Fixed further usecase mappings

Author: frikky

blobs.go

@@ -312,29 +312,8 @@ func GetUsecaseData() string {
 				"blogpost": "https://medium.com/shuffle-automation/introducing-shuffle-an-open-source-soar-platform-part-1-58a529de7d12",
 				"reference_image": "/images/detectionframework.png",
                 "items": {}
-            },
-            {
-				"type": "cases",
-				"last": "cases",
-                "name": "2-way Ticket synchronization",
-				"priority": 20,
-                "items": {}
-            },
-            {
-                "name": "ChatOps",
-				"priority": 60,
-				"type": "communication",
-				"last": "cases",
-                "items": {}
-            },
-            {
-                "name": "Threat Intel received",
-				"priority": 20,
-				"type": "intel",
-				"last": "cases",
-                "items": {}
-            }
-        ]
+            }        
+		]
     },
     {
         "name": "2. Enrich",
@@ -451,79 +430,31 @@ func GetUsecaseData() string {
         "color": "#4885ed",
         "list": [
             {
-                "name": "Eradicate malware",
-				"priority": 90,
-				"type": "intel",
-				"last": "edr",
-                "items": {}
-            },
-            {
-                "name": "Quarantine host(s)",
-				"priority": 90,
+                "name": "Isolate Host",
+				"old_name": "Quarantine host(s)",
+				"priority": 80,
 				"type": "edr",
                 "items": {}
             },
             {
-                "name": "Update Outdated Software",
-				"priority": 70,
-				"type": "assets",
-                "items": {}
-            },
-            {
-                "name": "Block IPs, URLs, Domains and Hashes",
-				"priority": 90,
+                "name": "Block an IP",
+				"old_name": "Block IPs, URLs, Domains and Hashes",
+				"priority": 75,
 				"type": "network",
                 "items": {}
             },
             {
-                "name": "Trigger scans",
-				"priority": 50,
-				"type": "assets",
-                "items": {}
-            },
-            {
-                "name": "Update indicators (FW, EDR, SIEM...)",
-				"priority": 50,
-				"type": "intel",
-				"last": "siem",
-                "items": {}
-            },
-            {
-                "name": "Autoblock activity when threat intel is received",
-				"priority": 50,
-				"type": "intel",
-				"last": "iam",
-                "items": {}
-            },
-            {
-                "name": "Lock/Delete/Reset account",
-				"priority": 50,
-				"type": "iam",
-                "items": {}
-            },
-            {
-                "name": "Lock vault",
+                "name": "Kill a process",
 				"priority": 50,
-				"type": "iam",
+				"type": "edr",
                 "items": {}
             },
             {
-                "name": "Increase authentication",
-				"priority": 50,
+                "name": "Lock account",
+				"old_name": "Lock/Delete/Reset account",
+				"priority": 70,
 				"type": "iam",
                 "items": {}
-            },
-            {
-                "name": "Get policies from assets",
-				"priority": 50,
-				"type": "assets",
-                "items": {}
-            },
-            {
-                "name": "Run ansible scripts",
-				"type": "assets",
-				"priority": 50,
-                "items": {}
             }
         ]
     },

codegen.go

@@ -3790,7 +3790,9 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error
 	baseUrl := os.Getenv("BASE_URL")
 	log.Printf("[DEBUG] Trying to download image %s from backend %s as it doesn't exist. All images: %#v", imageName, baseUrl, downloadedImages)
 
-	downloadedImages = append(downloadedImages, imageName)
+	if !ArrayContains(downloadedImages, imageName) {
+		downloadedImages = append(downloadedImages, imageName)
+	}
 
 	data := fmt.Sprintf(`{"name": "%s"}`, imageName)
 	dockerImgUrl := fmt.Sprintf("%s/api/v1/get_docker_image", baseUrl)
@@ -3876,6 +3878,13 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error
 		return errors.New(string(body))
 	}
 
+	os.Remove(newFileName)
+
+	if strings.Contains(strings.ToLower(string(body)), "error") {
+		log.Printf("[ERROR] Error loading image %s: %s", imageName, string(body))
+		return errors.New(string(body))
+	}
+
 	baseTag := strings.Split(imageName, ":")
 	if len(baseTag) > 1 {
 		tag := baseTag[1]
@@ -3891,8 +3900,6 @@ func DownloadDockerImageBackend(topClient *http.Client, imageName string) error
 
 	}
 
-	os.Remove(newFileName)
-
 	log.Printf("[INFO] Successfully loaded image %s: %s", imageName, string(body))
 	return nil
 }

shared.go

@@ -3289,11 +3289,14 @@ func HandleGetEnvironments(resp http.ResponseWriter, request *http.Request) {
 	// Here as well as in db-connector due to cache handling
 	timenow := time.Now().Unix()
 	for envIndex, env := range newEnvironments {
-		if newEnvironments[envIndex].Type == "onprem" {
-			if env.Checkin > 0 && timenow-env.Checkin > 90 {
-				newEnvironments[envIndex].RunningIp = ""
-				newEnvironments[envIndex].Licensed = false
-			}
+		if newEnvironments[envIndex].Type != "onprem" {
+			continue
+		}
+
+		if env.Checkin > 0 && timenow-env.Checkin > 90 && len(newEnvironments[envIndex].RunningIp) > 0 {
+			log.Printf("[DEBUG] Resetting environment %s (%s) due to inactivity", env.Name, env.Id)
+			newEnvironments[envIndex].RunningIp = ""
+			newEnvironments[envIndex].Licensed = false
 		}
 	}
 
@@ -12886,6 +12889,7 @@ func GetOpenIdUrl(request *http.Request, org Org) string {
 }
 
 func GetRequestIp(r *http.Request) string {
+	// Check the actual IP that is inbound
 	forwardedFor := r.Header.Get("X-Forwarded-For")
 	if forwardedFor != "" {
 		// The X-Forwarded-For header can contain a comma-separated list of IP addresses.
@@ -12934,9 +12938,13 @@ func GetRequestIp(r *http.Request) string {
 		}
 	}
 
+	// IPv6 / localhostm apping. Just returning raw.
+	if strings.Contains(r.RemoteAddr, "::") || strings.Contains(r.RemoteAddr, "127.0.0.1") || strings.Contains(r.RemoteAddr, "localhost") {
+		return r.RemoteAddr
+	}
+
 	// If neither header is present, fall back to using the RemoteAddr field.
 	// Check for IPv6 and split accordingly.
-
 	re := regexp.MustCompile(`\[[^\]]+\]`)
 	remoteAddr := re.ReplaceAllString(r.RemoteAddr, "")
 	if remoteAddr != "" {
@@ -27839,7 +27847,7 @@ func DistributeAppToEnvironments(ctx context.Context, org Org, appnames []string
 		request := ExecutionRequest{
 			Type:              "DOCKER_IMAGE_DOWNLOAD",
 			ExecutionId:       uuid.NewV4().String(),
-			ExecutionArgument: strings.Join(appnames, ","),
+			ExecutionArgument: fmt.Sprintf("%s,%s", strings.ToLower(strings.Join(appnames, ",")), strings.Join(appnames, ",")),
 			Priority:          11,
 		}