2022-02-14 22:22:31 +08:00
|
|
|
|
<template>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
<div class="detection-detail-overview">
|
|
|
|
|
|
<div class="overview__left">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="overview__title">{{ $t('overall.remark') }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
<div class="overview__row">
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content1" v-if="detection.eventType === 'Command and Control' && detection.isBuiltin == 1">
|
2023-10-24 20:58:03 +08:00
|
|
|
|
<span class="row__content--link">{{detection.victimIp}}</span> communicated with <span class="row__content--link">{{detection.offenderIp}}</span> that was associated with the indicator of {{detection.eventName}} activity, {{$_.get(detection, 'eventInfoObj.ioc_value', '') || ''}}.
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content1" v-else-if="detection.eventType === 'Anonymity' && detection.isBuiltin == 1">
|
2023-10-24 20:58:03 +08:00
|
|
|
|
<span class="row__content--link">{{detection.victimIp}}</span> communicated with <span class="row__content--link">{{detection.offenderIp}}</span> that was associated with the indicator of {{detection.eventName}}.
|
2023-10-24 20:20:56 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="row__content1" v-else>
|
|
|
|
|
|
{{basicInfo.ruleDescription || '-'}}
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__title">Fields</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detection.list.startTime') }}</div>
|
|
|
|
|
|
<div class="row__content">
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<i class="cn-icon cn-icon-time2 row__content__icon"></i>
|
|
|
|
|
|
{{ detection.startTime ? dateFormatByAppearance(detection.startTime) : '-' }}
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.victimIp') }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="row__content">{{ detection.victimIp || '-' }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.victimLocation') }}</div>
|
2023-10-24 18:11:17 +08:00
|
|
|
|
<div class="row__content">
|
|
|
|
|
|
<div v-if="$_.get(basicInfo, 'victimInfo.location.country')">
|
|
|
|
|
|
<img v-if="basicInfo.victimInfo.location.country===countryNameIdMapping.Unknown || !countryNameIdMapping[basicInfo.victimInfo.location.country]" src="../../../../public/images/flag/Unknown.svg" class="filter-country-flag">
|
|
|
|
|
|
<img v-else :src="require(`../../../../public/images/flag/${countryNameIdMapping[basicInfo.victimInfo.location.country]}.png`)" class="filter-country-flag" >
|
|
|
|
|
|
</div>
|
|
|
|
|
|
{{ locationRegion(basicInfo.victimInfo) }}
|
|
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.victimAsn') }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'victimInfo.asn.asn', '-') || '-' }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.offenderIp') }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="row__content">{{ detection.offenderIp || '-' }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.offenderLocation') }}</div>
|
2023-10-24 18:11:17 +08:00
|
|
|
|
<div class="row__content">
|
|
|
|
|
|
<div v-if="$_.get(basicInfo, 'offenderInfo.location.country')">
|
|
|
|
|
|
<img v-if="basicInfo.offenderInfo.location.country===countryNameIdMapping.Unknown || !countryNameIdMapping[basicInfo.offenderInfo.location.country]" src="../../../../public/images/flag/Unknown.svg" class="filter-country-flag">
|
|
|
|
|
|
<img v-else :src="require(`../../../../public/images/flag/${countryNameIdMapping[basicInfo.offenderInfo.location.country]}.png`)" class="filter-country-flag" >
|
|
|
|
|
|
</div>
|
|
|
|
|
|
{{ locationRegion(basicInfo.offenderInfo) }}
|
|
