Import set priority and remove severity

airbus-cyber · Jul 3, 2024 · d794419 · d794419
1 parent ca48a98
commit d794419
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 6 deletions.
diff --git a/src/web/wizard/logic/RulesImportExport.js b/src/web/wizard/logic/RulesImportExport.js
@@ -62,11 +62,40 @@ function normalizeSearchQueryParameters(alertRule, condition_parameters) {
     return result;
 }
 
+function convertSeverityToPriority(severity) {
+    switch (severity.toUpperCase()) {
+        case "INFO" | "LOW" :
+            return 1;
+        case "MEDIUM" :
+            return 2;
+        case "HIGH" :
+            return 3;
+        default :
+            return 1;
+    }
+}
+
+function normalizePriority(alertRule) {
+    const severity = alertRule.notification_parameters.severity;
+    if(severity) {
+        const priority = convertSeverityToPriority(severity);
+        let result = {...alertRule, priority};
+
+        delete result.notification_parameters.severity;
+        delete result.severity;
+        return result;
+    } else {
+        return alertRule;
+    }
+}
+
 function normalizeImportedRule(rule) {
     let condition_parameters = normalizeConditionParameters(rule.condition_parameters, rule.title);
     condition_parameters = normalizeSearchQueryParameters(rule, condition_parameters);
-    let severity = rule.notification_parameters.severity;
-    return { ...rule, severity, condition_parameters };
+    let normalizedRule = { ...rule, condition_parameters };
+    normalizedRule = normalizePriority(normalizedRule);
+
+    return normalizedRule;
 }
 
 export default {
@@ -80,7 +109,7 @@ export default {
 
     createExportDataFromRules(rules) {
         return {
-            version: '1.0.1',
+            version: '1.0.2',
             rules: rules
         }
     }

diff --git a/src/web/wizard/logic/RulesImportExport.test.js b/src/web/wizard/logic/RulesImportExport.test.js
@@ -282,10 +282,10 @@ describe('RulesImport.normalizeImportedRules', () => {
         expect(result.length).toBe(1)
     });
 
-    it('should set severity', () => {
+    it('should set priority and remove severity', () => {
        const rule = [{
             'notification_parameters': {
-                'severity': 'INFO',
+                'severity': 'MEDIUM',
                 'log_body': 'type: alert\nid: ${logging_alert.id}\nseverity: ${logging_alert.severity}\napp: graylog\nsubject: ${event_definition_title}\nbody: ${event_definition_description}\n${if backlog && backlog[0]} src: ${backlog[0].fields.src_ip}\nsrc_category: ${backlog[0].fields.src_category}\ndest: ${backlog[0].fields.dest_ip}\ndest_category: ${backlog[0].fields.dest_category}\n${end}',
                 'split_fields': [],
                 'single_notification': false,
@@ -305,13 +305,16 @@ describe('RulesImport.normalizeImportedRules', () => {
                 'field_rule': [{'field': 'a', 'type': 1, 'value': 'a', 'id': '62e7ae768a47ae63221aad48'}],
                 'id': '62e7ae768a47ae63221aad46'
             },
+            'severity': 'MEDIUM',
             'title': 'a',
             'description': null,
             'condition_type': 'COUNT',
             'second_stream': {'matching_type': '', 'field_rule': [], 'id': ''}
         }];
         const result = RulesImportExport.normalizeImportedRules(rule)
-        expect(result[0].severity).toBe('INFO')
+        expect(result[0].priority).toBe(2)
+        expect(result[0].severity).toBe(undefined)
+        expect(result[0].notification_parameters.severity).toBe(undefined)
     });
 
     it('should convert additional threshold type LESS into <', () => {