Bugfix/10.2/402 incident response trigger select cause modal scroll (#413)

* Fixed Incident-response-trigger-select-cause-modal-scroll (#402)

* Fixed Incident-response-trigger-select-cause-modal-scroll (#402)

* Fixed Incident-response-trigger-select-cause-modal-scroll (#402)

* Fixed Incident-response-trigger-select-cause-modal-scroll (#402)

* Fixed Auditor crash try to parse (#405)

* Fixed Auditor crash try to parse (#405)

Author: mjabascal10

frontend/src/app/incident-response/shared/component/ir-create-rule/ir-create-rule.component.html

@@ -95,7 +95,7 @@
                       [label]="'Incident response automation is active'">
       </app-utm-toggle>
     </div>
-    <div *ngIf="step===2" class="configure-step mt-3 mb-3 has-fixed-height overflow-auto">
+    <div *ngIf="step===2" class="configure-step mt-3 mb-3">
 
       <div class="w-100">
         <div formArrayName="conditions">
@@ -179,17 +179,17 @@
         </div>-->
       </div>
       <div class="d-flex mt-3 flex-column">
-          <app-utm-toggle (toggleChange)="formRule.get('agentType').setValue($event)"
+        <div class="alert alert-info alert-styled-right mb-2 info-dismissible">
+          <span class="font-weight-semibold">Info! </span>
+          <span>Select the agent handling strategy for the automation. By default (not active), commands will run on specified platform agents if the trigger conditions and dataSource field value of the alert match. Alternatively, choose a default agent to run the automation if no other agent matches the criteria. If this option is active, commands will run only on specified platform agents if the trigger conditions and dataSource field value of the alert match, if not, the automation won't be executed.</span>
+        </div>
+          <app-utm-toggle (toggleChange)="onChangeToggle($event)"
                           [active]="formRule.get('agentType').value"
                           [emitAtStart]="false"
                           [customClass]="'pl-3'"
-                          [label]="'Agent handling strategy for the automation'"></app-utm-toggle>
-            <div class="alert alert-info alert-styled-right mt-1 info-dismissible">
-              <span class="font-weight-semibold">Info! </span>
-              <span>Select the agent handling strategy for the automation. By default, commands won't run on specified agents, even if the trigger conditions match. Alternatively, choose a default agent to run the automation if no other agent matches the criteria.</span>
-            </div>
+                          [label]="'Run on specific agent'"></app-utm-toggle>
       </div>
-      <div *ngIf="formRule.get('agentType').value" class="d-flex mt-3 flex-column">
+      <div *ngIf="!formRule.get('agentType').value" class="d-flex mt-2 flex-column">
         <div class="col-12 p-0">
           <label class="pb-1" for="exclude">Exclude agents</label>
           <ng-select [clearable]="false"
@@ -212,9 +212,9 @@
           </div>
         </div>
       </div>
-      <div *ngIf="!formRule.get('agentType').value" class="d-flex mt-3 flex-column">
-        <div  class="col-12 p-0">
-          <label class="pb-1" for="exclude">Default agents</label>
+      <div *ngIf="formRule.get('agentType').value" class="d-flex mt-2 flex-column">
+        <div  class="col-6 p-0">
+          <label class="pb-1" for="exclude">Default agent</label>
           <ng-select [clearable]="false"
                      [items]="agents"
                      [placeholder]="'Select agent'"

frontend/src/app/incident-response/shared/component/ir-create-rule/ir-create-rule.component.ts

@@ -54,7 +54,7 @@ export class IrCreateRuleComponent implements OnInit {
       conditions: this.fb.array([]),
       command: ['', Validators.required],
       active: [true],
-      agentType: [true],
+      agentType: [false],
       excludedAgents: [[]],
       defaultAgent: [''],
       agentPlatform: ['', Validators.required]
@@ -81,7 +81,7 @@ export class IrCreateRuleComponent implements OnInit {
         this.ruleConditions.push(ruleCondition);
         this.getAgents(this.formRule.get('agentPlatform').value);
         this.formRule.get('excludedAgents').setValue(this.rule.excludedAgents);
-        this.formRule.get('agentType').setValue(this.rule.excludedAgents.length > 0);
+        this.formRule.get('agentType').setValue(this.rule.excludedAgents.length === 0);
         this.formRule.get('defaultAgent').setValue(this.rule.defaultAgent);
       }
     } else if (this.alert) {
@@ -148,6 +148,9 @@ export class IrCreateRuleComponent implements OnInit {
   }
 
