Repository: metron Updated Branches: refs/heads/master c4c790dbe -> 4519f7210
METRON-1621: Sorting alerts table by score closes apache/incubator-metron#1088 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/4519f721 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/4519f721 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/4519f721 Branch: refs/heads/master Commit: 4519f72104b294c2f0eb8135181a3fa68eee9088 Parents: c4c790d Author: tiborm <[email protected]> Authored: Fri Jun 29 09:17:27 2018 -0400 Committer: cstella <[email protected]> Committed: Fri Jun 29 09:17:27 2018 -0400 ---------------------------------------------------------------------- .../alert-filters/alert-filters.e2e-spec.ts | 2 +- .../e2e/alerts-list/alerts-list.po.ts | 6 +- .../meta-alerts/meta-alert.e2e-spec.ts | 2 +- .../table-view/table-view.e2e-spec.ts | 90 ++++++++++++++++++++ .../e2e/alerts-list/table-view/table-view.po.ts | 26 ++++++ .../alerts-list/tree-view/tree-view.e2e-spec.ts | 4 +- .../e2e/mock-data/alerts_ui_e2e_index.data | 16 ++-- .../metron-alerts/e2e/utils/e2e_util.ts | 62 ++++++++------ .../metron-alerts/protractor.conf.js | 1 + .../table-view/table-view.component.html | 10 +-- 10 files changed, 172 insertions(+), 47 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts index d9caf7c..6783d3d 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts @@ -47,7 +47,7 @@ describe('Test spec for facet filters', function() { }); it('should display facets data', async function() : Promise<any> { - let facetValues = [ 'enrichm...:country 3', 'ip_dst_addr 8', 'ip_src_addr 2', 'source:type 1' ]; + let facetValues = [ 'enrichm...:country 3', 'ip_dst_addr 8', 'ip_src_addr 6', 'source:type 1' ]; await page.navgateToAlertList(); expect(await page.getFacetsTitle()).toEqualBcoz('Filters', 'for Title as Filters'); http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts index 13aeb27..389d218 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts @@ -16,7 +16,7 @@ * limitations under the License. */ -import {browser, element, by, protractor} from 'protractor'; +import {browser, element, by, protractor, ElementArrayFinder} from 'protractor'; import * as moment from 'moment/moment'; import { waitForElementVisibility, waitForElementPresence, waitForElementInVisibility, @@ -446,10 +446,6 @@ export class MetronAlertsPage { .element(by.xpath('../..')).all(by.css('td a')).get(8).getText(); } - sortTable(colName: string) { - element.all(by.css('table thead th')).all(by.linkText(colName)).get(0).click(); - } - getCellValue(rowIndex: number, colIndex: number, previousText: string) { let cellElement = element.all(by.css('table tbody tr')).get(rowIndex).all(by.css('td')).get(colIndex); return this.waitForTextChange(cellElement, previousText).then(() => cellElement.getText()); http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts index 5425523..5bf7fd8 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts @@ -158,7 +158,7 @@ describe('Test spec for meta alerts workflow', function() { 'source:type': '1', 'ip_dst_addr': '7', 'enrichm...:country': '3', - 'ip_src_addr': '2' + 'ip_src_addr': '4' }; let alertsInMetaAlerts = [ '82f8046d-d...03b17480dd', http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts new file mode 100644 index 0000000..21df423 --- /dev/null +++ b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.e2e-spec.ts @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import { TableViewPage } from './table-view.po'; +import { LoginPage } from '../../login/login.po'; +import { loadTestData, deleteTestData, AutomationHelper } from '../../utils/e2e_util'; + +describe('Alerts Table', () => { + + let page: TableViewPage; + let loginPage: LoginPage; + + beforeAll(async () => { + page = new TableViewPage(); + loginPage = new LoginPage(); + + await loadTestData(); + }); + + afterAll(async () => { + await deleteTestData(); + }) + + describe('should sort by colum: ', () => { + + beforeEach(async () => { + await loginPage.login(); + }); + + afterEach(async () => { + await loginPage.logout(); + }); + + it('sorting ASC by ip_src_addr', async function() { + await page.sortTable('ip_src_addr'); // sorting ASC + const ascOrder = []; + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 cell-3')); + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 cell-3')); + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 cell-3')); + + expect(ascOrder).toEqual(['192.168.65.1','192.168.66.0','192.168.66.1']); + }); + + it('sorting DESC by ip_src_addr', async function() { + await page.sortTable('ip_src_addr'); // sorting ASC + await page.sortTable('ip_src_addr') // sorting DESC + const descOrder = []; + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 cell-3')); + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 cell-3')); + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 cell-3')); + + expect(descOrder).toEqual(['192.168.138.160','192.168.138.159','192.168.138.158']); + }); + + it('sorting ASC by Score', async function() { + await page.sortTable('Score'); // sorting ASC + const ascOrder = []; + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 score')); + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 score')); + ascOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 score')); + + expect(ascOrder).toEqual(['-','-','-']); + }); + + it('sorting DESC by Score', async function() { + await page.sortTable('Score'); // sorting ASC + await