diff --git a/CHANGELOG.md b/CHANGELOG.md index 5203fe2..dfca17a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,11 @@ Versioning](https://semver.org/spec/v2.0.0.html). - The paginated GraphQL queries use different representations for cursors. The cursor values obtained from earlier versions of the API are not compatible with the new cursor values. +- Replaced the term source with sensor, where it refers to a device or software + that captures or detects raw events. This update broadly affects GraphQL APIs + that previously used source field as a parameter, and GraphQL APIs that return + event, outlier, or triage related structs. +- Updated review-database to 0.33.0. ### Fixed diff --git a/Cargo.toml b/Cargo.toml index 9c1f4ba..584cd78 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ num-traits = "0.2" reqwest = { version = "0.12", default-features = false, features = [ "rustls-tls-native-roots", ] } -review-database = { git = "https://github.com/petabi/review-database.git", tag = "0.32.0" } +review-database = { git = "https://github.com/petabi/review-database.git", tag = "0.33.0" } roxy = { git = "https://github.com/aicers/roxy.git", tag = "0.3.0" } rustls = { version = "0.23", default-features = false, features = [ "ring", diff --git a/README.md b/README.md index b535040..31aebb8 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # review-web This project aims to provide an easy-to-use interface for the REview system, -allowing users to manage and analyze events from various sources. The web +allowing users to manage and analyze events from various sensors. The web interface is built using modern web technologies, and it exposes a GraphQL API for flexible data querying and manipulation. diff --git a/src/graphql/event.rs b/src/graphql/event.rs index 0ce6a6c..454b0ec 100644 --- a/src/graphql/event.rs +++ b/src/graphql/event.rs @@ -1190,11 +1190,11 @@ mod tests { use crate::graphql::TestSchema; - /// Creates an event message at `timestamp` with the given source and + /// Creates an event message at `timestamp` with the given sensor and /// destination `IPv4` addresses. fn event_message_at(timestamp: DateTime, src: u32, dst: u32) -> EventMessage { let fields = DnsEventFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), session_end_time: timestamp, src_addr: Ipv4Addr::from(src).into(), src_port: 10000, @@ -1367,7 +1367,7 @@ mod tests { sensors: [0], \ }}, \ ) {{ \ - edges {{ node {{... on DnsCovertChannel {{ time, source }} }} }} \ + edges {{ node {{... on DnsCovertChannel {{ time, sensor }} }} }} \ totalCount \ }} \ }}", @@ -1376,7 +1376,7 @@ mod tests { let res = schema.execute(&query).await; assert_eq!( res.data.to_string(), - r#"{eventList: {edges: [{node: {time: "2018-01-27T18:30:09.453829+00:00", source: "sensor1"}}], totalCount: 1}}"# + r#"{eventList: {edges: [{node: {time: "2018-01-27T18:30:09.453829+00:00", sensor: "sensor1"}}], totalCount: 1}}"# ); } @@ -1708,7 +1708,7 @@ mod tests { .and_local_timezone(Utc) .unwrap(); let fields = BlockListDhcpFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), src_addr: Ipv4Addr::new(127, 0, 0, 1).into(), src_port: 68, dst_addr: Ipv4Addr::new(127, 0, 0, 2).into(), @@ -1797,7 +1797,7 @@ mod tests { .and_local_timezone(Utc) .unwrap(); let fields = BlockListBootpFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), src_addr: Ipv4Addr::new(127, 0, 0, 1).into(), src_port: 68, dst_addr: Ipv4Addr::new(127, 0, 0, 2).into(), @@ -1879,7 +1879,7 @@ mod tests { .and_local_timezone(Utc) .unwrap(); let fields = DnsEventFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), session_end_time: timestamp, src_addr: Ipv4Addr::from(1).into(), src_port: 10000, @@ -1936,7 +1936,7 @@ mod tests { .and_local_timezone(Utc) .unwrap(); let fields = BlockListTlsFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), src_addr: Ipv4Addr::from(1).into(), src_port: 10000, dst_addr: Ipv4Addr::from(2).into(), diff --git a/src/graphql/event/bootp.rs b/src/graphql/event/bootp.rs index 