[
https://issues.apache.org/jira/browse/METRON-2102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tibor Meller updated METRON-2102:
---------------------------------
Summary: [UI] Adding click-through navigation to Alerts table (was: [UI]
Impl Click Through navigation on Alerts UI)
> [UI] Adding click-through navigation to Alerts table
> ----------------------------------------------------
>
> Key: METRON-2102
> URL: https://issues.apache.org/jira/browse/METRON-2102
> Project: Metron
> Issue Type: Sub-task
> Reporter: Tibor Meller
> Assignee: Tibor Meller
> Priority: Major
>
> h2. Working Branch on github
> [https://github.com/tiborm/metron/tree/feature/click-through]
> The feature is by default turned on with a simple configuration so it
> immediately shows up on the Alert UI if you check out the branch above.
> h1. About the feature
> Click Through Navigation is a feature makes Metron Users able to reach other
> web services via dynamically created URLs by clicking link item in a context
> menu.
> This context menu (aka. click-through menu) is attached to the alerts table
> and the links are populated with alert data from the specific row of the
> table.
> h2. Attaching and configuring click-through menu to a column
> Items and URLs in the context menu based on a configuration (this is
> currently a JSON file). A configuration could be attached to a cell or a row.
> If you like to attach a menu configuration to a cell of a column you should
> use the field id (what field of the alert populates the column) to target the
> particular column.
> For example, the following configuration adding the "Whois Reputation
> Service" item to the context menu which appears if the user left click on a
> value in the "host" column:
> {
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern": "https://www.whois.com/whois/{}";
> }
> ]
> }
> Clicking on the item opens another browser tab and call the URL in the
> urlPattern config field. "{}" at the end of the pattern stands for being a
> default placeholder and it will be replaced by the value of the host field in
> the particular row which was clicked.
> But in the configuration, any available alert property field could be
> referenced like the following:
> {
> "host": [
> { "label": "Whois Reputation Service", "urlPattern":
> "https://www.whois.com/whois/
> {ip_src_addr}
>
> "
> }
> ]
> }
> In this case however the menu attached to the host column the place holder
> will be resolved with the value of the ip_src_addr field of the particular
> alert item.
> You can reference multiple fields and can combine default and specific
> placeholders:
> {
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern":
> "https://www.whois.com/whois/{}?srcip=\{ip_src_addr}&destip=\{ip_dest_addr}";
> }
> ]
> }
>
> Configuration to a particular column could contain multiple menu items like
> in the following example:
> "ip_src_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
> "
> },
> { "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
> {ip_src_addr}
>
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> h2. Attaching and configuring click-through menu to rows
>
> In the case of rows, we distinguish simple alerts and meta alerts. So these
> two types are configurable separately.
>
> {
> "alertEntry": [
>
> \{ "label": "Internal ticketing system", "urlPattern":
> "http://mytickets.org/tickets/ {id}
>
> "
> }
> ],
> "metaAlertEntry": [
>
> \{ "label": "MetaAlert specific item", "urlPattern":
> "http://mytickets.org/tickets/{id}
>
> "
> }
> ]
> }
>
>
> These two keyword: "alertEntry" and "metaAlertEntry" stand for configuring
> menu attached to alert and meta alert rows.
> When the user clicking on a value it is recognized as a cell/column specific
> click and the menu configured to the particular field/column will appear.
> If the user clicks outside of value (to the blank space between values) it
> will be recognized as a row click and alert or meta alert specific
> click-through menu will show up depending on the type of the row.
> h2. How to reach the config file
>
> The config JSON (until we providing an admin UI for this feature) is
> available for editing to field engineers or other professionals who have ssh
> access to metron deployment.
> In our Metron source code the click-through configuration JSON file
> available in the following path:
> /metron/metron-interface/metron-alerts/src/assets/context-menu.conf.json
> One can change this before deploying the UI to configure click-through
> menus. Or one can find the same config file on a deployed system by ssh to
> the system and following this path:
> /usr/metron/\{version}/web/alerts-ui/assets/context-menu.conf.json
>
>
>
> The default configuration at the time of writing looks like the following:
> {
> "alertEntry": [
>
> \{ "label": "Internal ticketing system", "urlPattern":
> "http://mytickets.org/tickets/ {id}
>
> "
> }
> ],
> "metaAlertEntry": [
>
> \{ "label": "MetaAlert specific item", "urlPattern":
> "http://mytickets.org/tickets/{id}
>
> "
> }
> ],
> "id": [
> {
> "label": "Dynamic menu item 01",
> "urlPattern": "http://mytickets.org/tickets/{}";
> }
> ],
> "ip_src_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}
> "
> },
> { "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr=
> {ip_src_addr}
>
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> "ip_dst_addr": [
>
> \{ "label": "IP Investigation Notebook", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip= {ip_dst_addr}
>
> "
> },
>
> \{ "label": "IP Conversation Investigation", "urlPattern":
> "http://zepellin.example.com:9000/notebook/someid?ip_src_addr={ip_src_addr}
> &ip_dst_addr=\{ip_dst_addr}"
> }
> ],
> "host": [
> {
> "label": "Whois Reputation Service",
> "urlPattern": "https://www.whois.com/whois/{}";
> }
> ]
> }
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