page.sortTable('Score') // sorting DESC + const descOrder = []; + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-0 score')); + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-1 score')); + descOrder.push(await AutomationHelper.getTextByQEId('alerts-table row-2 score')); + + expect(descOrder).toEqual(['10','9','8']); + }); + }) +}); http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts new file mode 100644 index 0000000..d57955d --- /dev/null +++ b/metron-interface/metron-alerts/e2e/alerts-list/table-view/table-view.po.ts @@ -0,0 +1,26 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import { browser, element, by, protractor, ElementArrayFinder } from 'protractor'; +import { waitForElementVisibility } from '../../utils/e2e_util'; + +export class TableViewPage { + sortTable(colName: string) { + return element.all(by.css('table thead th')).all(by.linkText(colName)).get(0).click(); + } +} http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts index 3129674..87008e1 100644 --- a/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts +++ b/metron-interface/metron-alerts/e2e/alerts-list/tree-view/tree-view.e2e-spec.ts @@ -53,7 +53,7 @@ describe('Test spec for tree view', function () { 'source:type': '1', 'ip_dst_addr': '8', 'enrichm...:country': '3', - 'ip_src_addr': '2' + 'ip_src_addr': '6' }; expect(await listPage.getChangesAlertTableTitle('Alerts (0)')).toEqualBcoz('Alerts (169)', 'for alerts title'); @@ -156,7 +156,7 @@ describe('Test spec for tree view', function () { await page.selectGroup('enrichments:geo:ip_dst_addr:country'); expect(await page.getActiveGroups()).toEqualBcoz(['source:type', 'ip_dst_addr', 'enrichm...:country'], '3 groups should be selected'); - expect(await page.getDashGroupValues('alerts_ui_e2e')).toEqualBcoz(['0', 'alerts_ui_e2e', 'ALERTS', '169'], + expect(await page.getDashGroupValues('alerts_ui_e2e')).toEqualBcoz(['36', 'alerts_ui_e2e', 'ALERTS', '169'], 'Top Level Group Values should be present for alerts_ui_e2e'); await page.expandDashGroup('alerts_ui_e2e'); http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data index e3ffbe7..19f5410 100644 --- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data +++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data @@ -1,21 +1,21 @@ {"create": { "_id": "dcda4423-75f1-8e14-c567-080962fafc47"}} -{"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325572512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574783","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568547","enrichmentjoinbolt:joiner:ts":"1492671574101","adapter:geoadapter:begin:ts":"1492671572509","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CD23C83kXKw966hJtc","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574780","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CD23C83kXKw966hJtc resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FS7RhoA94CA7tXRH3\"] host:comarksecurity.com status_msg:OK id .orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:72.34.49.86 resp_fuids:[\"F3FAZQ2jVEyeqyiQB7\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671573840","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3FAZQ2jVEyeqyiQB7"],"timestamp":1505325572512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568555","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_add r:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568737","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FS7RhoA94CA7tXRH3"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574115","status_msg":"OK","guid":"dcda4423-75f1-8e14-c567-080962fafc47","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} +{"threat:triage:score":10,"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325572512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574783","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568547","enrichmentjoinbolt:joiner:ts":"1492671574101","adapter:geoadapter:begin:ts":"1492671572509","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CD23C83kXKw966hJtc","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574780","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CD23C83kXKw966hJtc resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FS7RhoA94CA7tXRH3\"] host:comarksecu rity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:72.34.49.86 resp_fuids:[\"F3FAZQ2jVEyeqyiQB7\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671573840","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3FAZQ2jVEyeqyiQB7"],"timestamp":1505325572512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568555","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","e nrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568737","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FS7RhoA94CA7tXRH3"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574115","status_msg":"OK","guid":"dcda4423-75f1-8e14-c567-080962fafc47","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} {"create": { "_id": "350c0e9f-a9db-e100-871f-833cbe5b29d2"}} -{"bro_timestamp":1505325573512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574785","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671573840","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cbhgaw1IVL6NGqHpn2","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574782","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cbhgaw1IVL6NGqHpn2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4cZLM1Rfj48wYg1Pb\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574044","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4cZLM1Rfj48wYg1Pb"],"timestamp":1505325573512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568556","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitte rbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574780","status_msg":"OK","guid":"350c0e9f-a9db-e100-871f-833cbe5b29d2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} +{"threat:triage:score":9,"bro_timestamp":1505325573512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574785","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671573840","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cbhgaw1IVL6NGqHpn2","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574782","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cbhgaw1IVL6NGqHpn2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4cZLM1Rfj48wYg1Pb\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574044","ip_src_addr":"192.168.138.159","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4cZLM1Rfj48wYg1Pb"],"timestamp":1505325573512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568556","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":4 9209,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574780","status_msg":"OK","guid":"350c0e9f-a9db-e100-871f-833cbe5b29d2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} {"create": { "_id": "b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0"}} -{"bro_timestamp":1505325574512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671574045","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:100 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574109","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325574512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_ count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574782","guid":"b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0","response_body_len":0} +{"threat:triage:score":8,"bro_timestamp":1505325574512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671574045","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://nod e1:8080/ trans_depth:100 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574109","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325574512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,Se rviceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574782","guid":"b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0","response_body_len":0} {"create": { "_id": "acf5a641-9cdb-d7ec-c309-6ea316e14fbe"}} -{"bro_timestamp":1505325575512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:201 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325575512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_ count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"acf5a641-9cdb-d7ec-c309-6ea316e14fbe","response_body_len":0} +{"threat:triage:score":7,"bro_timestamp":1505325575512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://nod e1:8080/ trans_depth:201 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325575512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,Se rviceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"acf5a641-9cdb-d7ec-c309-6ea316e14fbe","response_body_len":0} {"create": { "_id": "32ac21dc-2d63-922a-859e-7b885d338edb"}} -{"bro_timestamp":1505325576512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":54,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:54 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121 ","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325576512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"32ac21dc-2d63-922a-859e-7b885d338edb","response_body_len":0} +{"threat:triage:score":2,"bro_timestamp":1505325576512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":54,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:54 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_d st_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325576512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"32ac21dc-2d63-922a-859e-7b885d338edb","response_body_len":0} {"create": { "_id": "07b29c29-9ab0-37dd-31d3-08ff19eaa888"}} -{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325577512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574805","enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CzXaqT1OEPg60SoJ31","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574802","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CzXaqT1OEPg60SoJ31 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6. 0) ts:1492671501.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574047","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574110","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325577512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568558","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","status_msg":"OK","guid" :"07b29c29-9ab0-37dd-31d3-08ff19eaa888","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} +{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325577512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574805","enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CzXaqT1OEPg60SoJ31","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574802","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CzXaqT1OEPg60SoJ31 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6. 0) ts:1492671501.