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('detections.offenderAsn') }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'offenderInfo.asn.asn', '-') || '-' }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__label">{{ $t('overall.domain') }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="row__content">{{ detection.domain || '-' }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<template v-if="detection.domain">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('entities.domainCategory') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'domainInfo.category.categoryName', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('entities.domainDetail.categoryGroup') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'domainInfo.category.categoryGroup', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('entities.reputationLevel') }}</div>
|
|
|
|
|
|
<div class="row__content" v-if="$_.get(basicInfo, 'domainInfo.category.reputationLevel')">
|
|
|
|
|
|
<div
|
|
|
|
|
|
class="row__tag row__tag__level"
|
2023-10-30 11:14:58 +08:00
|
|
|
|
:style="`background-color:${riskLevelColor1[basicInfo.domainInfo.category.reputationLevel]}`">
|
|
|
|
|
|
{{ reputationLevel(basicInfo.domainInfo.category.reputationLevel) || '-' }}
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<div class="row__content" v-else>-</div>
|
2022-02-22 22:22:15 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</template>
|
|
|
|
|
|
<template v-if="detection.app">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">APP</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'appInfo.category.appName', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">APP {{ $t('entities.category') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'appInfo.category.appCategory', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">APP {{ $t('entities.subcategory') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(basicInfo, 'appInfo.category.appSubcategory', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('overall.appRisk') }}</div>
|
|
|
|
|
|
<div class="row__content" v-if="$_.get(basicInfo, 'appInfo.category.appRisk')">
|
|
|
|
|
|
<div
|
|
|
|
|
|
class="row__tag row__tag__level"
|
|
|
|
|
|
:style="`background-color:${riskLevelColor[basicInfo.appInfo.category.appRisk]}`">
|
|
|
|
|
|
{{ appRisk(basicInfo.appInfo.category.appRisk) || '-' }}
|
|
|
|
|
|
</div>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<div class="row__content" v-else>-</div>
|
2022-02-22 22:22:15 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</template>
|
|
|
|
|
|
<template v-if="detection.malware">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malware') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'malware.malwareName', '-') || '-' }}</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malwareAlias') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'malware.malwareAlias', '-') || '-' }}</div>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malwareDescription') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'malware.mitreAttackDescription', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malwarePlatforms') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content" v-if="$_.get(detection, 'malware.mitreAttackPlatforms')">
|
2023-10-24 18:01:59 +08:00
|
|
|
|
<svg class="icon item-popover-up row__content__svg" aria-hidden="true">
|
|
|
|
|
|
<use xlink:href="#cn-icon-windows"></use>
|
|
|
|
|
|
</svg>
|
2023-10-26 16:13:25 +08:00
|
|
|
|
{{ detection.malware.mitreAttackPlatforms }}
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="row__content" v-else>-</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malwareTechniques') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'malware.mitreAttackTechniques', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.malwareGroups') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'malware.mitreAttackGroups', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detections.reference') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content row__content--link" v-if="$_.get(detection, 'malware.reference')">
|
2023-10-26 16:13:25 +08:00
|
|
|
|
{{ detection.malware.reference }}