   nextStep() {
+    if (this.step === 3) {
+      this.formRule.get('command').setValue(this.command);
+    }
     this.stepCompleted.push(this.step);
     this.step += 1;
   }
@@ -194,7 +197,6 @@ export class IrCreateRuleComponent implements OnInit {
   }
 
   editRule() {
-    console.log('edit');
     const action = 'edited';
     const actionError = 'editing';
     this.clearAgentTypeSelection();
@@ -216,7 +218,7 @@ export class IrCreateRuleComponent implements OnInit {
   }
 
  clearAgentTypeSelection() {
-   if (!this.formRule.get('agentType').value) {
+   if (this.formRule.get('agentType').value) {
      this.formRule.get('excludedAgents').setValue([]);
    } else {
      this.formRule.get('defaultAgent').setValue('');
@@ -247,13 +249,13 @@ export class IrCreateRuleComponent implements OnInit {
   }
 
   isDisable(step: number) {
-    console.log((!this.formRule.get('agentType').value && this.formRule.get('defaultAgent').value === ''));
     switch (step) {
       case 1:
         return !this.formRule.get('name').valid || !this.formRule.get('description').valid || this.exist;
       case 2:
         return !this.formRule.get('agentPlatform').valid || this.ruleConditions.length === 0
-            || (!this.formRule.get('agentType').value && !this.formRule.get('defaultAgent').value);
+            || !this.ruleConditions.valid
+            || (this.formRule.get('agentType').value && !this.formRule.get('defaultAgent').value);
       case 3:
         return !this.command || this.command === '';
     }
@@ -283,8 +285,13 @@ export class IrCreateRuleComponent implements OnInit {
     });
   }
 
-  onChangeToggle() {
-
+  onChangeToggle($event) {
+    if ($event ) {
+      this.formRule.get('excludedAgents').setValue([]);
+    } else {
+      this.formRule.get('defaultAgent').setValue('');
+    }
+    this.formRule.get('agentType').setValue($event);
   }
 
 }

frontend/src/app/incident-response/shared/component/ir-summary/ir-summary.component.html

@@ -19,7 +19,7 @@
     </span>
 
 
-    <ng-container *ngIf="agentType">
+    <ng-container *ngIf="!agentType">
       <span>
         Importantly, the automation excludes designated agents, such as
       </span>
@@ -28,7 +28,7 @@
       </span>
     </ng-container>
 
-    <ng-container *ngIf="!agentType">
+    <ng-container *ngIf="agentType">
       <span>
         In case none of the agents satisfy the specified conditions, the automation will smoothly revert and execute on the default agent,
         <span class="badge p-1 border-1 badge-flat font-weight-light border-info-800 text-info-800 mr-2 mb-2">
@@ -44,7 +44,7 @@
     <span>
      Crucially, when these conditions are met, the automation will proceed to execute the following action:
     </span>
-    <app-utm-code-view [code]="command" [allowCopy]="true"></app-utm-code-view>
+    <app-utm-code-view class="w-100 mt-1" [code]="command" [allowCopy]="false"></app-utm-code-view>
   </div>
 </div>
 

user-auditor/src/main/java/com/utmstack/userauditor/model/winevent/WinEventLog.java

@@ -19,16 +19,17 @@ public class WinEventLog{
     public ArrayList<String> keywords;
     public String level;
     public String log_name;
-    public String message;
+
+    public String mesage;
     public String opcode;
-    public int process_id;
+    public String process_id;
     public String provider_guid;
-    public int record_number;
+    public String record_number;
     public String source_name;
     public ArrayList<String> tags;
     public String task;
-    public int thread_id;
-    public int version;
+    public String thread_id;
+    public String version;
 }