.saveSearchService.saveSearch(this.saveSearch).subscribe(() => {
this.goBack();
}, error => {