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574047","ip_src_addr":"192.168.138.160","threatintelsplitterbolt:splitter:end:ts":"1492671574110","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325577512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568558","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","status_msg":"OK","guid" :"07b29c29-9ab0-37dd-31d3-08ff19eaa888","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "04a9e4c4-606d-0253-20b4-6e714603c2f2"}} {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325578512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574806","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574109","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671574047","uid":"CWHzfi498ODM7YJg6b","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574804","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CWHzfi498ODM7YJg6b RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671501.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts" :"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574110","qclass":1,"timestamp":1505325578512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574802","guid":"04a9e4c4-606d-0253-20b4-6e714603c2f2"} {"create": { "_id": "82f8046d-de35-8e8f-3081-bc03b17480dd"}} -{"qclass_name":"qclass-32769","bro_timestamp":1505325579512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574807","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CgtMqC3lAinR22Xi6c","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CgtMqC3lAinR22Xi6c RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qc lass":32769,"timestamp":1505325579512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574804","guid":"82f8046d-de35-8e8f-3081-bc03b17480dd"} +{"qclass_name":"qclass-32769","bro_timestamp":1505325579512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574807","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CgtMqC3lAinR22Xi6c","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CgtMqC3lAinR22Xi6c RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.65.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qc lass":32769,"timestamp":1505325579512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574804","guid":"82f8046d-de35-8e8f-3081-bc03b17480dd"} {"create": { "_id": "5c1825f6-75a4-4d5c-9961-f9da3abe3aec"}} -{"qclass_name":"C_INTERNET","bro_timestamp":1505325580512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1, "timestamp":1505325580512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"5c1825f6-75a4-4d5c-9961-f9da3abe3aec"} +{"qclass_name":"C_INTERNET","bro_timestamp":1505325580512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.0","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1, "timestamp":1505325580512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"5c1825f6-75a4-4d5c-9961-f9da3abe3aec"} {"create": { "_id": "9041285e-94a4-cd90-51f6-4da04a885b53"}} {"qclass_name":"C_INTERNET","bro_timestamp":1505325581512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"ChMDrL20pLP4UzCncj","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:ChMDrL20pLP4UzCncj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671507.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1, "timestamp":1505325581512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"9041285e-94a4-cd90-51f6-4da04a885b53"} {"create": { "_id": "9a969c64-b82c-f2c9-7178-cc001cb011a3"}} http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/e2e/utils/e2e_util.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/utils/e2e_util.ts b/metron-interface/metron-alerts/e2e/utils/e2e_util.ts index 9f9180c..428910a 100644 --- a/metron-interface/metron-alerts/e2e/utils/e2e_util.ts +++ b/metron-interface/metron-alerts/e2e/utils/e2e_util.ts @@ -2,66 +2,78 @@ import { browser, protractor, by, element, ElementFinder } from 'protractor'; import request = require('request'); import fs = require('fs'); +const expCond = protractor.ExpectedConditions; + export class UtilFun { public static async waitForElementPresence(element: ElementFinder): Promise<void> { - let EC = protractor.ExpectedConditions; await browser.wait( - EC.visibilityOf(element), - 10000, - `${element.locator()} was expected to be visible` + expCond.visibilityOf(element), + 10000, + `${element.locator()} was expected to be visible` ); } } -export function changeURL(url: string) { - return browser.get(url).then(() => { - return browser.getCurrentUrl().then((newURL) => { - return newURL; - }); +export class AutomationHelper { + + static readonly ID_ATTR: String = 'data-qe-id'; + + static getElementByQEId(qeId: String) { + const attr = AutomationHelper.ID_ATTR; + const selector = qeId.split(' ').map(qeIdPart => `[${attr}=${qeIdPart}]`).join(' '); + return element(by.css(selector)); + } + + static getTextByQEId(qeId: String) { + const el = AutomationHelper.getElementByQEId(qeId); + return browser.wait(protractor.ExpectedConditions.visibilityOf(el)) + .then(() => { + return el.getText(); }); + } +} + +export function changeURL(url: string) { + return browser.get(url).then(() => { + return browser.getCurrentUrl().then((newURL) => { + return newURL; + }); + }); } export function waitForURL(url: string) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.urlIs(url)); + return browser.wait(expCond.urlIs(url)); } export function waitForText(selector, text) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.textToBePresentInElement(element(by.css(selector)), text)).catch((error) => console.log(`waitForText:`, error));; + return