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="row__content">-</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else-if="detection.darkweb">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.nodeTypeLower') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.nodeType', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<template v-if="$_.get(detection.darkweb, 'nodeType', '') === 'tor'">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.torFingerprint') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.torFingerprint', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.torFlags') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.torFlags', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.torVersion') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.torVersion', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">Tor ORPort</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.torOrPort', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">Tor DirPort</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.torDirPort', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else-if="$_.get(detection.darkweb, 'nodeType', '') === 'i2p'">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">I2P Hash</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.i2pHash', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.i2pVersion') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.i2pVersion', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.i2pBandwidth') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.i2pBandwidth', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else-if="$_.get(detection.darkweb, 'nodeType', '') === 'mtproxy'">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">MTProxy Secret</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.mtproxySecret', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.mtproxyPort') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.mtproxyPort', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else-if="$_.get(detection.darkweb, 'nodeType', '') === 'obfs4'">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.obfs4Fingerprint') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.obfs4Fingerprint', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.obfs4Cert') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.obfs4Cert', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.obfs4IatMode') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.obfs4IatMode', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.obfs4Port') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.obfs4Port', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else-if="$_.get(detection.darkweb, 'nodeType', '') === 'snowflake'">
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.tor.snowflakePort') }}</div>
|
2023-10-25 11:15:09 +08:00
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'darkweb.snowflakePort', '-') || '-' }}</div>
|
2023-10-24 18:01:59 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
<template v-else>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.libraryId') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'eventInfoObj.knowledge_id', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.libraryName') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'eventInfoObj.name', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.iocType') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'eventInfoObj.ioc_type', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__row">
|
|
|
|
|
|
<div class="row__label">{{ $t('detection.iocValue') }}</div>
|
|
|
|
|
|
<div class="row__content">{{ $_.get(detection, 'eventInfoObj.ioc_value', '-') || '-' }}</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
<div class="overview__right">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="overview__title">{{ $t('detections.goToVictim') }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
<div class="overview__row">
|
2022-03-14 11:38:51 +08:00
|
|
|
|
<div class="row__content">
|
2022-11-15 11:36:40 +08:00
|
|
|
|
<span class="row__content--span">{{ $t('detections.viewDetailOf') }}</span>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<span
|
|
|
|
|
|
class="row__content--link"
|
2023-10-20 15:45:11 +08:00
|
|
|
|
