Add New Case Statuses

thehive-backend/app/models/Alert.scala

@@ -61,19 +61,19 @@ trait AlertAttributes {
     )
   }
 
-  val alertId: A[String]              = attribute("_id", F.stringFmt, "Alert id", O.readonly)
-  val tpe: A[String]                  = attribute("type", F.stringFmt, "Type of the alert", O.readonly)
-  val source: A[String]               = attribute("source", F.stringFmt, "Source of the alert", O.readonly)
-  val sourceRef: A[String]            = attribute("sourceRef", F.stringFmt, "Source reference of the alert", O.readonly)
-  val date: A[Date]                   = attribute("date", F.dateFmt, "Date of the alert", new Date(), O.readonly)
-  val lastSyncDate: A[Date]           = attribute("lastSyncDate", F.dateFmt, "Date of the last synchronization", new Date())
-  val caze: A[Option[String]]         = optionalAttribute("case", F.stringFmt, "Id of the case, if created")
-  val title: A[String]                = attribute("title", F.textFmt, "Title of the alert")
-  val description: A[String]          = attribute("description", F.textFmt, "Description of the alert")
-  val severity: A[Long]               = attribute("severity", SeverityAttributeFormat, "Severity if the alert (0-3)", 2L)
-  val tags: A[Seq[String]]            = multiAttribute("tags", F.stringFmt, "Alert tags")
-  val tlp: A[Long]                    = attribute("tlp", TlpAttributeFormat, "TLP level", 2L)
-  val artifacts: A[Seq[JsObject]]     = multiAttribute("artifacts", F.objectFmt(artifactAttributes), "Artifact of the alert", O.unaudited)
+  val alertId: A[String] = attribute("_id", F.stringFmt, "Alert id", O.readonly)
+  val tpe: A[String] = attribute("type", F.stringFmt, "Type of the alert", O.readonly)
+  val source: A[String] = attribute("source", F.stringFmt, "Source of the alert", O.readonly)
+  val sourceRef: A[String] = attribute("sourceRef", F.stringFmt, "Source reference of the alert", O.readonly)
+  val date: A[Date] = attribute("date", F.dateFmt, "Date of the alert", new Date(), O.readonly)
+  val lastSyncDate: A[Date] = attribute("lastSyncDate", F.dateFmt, "Date of the last synchronization", new Date())
+  val caze: A[Option[String]] = optionalAttribute("case", F.stringFmt, "Id of the case, if created")
+  val title: A[String] = attribute("title", F.textFmt, "Title of the alert")
+  val description: A[String] = attribute("description", F.textFmt, "Description of the alert")
+  val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the alert (1-4)", 2L)
+  val tags: A[Seq[String]] = multiAttribute("tags", F.stringFmt, "Alert tags")
+  val tlp: A[Long] = attribute("tlp", TlpAttributeFormat, "TLP level", 2L)
+  val artifacts: A[Seq[JsObject]] = multiAttribute("artifacts", F.objectFmt(artifactAttributes), "Artifact of the alert", O.unaudited)
   val caseTemplate: A[Option[String]] = optionalAttribute("caseTemplate", F.stringFmt, "Case template to use")
   val status: A[AlertStatus.Value]    = attribute("status", F.enumFmt(AlertStatus), "Status of the alert", AlertStatus.New)
   val follow: A[Boolean]              = attribute("follow", F.booleanFmt, "", true)

thehive-backend/app/models/AttributeFormat.scala

@@ -11,7 +11,7 @@ import org.elastic4play.{AttributeError, InvalidFormatAttributeError}
 
 object SeverityAttributeFormat extends NumberAttributeFormat {
 
-  def isValidValue(value: Long): Boolean = 1 <= value && value <= 3
+  def isValidValue(value: Long): Boolean = 1 <= value && value <= 4
 
   override def definition(dblists: DBLists, attribute: Attribute[Long]): Seq[AttributeDefinition] =
     Seq(

thehive-backend/app/models/Case.scala

@@ -20,7 +20,7 @@ import org.elastic4play.services.{FindSrv, SequenceSrv}
 
 object CaseStatus extends Enumeration with HiveEnumeration {
   type Type = Value
-  val Open, Resolved, Deleted = Value
+  val Open, Resolved, Pending, Hold, Review, Deleted = Value
 }
 
 object CaseResolutionStatus extends Enumeration with HiveEnumeration {

thehive-backend/app/models/CaseTemplate.scala

@@ -45,4 +45,3 @@ class CaseTemplate(model: CaseTemplateModel, attributes: JsObject)
     extends EntityDef[CaseTemplateModel, CaseTemplate](model, attributes)
     with CaseTemplateAttributes {
   def taskAttributes = Nil
-}

thehive-cortex/app/connectors/cortex/services/ActionOperation.scala

@@ -98,6 +98,10 @@ case class AssignCase(owner: String, status: ActionOperationStatus.Type = Action
   override def updateStatus(newStatus: ActionOperationStatus.Type, newMessage: String): AssignCase = copy(status = newStatus, message = newMessage)
 }
 