browser.wait(expCond.textToBePresentInElement(element(by.css(selector)), text)).catch((error) => console.log(`waitForText:`, error));; } export function waitForTextChange(element, previousText) { - let EC = protractor.ExpectedConditions; if (previousText.trim().length === 0) { return waitForNonEmptyText(element); } - return browser.wait(EC.not(EC.textToBePresentInElement(element, previousText))).catch((error) => console.log(`${element.locator()} waitForTextChange:`, error)); + return browser.wait(expCond.not(expCond.textToBePresentInElement(element, previousText))).catch((error) => console.log(`${element.locator()} waitForTextChange:`, error)); } export function waitForElementInVisibility (_element ) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.invisibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementInVisibility:`, error)); + return browser.wait(expCond.invisibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementInVisibility:`, error)); } export function waitForElementPresence (_element ) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.presenceOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementPresence:`, error)); + return browser.wait(expCond.presenceOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementPresence:`, error)); } export function waitForElementVisibility (_element ) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.visibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementVisibility:`, error)); + return browser.wait(expCond.visibilityOf(_element)).catch((error) => console.log(`${_element.locator()} waitForElementVisibility:`, error)); } export function waitForElementPresenceAndvisbility(selector) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.visibilityOf(element(by.css(selector)))).catch((error) => console.log(`waitForElementPresenceAndvisbility: `, error)); + return browser.wait(expCond.visibilityOf(element(by.css(selector)))).catch((error) => console.log(`waitForElementPresenceAndvisbility: `, error)); } export function waitForStalenessOf (_element ) { - let EC = protractor.ExpectedConditions; - return browser.wait(EC.stalenessOf(_element)).catch((error) => console.log(`${_element.locator()} waitForStalenessOf: `, error)); + return browser.wait(expCond.stalenessOf(_element)).catch((error) => console.log(`${_element.locator()} waitForStalenessOf: `, error)); } export function waitForCssClass(elementFinder, desiredClass) { http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/protractor.conf.js ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/protractor.conf.js b/metron-interface/metron-alerts/protractor.conf.js index 219a8b4..3d35521 100644 --- a/metron-interface/metron-alerts/protractor.conf.js +++ b/metron-interface/metron-alerts/protractor.conf.js @@ -30,6 +30,7 @@ exports.config = { './e2e/alerts-list/configure-table/configure-table.e2e-spec.ts', './e2e/alerts-list/save-search/save-search.e2e-spec.ts', './e2e/alerts-list/tree-view/tree-view.e2e-spec.ts', + './e2e/alerts-list/table-view/table-view.e2e-spec.ts', './e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts', './e2e/alerts-list/alert-status/alerts-list-status.e2e-spec.ts', './e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts', http://git-wip-us.apache.org/repos/asf/metron/blob/4519f721/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html index 4793efa..027f57a 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/table-view/table-view.component.html @@ -12,7 +12,7 @@ the specific language governing permissions and limitations under the License. --> <div class="table-wrapper"> - <table class="table table-sm" metron-config-table [data]="alerts" [cellSelectable]="true" (onSort)="onSort($event)" style="white-space: nowrap;" (window:resize)="resize()" #table> + <table attr.data-qe-id="{{'alerts-table'}}" class="table table-sm" metron-config-table [data]="alerts" [cellSelectable]="true" (onSort)="onSort($event)" style="white-space: nowrap;" (window:resize)="resize()" #table> <thead> <tr> <th width="15" class="dropdown-cell"> </th> @@ -27,15 +27,15 @@ <ng-container *ngFor="let alert of alerts; let alertIndex = index;"> <ng-container *ngIf="!alert.source.metron_alert || alert.source.metron_alert.length === 0"> - <tr (click)="showDetails($event, alert)" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1}"> + <tr attr.data-qe-id="{{'row-' + alertIndex}}" (click)="showDetails($event, alert)" [ngClass]="{'selected' : selectedAlerts.indexOf(alert) != -1}"> <td width="15" class="icon-cell"></td> <td (click)="addFilter(threatScoreFieldName(), getScore(alert.source))"> <div appAlertSeverity [severity]="getScore(alert.source)"> - <a> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a> + <a attr.data-qe-id="{{'score'}}"> {{ hasScore(alert.source) ? getScore(alert.source) : '-' }} </a> </div> </td> - <td *ngFor="let column of alertsColumnsToDisplay" #cell> - <a (click)="addFilter(column.name, getValue(alert, column, false))" title="{{getValue(alert, column, true)}}" style="color:#689AA9"> + <td *ngFor="let column of alertsColumnsToDisplay; let columnIndex = index;" #cell> + <a attr.data-qe-id="{{'cell-' + columnIndex}}" (click)="addFilter(column.name, getValue(alert, column, false))" title="{{getValue(alert, column, true)}}" style="color:#689AA9"> {{ getValue(alert,column, true) | centerEllipses:20:cell }} </a> </td>