@click="goDetail('ip', detection.victimIp)">{{ detection.victimIp }}</span>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="overview__title">{{ $t('detections.goToOffender') }}</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
<div class="overview__row">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="row__content">
|
2022-11-15 11:36:40 +08:00
|
|
|
|
<span class="row__content--span">{{ $t('detections.viewDetailOf') }}</span>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<span
|
|
|
|
|
|
class="row__content--link"
|
2023-10-20 15:45:11 +08:00
|
|
|
|
@click="goDetail('ip', detection.offenderIp)"
|
|
|
|
|
|
>{{ detection.offenderIp }}</span
|
2022-03-24 16:46:05 +08:00
|
|
|
|
>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<span
|
|
|
|
|
|
class="row__content--link"
|
2023-10-20 15:45:11 +08:00
|
|
|
|
@click="goDetail('domain', detection.domain)"
|
|
|
|
|
|
>{{ detection.domain }}</span
|
2022-03-14 14:53:02 +08:00
|
|
|
|
>
|
|
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<!-- <div class="overview__title">{{ $t('detections.goToHunt') }}</div>-->
|
|
|
|
|
|
<!-- <div class="overview__row">-->
|
|
|
|
|
|
<!-- <div class="row__content row__content--link">-->
|
|
|
|
|
|
<!-- {{ $t('detections.viewAllRelated') }}-->
|
|
|
|
|
|
<!-- </div>-->
|
|
|
|
|
|
<!-- </div>-->
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div class="overview__title">
|
|
|
|
|
|
{{ $t('detections.relatedDetections') }}
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<div class="overview__row-timeline">
|
|
|
|
|
|
<div class="row-timeline" v-for="event in events" :key="event">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div
|
|
|
|
|
|
class="row-timeline__time-info"
|
|
|
|
|
|
:style="
|
|
|
|
|
|
event.startTime === basicInfo.startTime
|
|
|
|
|
|
? 'color: #333;font-weight: bold;'
|
|
|
|
|
|
: ''
|
|
|
|
|
|
"
|
|
|
|
|
|
>
|
|
|
|
|
|
{{ formatT0(event) }}
|
|
|
|
|
|
</div>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<div class="row-timeline__line">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div
|
|
|
|
|
|
class="line-point-larger"
|
|
|
|
|
|
v-if="event.startTime === basicInfo.startTime"
|
|
|
|
|
|
>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<div class="line-point"></div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div v-else class="line-point"></div>
|
|
|
|
|
|
</div>
|
2022-07-07 15:26:16 +08:00
|
|
|
|
<div class="row-timeline__card">
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<div>
|
|
|
|
|
|
<div class="timeline__severity timeline__severity--high">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<i
|
|
|
|
|
|
class="cn-icon cn-icon-alert-level"
|
2023-10-20 15:45:11 +08:00
|
|
|
|
:style="`color:${eventSeverityColor[event.severity]}`"
|
2022-03-14 14:53:02 +08:00
|
|
|
|
></i>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<span>{{ event.severity }}</span>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
</div>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
<div class="timeline__security-type">{{ event.eventType }}</div>
|
2023-10-26 10:58:59 +08:00
|
|
|
|
<div class="timeline__start-time">{{ dateFormatByAppearance(parseInt(event.startTime)) }}</div>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="row-timeline__foot">
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div
|
|
|
|
|
|
class="detection-ip"
|
|
|
|
|
|
:class="{
|
|
|
|
|
|
'detection-ip__current':
|
2023-10-20 15:45:11 +08:00
|
|
|
|
[detection.offenderIp, detection.victimIp].indexOf(
|
2022-03-14 14:53:02 +08:00
|
|
|
|
event.offenderIp,
|
|
|
|
|
|
) > -1,
|
|
|
|
|
|
}"
|
|
|
|
|
|
>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<i class="cn-icon cn-icon-attacker"></i>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<span>{{ event.offenderIp }}</span>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
</div>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<div
|
|
|
|
|
|
class="detection-ip"
|
|
|
|
|
|
:class="{
|
|
|
|
|
|
'detection-ip__current':
|
2023-10-20 15:45:11 +08:00
|
|
|
|
[detection.offenderIp, detection.victimIp].indexOf(
|
2022-03-14 14:53:02 +08:00
|
|
|
|
event.victimIp,
|
|
|
|
|
|