+case class SetCaseTitle(title: String, status: ActionOperationStatus.Type = ActionOperationStatus.Waiting, message: String = "") extends ActionOperation {
+  override def updateStatus(newStatus: ActionOperationStatus.Type, newMessage: String): SetCaseTitle = copy(status = newStatus, message = newMessage)
+}
+
 object ActionOperation {
   val addTagToCaseWrites      = Json.writes[AddTagToCase]
   val addTagToArtifactWrites  = Json.writes[AddTagToArtifact]

ui/app/scripts/controllers/case/CaseListCtrl.js

@@ -131,11 +131,28 @@
             this.filter();
         };
 
-        this.getStatuses = function() {
-            return $q.resolve([
+        this.getStatuses = function(query) {
+            var defer = $q.defer();
+
+            $q.resolve([
                 {text: 'Open'},
-                {text: 'Resolved'}
-            ]);
+                {text: 'Resolved'},
+                {text: 'Hold'},
+                {text: 'Review'},
+                {text: 'Pending'}
+            ]).then(function(response) {
+                var statuses = [];
+
+                statuses = _.filter(response, function(stat) {
+                    var regex = new RegExp(query, 'gi');
+                    return regex.test(stat.text);
+                });
+
+                defer.resolve(statuses);
+            });
+
+            return defer.promise;
+
         };
 
         this.getSeverities = function(query) {

ui/app/scripts/controllers/case/CaseMainCtrl.js

@@ -171,6 +171,34 @@
                 }
             };
 
+            $scope.caseHold = function() {
+                $scope.updateField('status', 'Hold')
+                    .then(function() {
+                          NotificationSrv.log('The case #' + $scope.caze.caseId + ' has been set to Hold', 'success');
+                    });
+            }
+
+            $scope.caseReview = function() {
+                $scope.updateField('status', 'Review')
+                    .then(function() {
+                        NotificationSrv.log('The case #' + $scope.caze.caseId + ' has been set to Review', 'success');
+                    });
+            }
+
+            $scope.casePending = function() {
+                $scope.updateField('status', 'Pending')
+                    .then(function() {
+                        NotificationSrv.log('The case #' + $scope.caze.caseId + ' has been set to Pending', 'success');
+                    });
+            }
+
+            $scope.caseOpenFromOtherStatus = function() {
+                $scope.updateField('status', 'Open')
+                    .then(function() {
+                        NotificationSrv.log('The case #' + $scope.caze.caseId + ' has been set to Pending', 'success');
+                    });
+            }
+
             // update a specific case field
             $scope.updateField = function(fieldName, newValue) {
                 var data = {};

ui/app/scripts/services/Constants.js

@@ -16,11 +16,12 @@
         })
         .value('Severity', {
             keys: {
+                Critical: 4,
                 High: 3,
                 Medium: 2,
                 Low: 1
             },
-            values: ['Unknown', 'Low', 'Medium', 'High']
+            values: ['Unknown', 'Low', 'Medium', 'High', 'Critical']
         })
         .value('AlertStatus', {
             values: ['New', 'Updated', 'Ignored', 'Imported']

ui/app/views/directives/severity.html

@@ -1,11 +1,14 @@
 <div ng-if="active == true">
-	<span class="label" ng-class="{ true:'label-info', false:'label-default' }[value == 1]" ng-click="update(1)">L</span>
-	<span class="label" ng-class="{ true:'label-warning', false:'label-default' }[value == 2 || !value]" ng-click="update(2)">M</span>
-	<span class="label" ng-class="{ true:'label-danger', false:'label-default' }[value == 3]" ng-click="update(3)">H</span>
+	<span class="label" ng-class="{ true:'label-success', false:'label-default' }[value == 1]" ng-click="update(1)">L</span>
+	<span class="label" ng-class="{ true:'label-info', false:'label-default' }[value == 2 || !value]" ng-click="update(2)">M</span>
+	<span class="label" ng-class="{ true:'label-warning', false:'label-default' }[value == 3]" ng-click="update(3)">H</span>
+  <span class="label" ng-class="{ true:'label-danger', false:'label-default' }[value == 4]" ng-click="update(4)">!!</span>
+
 </div>
 <span ng-if="active != true" ng-switch="value">
-	<span ng-switch-when="1" class="label label-info">L</span>
-	<span ng-switch-when="2" class="label label-warning">M</span>
-	<span ng-switch-when="3" class="label label-danger">H</span>
+	<span ng-switch-when="1" class="label label-success">L</span>
+	<span ng-switch-when="2" class="label label-info">M</span>
+	<span ng-switch-when="3" class="label label-warning">H</span>
+  <span ng-switch-when="4" class="label label-danger">!!</span>
 	<span ng-switch-default class="label label-primary">?</span>
 </span>