52a1589..a35a3c8 100644 --- a/src/graphql/event/bootp.rs +++ b/src/graphql/event/bootp.rs @@ -15,8 +15,8 @@ impl BlockListBootp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/conn.rs b/src/graphql/event/conn.rs index 52c8115..60f32a6 100644 --- a/src/graphql/event/conn.rs +++ b/src/graphql/event/conn.rs @@ -320,8 +320,8 @@ impl BlockListConn { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/dcerpc.rs b/src/graphql/event/dcerpc.rs index 6d5acd6..9af4e31 100644 --- a/src/graphql/event/dcerpc.rs +++ b/src/graphql/event/dcerpc.rs @@ -15,8 +15,8 @@ impl BlockListDceRpc { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/dhcp.rs b/src/graphql/event/dhcp.rs index cdc60c4..7884d9b 100644 --- a/src/graphql/event/dhcp.rs +++ b/src/graphql/event/dhcp.rs @@ -15,8 +15,8 @@ impl BlockListDhcp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/dns.rs b/src/graphql/event/dns.rs index 74e9481..37d7589 100644 --- a/src/graphql/event/dns.rs +++ b/src/graphql/event/dns.rs @@ -16,8 +16,8 @@ impl DnsCovertChannel { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn session_end_time(&self) -> DateTime { @@ -163,8 +163,8 @@ impl LockyRansomware { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn session_end_time(&self) -> DateTime { @@ -309,8 +309,8 @@ impl CryptocurrencyMiningPool { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -451,8 +451,8 @@ impl BlockListDns { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/ftp.rs b/src/graphql/event/ftp.rs index 5240223..f3f6f00 100644 --- a/src/graphql/event/ftp.rs +++ b/src/graphql/event/ftp.rs @@ -115,8 +115,8 @@ impl FtpPlainText { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -254,8 +254,8 @@ impl BlockListFtp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/group.rs b/src/graphql/event/group.rs index 5904345..7370180 100644 --- a/src/graphql/event/group.rs +++ b/src/graphql/event/group.rs @@ -445,7 +445,7 @@ mod tests { /// destination `IPv4` addresses. fn event_message_at(timestamp: DateTime, src: u32, dst: u32) -> EventMessage { let fields = DnsEventFields { - source: "sensor1".to_string(), + sensor: "sensor1".to_string(), session_end_time: timestamp, src_addr: Ipv4Addr::from(src).into(), src_port: 10000, diff --git a/src/graphql/event/http.rs b/src/graphql/event/http.rs index 826723d..e5c323a 100644 --- a/src/graphql/event/http.rs +++ b/src/graphql/event/http.rs @@ -16,8 +16,8 @@ impl HttpThreat { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -238,8 +238,8 @@ impl RepeatedHttpSessions { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -328,8 +328,8 @@ impl TorConnection { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn session_end_time(&self) -> DateTime { @@ -514,8 +514,8 @@ impl DomainGenerationAlgorithm { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -700,8 +700,8 @@ impl NonBrowser { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -882,8 +882,8 @@ impl BlockListHttp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/kerberos.rs b/src/graphql/event/kerberos.rs index 2b44ee9..05885a9 100644 --- a/src/graphql/event/kerberos.rs +++ b/src/graphql/event/kerberos.rs @@ -15,8 +15,8 @@ impl BlockListKerberos { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/ldap.rs b/src/graphql/event/ldap.rs index 43ea44f..b906bef 100644 --- a/src/graphql/event/ldap.rs +++ b/src/graphql/event/ldap.rs @@ -115,8 +115,8 @@ impl LdapPlainText { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -235,8 +235,8 @@ impl BlockListLdap { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/log.rs b/src/graphql/event/log.rs index 3f6a61f..33f5bfa 100644 --- a/src/graphql/event/log.rs +++ b/src/graphql/event/log.rs @@ -16,8 +16,8 @@ impl ExtraThreat { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn service(&self) -> &str { diff --git a/src/graphql/event/mqtt.rs b/src/graphql/event/mqtt.rs index 80cb62a..7f73bc3 100644 --- a/src/graphql/event/mqtt.rs +++ b/src/graphql/event/mqtt.rs @@ -15,8 +15,8 @@ impl BlockListMqtt { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/network.rs b/src/graphql/event/network.rs index cc80ac2..287f778 100644 --- a/src/graphql/event/network.rs +++ b/src/graphql/event/network.rs @@ -16,8 +16,8 @@ impl NetworkThreat { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/nfs.rs b/src/graphql/event/nfs.rs index 7d785a4..7af33d2 100644 --- a/src/graphql/event/nfs.rs +++ b/src/graphql/event/nfs.rs @@ -15,8 +15,8 @@ impl BlockListNfs { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/ntlm.rs b/src/graphql/event/ntlm.rs index 520ce67..abb3ab0 100644 --- a/src/graphql/event/ntlm.rs +++ b/src/graphql/event/ntlm.rs @@ -15,8 +15,8 @@ impl BlockListNtlm { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/rdp.rs b/src/graphql/event/rdp.rs index 7df3019..3f9f67f 100644 --- a/src/graphql/event/rdp.rs +++ b/src/graphql/event/rdp.rs @@ -108,8 +108,8 @@ impl BlockListRdp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/smb.rs b/src/graphql/event/smb.rs index 70cf012..ed75107 100644 --- a/src/graphql/event/smb.rs +++ b/src/graphql/event/smb.rs @@ -15,8 +15,8 @@ impl BlockListSmb { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/smtp.rs b/src/graphql/event/smtp.rs index 995c98c..26dfc23 100644 --- a/src/graphql/event/smtp.rs +++ b/src/graphql/event/smtp.rs @@ -15,8 +15,8 @@ impl BlockListSmtp { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/ssh.rs b/src/graphql/event/ssh.rs index d8005c0..b5ecb8e 100644 --- a/src/graphql/event/ssh.rs +++ b/src/graphql/event/ssh.rs @@ -15,8 +15,8 @@ impl BlockListSsh { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/event/sysmon.rs b/src/graphql/event/sysmon.rs index 237f010..ba6de92 100644 --- a/src/graphql/event/sysmon.rs +++ b/src/graphql/event/sysmon.rs @@ -16,8 +16,8 @@ impl WindowsThreat { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn service(&self) -> &str { diff --git a/src/graphql/event/tls.rs b/src/graphql/event/tls.rs index 89c327a..73fb82f 100644 --- a/src/graphql/event/tls.rs +++ b/src/graphql/event/tls.rs @@ -15,8 +15,8 @@ impl BlockListTls { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { @@ -193,8 +193,8 @@ impl SuspiciousTlsTraffic { self.inner.time } - async fn source(&self) -> &str { - &self.inner.source + async fn sensor(&self) -> &str { + &self.inner.sensor } async fn src_addr(&self) -> String { diff --git a/src/graphql/node/status.rs b/src/graphql/node/status.rs index 4a2f233..cb001ad 100644 --- a/src/graphql/node/status.rs +++ b/src/graphql/node/status.rs @@ -465,7 +465,7 @@ mod tests { #[tokio::test] async fn check_node_status_list_ordering() { let mut online_apps_by_host_id = HashMap::new(); - insert_apps("collect", &["sensor"], &mut online_apps_by_host_id); + insert_apps("collector", &["sensor1"], &mut online_apps_by_host_id); insert_apps( "analysis", &["semi-supervised", "unsupervised"], @@ -588,7 +588,7 @@ mod tests { description: "This node has the Sensor.", hostname: "admin.aice-security.com", agents: [{ - key: "sensor@collect" + key: "sensor1@collector" kind: SENSOR status: ENABLED }] diff --git a/src/graphql/outlier.rs b/src/graphql/outlier.rs index c892250..ff9ba9a 100644 --- a/src/graphql/outlier.rs +++ b/src/graphql/outlier.rs @@ -315,7 +315,7 @@ pub(super) struct RankedOutlier { model_id: i32, timestamp: i64, rank: i64, - source: String, + sensor: String, distance: f64, saved: bool, } @@ -327,7 +327,7 @@ impl From for RankedOutlier { model_id: input.model_id, timestamp: input.timestamp, rank: input.rank, - source: input.source, + sensor: input.sensor, distance: input.distance, saved: input.is_saved, } @@ -347,7 +347,7 @@ struct PreserveOutliersInput { model_id: i32, timestamp: i64, rank: i64, - source: String, + sensor: String, } impl From for review_database::OutlierInfoKey { @@ -357,7 +357,7 @@ impl From for review_database::OutlierInfoKey { timestamp: input.timestamp, rank: input.rank, id: input.id, - source: input.source, + sensor: input.sensor, } } } @@ -367,7 +367,7 @@ pub struct PreserveOutliersOutput { id: i64, model_id: i32, timestamp: i64, - source: String, + sensor: String, } impl From for PreserveOutliersOutput { @@ -376,7 +376,7 @@ impl From for PreserveOutliersOutput { model_id: input.model_id, timestamp: input.timestamp, id: input.id, - source: input.source, + sensor: input.sensor, } } } @@ -395,8 +395,8 @@ impl PreserveOutliersOutput { StringNumber(self.timestamp) } - async fn source(&self) -> String { - self.source.to_string() + async fn sensor(&self) -> String { + self.sensor.to_string() } } @@ -582,7 +582,7 @@ fn check_filter_to_ranked_outlier( ) -> Result { if let Some(filter) = filter { if filter.remark.is_some() || tag_id_list.is_some() { - if let Some(value) = remarks_map.get(&node.source, &Utc.timestamp_nanos(node.id))? { + if let Some(value) = remarks_map.get(&node.sensor, &Utc.timestamp_nanos(node.id))? { if let Some(remark) = &filter.remark { if !value.remarks.contains(remark) { return Ok(false); @@ -769,7 +769,7 @@ mod tests { timestamp, rank, id, - source: "test".to_string(), + sensor: "test".to_string(), distance, is_saved, } @@ -1035,7 +1035,7 @@ mod tests { ); let to_save = start; - let to_preserve = format!("[{{id: {to_save}, modelId: {model}, timestamp: {}, rank: {to_save}, source: \"test\"}}]", t.timestamp_nanos_opt().unwrap()); + let to_preserve = format!("[{{id: {to_save}, modelId: {model}, timestamp: {}, rank: {to_save}, sensor: \"test\"}}]", t.timestamp_nanos_opt().unwrap()); let res = schema .execute(&format!( "mutation {{ @@ -1043,7 +1043,7 @@ mod tests { id modelId timestamp - source + sensor }} }}" )) @@ -1053,7 +1053,7 @@ mod tests { let saved = start + 1; let to_preserve = format!( - "[{{id: {saved}, modelId: {model}, timestamp: {}, rank: {saved}, source: \"test\"}}]", + "[{{id: {saved}, modelId: {model}, timestamp: {}, rank: {saved}, sensor: \"test\"}}]", t.timestamp_nanos_opt().unwrap() ); let res = schema @@ -1063,12 +1063,12 @@ mod tests { id modelId timestamp - source + sensor }} }}" )) .await; - let expect = format!("{{preserveOutliers: [{{id: \"{saved}\", modelId: {model}, timestamp: \"{}\", source: \"test\"}}]}}", t.timestamp_nanos_opt().unwrap()); + let expect = format!("{{preserveOutliers: [{{id: \"{saved}\", modelId: {model}, timestamp: \"{}\", sensor: \"test\"}}]}}", t.timestamp_nanos_opt().unwrap()); assert_eq!(res.data.to_string(), expect); } } diff --git a/src/graphql/triage.rs b/src/graphql/triage.rs index 2c50133..61ff315 100644 --- a/src/graphql/triage.rs +++ b/src/graphql/triage.rs @@ -537,7 +537,7 @@ mod tests { r#" mutation { insertTriageResponse( - source: "collect" + sensor: "sensor1" time: "2023-02-14 14:54:46.083902898 +00:00" tagIds: [1, 2, 3] remarks: "Hello World" @@ -556,13 +556,13 @@ mod tests { id: "0" old: { key: [ - 99, - 111, - 108, - 108, + 115, 101, - 99, - 116, + 110, + 115, + 111, + 114, + 49, 23, 67, 184, @@ -577,13 +577,13 @@ mod tests { } new: { key: [ - 99, - 111, - 108, - 108, + 115, 101, - 99, - 116, + 110, + 115, + 111, + 114, + 49, 23, 67, 184, diff --git a/src/graphql/triage/response.rs b/src/graphql/triage/response.rs index 77d3696..9e3333a 100644 --- a/src/graphql/triage/response.rs +++ b/src/graphql/triage/response.rs @@ -93,12 +93,12 @@ impl super::TriageResponseQuery { async fn triage_response( &self, ctx: &Context<'_>, - source: String, + sensor: String, time: DateTime, ) -> Result> { let store = crate::graphql::get_store(ctx).await?; let map = store.triage_response_map(); - Ok(map.get(&source, &time)?.map(Into::into)) + Ok(map.get(&sensor, &time)?.map(Into::into)) } } @@ -124,12 +124,12 @@ impl super::TriageResponseMutation { async fn insert_triage_response( &self, ctx: &Context<'_>, - source: String, + sensor: String, time: DateTime, tag_ids: Vec, remarks: String, ) -> Result { - let pol = review_database::TriageResponse::new(source, time, tag_ids, remarks); + let pol = review_database::TriageResponse::new(sensor, time, tag_ids, remarks); let store = crate::graphql::get_store(ctx).await?; let map = store.triage_response_map(); let id = map.put(pol)?;