) > -1,
|
|
|
|
|
|
}"
|
|
|
|
|
|
>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
<i class="cn-icon cn-icon-attacked"></i>
|
2022-03-14 14:53:02 +08:00
|
|
|
|
<span>{{ event.victimIp }}</span>
|
2022-02-22 18:21:57 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2022-02-22 15:59:30 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2022-02-14 22:22:31 +08:00
|
|
|
|
</template>
|
|
|
|
|
|
|
|
|
|
|
|
<script>
|
2023-08-25 10:18:20 +08:00
|
|
|
|
import axios from 'axios'
|
2022-02-22 15:59:30 +08:00
|
|
|
|
import { api } from '@/utils/api'
|
2023-10-20 15:45:11 +08:00
|
|
|
|
import { getMillisecond, dateFormatByAppearance } from '@/utils/date-util'
|
2023-10-30 11:14:58 +08:00
|
|
|
|
import { eventSeverityColor, unitTypes, countryNameIdMapping, riskLevelMapping, riskLevelColor, riskLevelColor1 } from '@/utils/constants'
|
2022-03-04 15:46:30 +08:00
|
|
|
|
import unitConvert from '@/utils/unit-convert'
|
2022-03-07 16:03:49 +08:00
|
|
|
|
import _ from 'lodash'
|
2022-02-14 22:22:31 +08:00
|
|
|
|
export default {
|
2022-02-22 15:59:30 +08:00
|
|
|
|
name: 'DetectionOverview',
|
|
|
|
|
|
props: {
|
2022-03-17 17:56:38 +08:00
|
|
|
|
detection: Object
|
2022-02-22 15:59:30 +08:00
|
|
|
|
},
|
2022-03-17 17:56:38 +08:00
|
|
|
|
data () {
|
2022-02-22 15:59:30 +08:00
|
|
|
|
return {
|
2022-02-22 22:22:15 +08:00
|
|
|
|
eventSeverityColor,
|
2023-10-24 18:01:59 +08:00
|
|
|
|
riskLevelColor,
|
2023-10-30 11:14:58 +08:00
|
|
|
|
riskLevelColor1,
|
2022-02-22 15:59:30 +08:00
|
|
|
|
basicInfo: {},
|
|
|
|
|
|
events: [],
|
2023-10-24 18:11:17 +08:00
|
|
|
|
reference: 'https://attack.mitre.org',
|
|
|
|
|
|
countryNameIdMapping
|
2022-02-22 15:59:30 +08:00
|
|
|
|
}
|
|
|
|
|
|
},
|
2022-02-22 18:21:57 +08:00
|
|
|
|
computed: {
|
2022-03-17 17:56:38 +08:00
|
|
|
|
formatT0 () {
|
2022-03-09 20:10:28 +08:00
|
|
|
|
const vm = this
|
2022-03-04 15:46:30 +08:00
|
|
|
|
return function (event) {
|
2023-10-24 18:11:17 +08:00
|
|
|
|
const diffSeconds = parseInt(event.diffSeconds)
|
2022-03-04 15:46:30 +08:00
|
|
|
|
if (diffSeconds === 0) {
|
|
|
|
|
|
return 'T0'
|
|
|
|
|
|
}
|
2023-10-24 18:11:17 +08:00
|
|
|
|
const eventStartTime = parseInt(event.startTime)
|
2022-03-09 20:10:28 +08:00
|
|
|
|
const entityStartTime = vm.detection.startTime
|
2022-03-04 15:46:30 +08:00
|
|
|
|
|
2023-10-20 15:45:11 +08:00
|
|
|
|
if (_.isNumber(diffSeconds) && _.isNumber(eventStartTime) && _.isNumber(entityStartTime)) {
|
|
|
|
|
|
const suffix = unitConvert(diffSeconds, unitTypes.time, 's', null, 0).join('')
|
2022-03-04 15:46:30 +08:00
|
|
|
|
if (eventStartTime > entityStartTime) {
|
|
|
|
|
|
return `T0+${suffix}`
|
|
|
|
|
|
} else if (eventStartTime < entityStartTime) {
|
|
|
|
|
|
return `T0-${suffix}`
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return ''
|
2022-02-22 18:21:57 +08:00
|
|
|
|
}
|
2023-10-24 18:01:59 +08:00
|
|
|
|
},
|
|
|
|
|
|
appRisk () {
|
|
|
|
|
|
return function (level) {
|
|
|
|
|
|
const m = riskLevelMapping.find(mapping => {
|
|
|
|
|
|
return mapping.value == level
|
|
|
|
|
|
})
|
2023-10-30 11:14:58 +08:00
|
|
|
|
return (m && this.$t(m.label)) || level
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
|
|
|
|
|
reputationLevel () {
|
|
|
|
|
|
return function (level) {
|
|
|
|
|
|
const m = riskLevelMapping.find(mapping => {
|
|
|
|
|
|
return mapping.name == level
|
|
|
|
|
|
})
|
|
|
|
|
|
return (m && this.$t(m.label)) || level
|
2023-10-24 18:01:59 +08:00
|
|
|
|
}
|
2023-10-24 18:11:17 +08:00
|
|
|
|
},
|
|
|
|
|
|
locationRegion (info) {
|
|
|
|
|
|
return function (info) {
|
2023-10-25 11:26:33 +08:00
|
|
|
|
if (!info || !info.location) {
|
2023-10-24 18:11:17 +08:00
|
|
|
|
return '-'
|
|
|
|
|
|
}
|
|
|
|
|
|
let result = ''
|
|
|
|
|
|
if (info.location.country) {
|
|
|
|
|
|
result += `${info.location.country},`
|
|
|
|
|
|
}
|
|
|
|
|
|
if (info.location.province) {
|
|
|
|
|
|
result += `${info.location.province},`
|
|
|
|
|
|
}
|
|
|
|
|
|
if (info.location.city) {
|
|
|
|
|
|
result += `${info.location.city},`
|
|
|
|
|
|
}
|
|
|
|
|
|
result = result.substr(0, result.length - 1)
|
|
|
|
|
|
if (!result) {
|
|
|
|
|
|
result = '-'
|
|
|
|
|
|
}
|
|
|
|
|
|
return result
|
|
|
|
|
|
}
|
2022-03-17 17:56:38 +08:00
|
|
|
|
}
|
2022-02-22 18:21:57 +08:00
|
|
|
|
},
|
2022-02-22 15:59:30 +08:00
|
|
|
|
methods: {
|
|
|
|
|
|
getMillisecond,
|
2023-10-20 15:45:11 +08:00
|
|
|
|
dateFormatByAppearance,
|
|
|
|
|
|
/** 初始化实体详情 */
|
|
|
|
|
|
initEntityDetail () {
|
2023-11-03 15:02:31 +08:00
|
|
|
|
// 调接口查询攻击者和受害者IP、Domain、APP的更多信息;
|
2023-10-22 18:29:34 +08:00
|
|
|
|
if (this.detection.offenderIp) {
|
|
|
|
|
|
axios.get(`${api.detection.securityEvent.ipDetail}?resource=${this.detection.offenderIp}`).then(res => {
|
|
|
|
|
|
if (res.status === 200) {
|
|
|
|
|
|
this.basicInfo.offenderInfo = res.data.data
|
|
|
|
|
|
}
|
|
|
|
|
|
})
|
2023-10-20 15:45:11 +08:00
|
|
|
|
}
|
2023-10-22 18:29:34 +08:00
|
|
|
|
if (this.detection.victimIp) {
|
|
|
|
|
|
axios.get(`${api.detection.securityEvent.ipDetail}?resource=${this.detection.victimIp}`).then(res => {
|
|
|
|
|
|
if (res.status === 200) {
|
|
|
|
|
|
this.basicInfo.victimInfo = res.data.data
|
|
|
|
|
|
}
|
|
|
|
|
|
})
|
2023-10-20 15:45:11 +08:00
|
|
|
|
}
|
2023-10-22 18:29:34 +08:00
|
|
|
|
if (this.detection.domain) {
|
|
|
|
|
|
axios.get(`${api.detection.securityEvent.domainDetail}?resource=${this.detection.domain}`).then(res => {
|
2023-10-20 15:45:11 +08:00
|
|
|
|
if (res.status === 200) {
|
2023-10-22 18:29:34 +08:00
|
|
|
|
this.basicInfo.domainInfo = res.data.data
|
2023-10-20 15:45:11 +08:00
|
|
|
|
}
|
|
|
|
|
|
})
|
2023-10-22 18:29:34 +08:00
|
|
|
|
}
|
|
|
|
|
|
if (this.detection.app) {
|
|
|
|
|
|
axios.get(`${api.detection.securityEvent.appDetail}?resource=${this.detection.app}`).then(res => {
|
|
|
|
|
|
if (res.status === 200) {
|
|
|
|
|
|
this.basicInfo.appInfo = res.data.data
|
|
|
|
|
|
}
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2023-10-24 20:20:56 +08:00
|
|
|
|
if (this.detection.ruleId) {
|
|
|
|
|
|
axios.get(`${api.detection.detail}/${this.detection.ruleId}`).then(res => {
|
|
|
|
|
|
if (res.status === 200) {
|
|
|
|
|
|
this.basicInfo.ruleDescription = res.data.data.description
|
|
|
|
|
|
}
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
2022-02-22 15:59:30 +08:00
|
|
|
|
},
|
2022-03-17 17:56:38 +08:00
|
|
|
|
queryEvent () {
|
2023-10-20 15:45:11 +08:00
|
|
|
|
axios.get(api.detection.securityEvent.relationEvent, {
|
|
|
|
|
|
params: {
|
|
|
|
|
|
// startTime: this.detection.startTime,
|
|
|
|
|
|
unbiasedTime: this.detection.startTime,
|
|
|
|
|
|
offenderIp: this.detection.offenderIp,
|
|
|
|
|
|
victimIp: this.detection.victimIp,
|
|
|
|
|
|
biasSecond: 3600
|
|
|
|
|
|
}
|
|
|
|
|
|
}).then((response) => {
|
|
|
|
|
|
if (response.status === 200) {
|
|
|
|
|
|
this.events = response.data.data.result.sort((e1, e2) => e1.startTime - e2.startTime)
|
|
|
|
|
|
} else {
|
|
|
|
|
|
this.events = []
|
2022-02-22 15:59:30 +08:00
|
|
|
|
}
|
|
|
|
|
|
})
|
2022-03-14 11:38:51 +08:00
|
|
|
|
},
|
2022-03-17 17:56:38 +08:00
|
|
|
|
goDetail (type, name) {
|
2022-03-24 16:46:05 +08:00
|
|
|
|
if (name) {
|
|
|
|
|
|
const { href } = this.$router.resolve({
|
2023-11-09 16:17:25 +08:00
|
|
|
|
path: '/entity/detail',
|
2022-03-24 16:46:05 +08:00
|
|
|
|
query: {
|
|
|
|
|
|
entityType: type,
|
2023-07-17 20:06:31 +08:00
|
|
|
|
entityName: name
|
2022-03-24 16:46:05 +08:00
|
|
|
|
}
|
|
|
|
|
|
})
|
|
|
|
|
|
window.open(href, '_blank')
|
|
|
|
|
|
}
|
2022-03-17 17:56:38 +08:00
|
|
|
|
}
|
2022-02-22 15:59:30 +08:00
|
|
|
|
},
|
2022-03-17 17:56:38 +08:00
|
|
|
|
mounted () {
|
2023-10-20 15:45:11 +08:00
|
|
|
|
this.initEntityDetail()
|
|
|
|
|
|
this.queryEvent()
|
2022-03-17 17:56:38 +08:00
|
|
|
|
}
|
2022-02-14 22:22:31 +08:00
|
|
|
|
}
|
|
|
|
|
|
</script>
|
2023-10-20 15:45:11 +08:00
|
|
|
|
|
|
|
|
|
|
<style scoped>
|
|
|
|
|
|
.row__label {
|
|
|
|
|
|
width: 176px;
|
|
|
|
|
|
}
|
|
|
|
|
|
.row__content {
|
|
|
|
|
|
width: calc(100% - 176px);
|
2023-10-25 11:15:09 +08:00
|
|
|
|
padding-right: 50px;
|
2023-10-20 15:45:11 +08:00
|
|
|
|
}
|
|
|
|
|
|
</style>
|