ui/app/views/partials/alert/list/filters.html

@@ -89,7 +89,7 @@ <h4>Filters</h4>
                             <tags-input class="form-control form-control-wrapper"
                                 min-length="2"
                                 ng-model="$vm.filtering.activeFilters.severity.value"
-                                placeholder="ex: High, Medium, Low"
+                                placeholder="ex: Critical, High, Medium, Low"
                                 replace-spaces-with-dashes="false"
                                 add-from-autocomplete-only="true">
                                     <auto-complete load-on-focus="true" load-on-down-arrow="true" min-length="1" source="$vm.getSeverities($query)"></auto-complete>

ui/app/views/partials/case/case.list.html

@@ -78,11 +78,16 @@ <h3 class="box-title">List of cases ({{$vm.list.total || 0}} of {{$vm.caseStats.
 
                                             </span>
                                         </div>
-                                        <div class="text-success" ng-show="currentCase.status !== 'Open'">
+                                        <div class="text-success" ng-show="currentCase.status === 'Resolved'">
                                             <small>
                                                 (Closed at {{currentCase.endDate | showDate}} as <strong>{{$vm.CaseResolutionStatus[currentCase.resolutionStatus]}}</strong>)
                                             </small>
                                         </div>
+                                        <div class="text-success" ng-show="currentCase.status !== 'Open' && currentCase.status !== 'Resolved' ">
+                                            <small>
+                                                (Status: <strong>{{currentCase.status}}</strong>)
+                                            </small>
+                                        </div>
                                         <div class="text-danger" ng-if="currentCase.mergeFrom">
                         					          <small>
                                                 Merged from <a href ui-sref="app.case.details({caseId: currentCase.mergeFrom[0]})"> Case #{{currentCase.stats.mergeFrom[0].caseId}}</a> and

ui/app/views/partials/case/case.panelinfo.html

@@ -30,6 +30,9 @@ <h3 class="box-title">
                 <strong>{{CaseResolutionStatus[caze.resolutionStatus]}}</strong>
                 <span ng-show="isCaseTruePositive()"> with <strong>{{caze.impactStatus === 'NoImpact' ? 'No Impact' : 'Impact'}}</strong></span>)</span>
         </span>
+        <span ng-show="caze.status !== 'Resolved'" class="text-success">(
+                <span> Status <strong>{{caze.status}}</strong></span>)</span>
+        </span>
         <span class="ml-xxs text-danger" ng-show="links.length > 0">
             <i class="glyphicon glyphicon-link"></i>
             <strong>
@@ -93,6 +96,10 @@ <h3 class="box-title">
             </a>
         </span>
 
+        <span class="ml-xxs pull-right">
+            <span class="text-primary">|</span>
+        </span>
+
         <span class="ml-xxs pull-right" ng-if="!caze.flag || caze.flag == undefined">
             <a href ng-click="switchFlag()" class="text-muted noline" uib-tooltip="Flag case">
                 <i class="text-muted fa fa-flag" ng-class="setFlag" ng-mouseout="setFlag='text-muted'" ng-mouseover="setFlag='text-yellow'"></i>
@@ -105,6 +112,49 @@ <h3 class="box-title">
                 Unflag
             </a>
         </span>
+
+        <span class="ml-xxs pull-right" ng-if="caze.status !== 'Hold'">
+            <a href ng-click="caseHold()" class="text-muted noline" uib-tooltip="Set case status to Hold">
+                <i class="text-muted fa fa-pause" ng-class="SetHold" ng-mouseout="SetHold='text-muted'" ng-mouseover="SetHold='text-red'"></i>
+                Hold
+            </a>
+        </span>
+
+        <span class="ml-xxs pull-right" ng-if="caze.status === 'Hold'">
+            <a href ng-click="caseOpenFromOtherStatus()" class="text-red noline" uib-tooltip="Reopen Case">
+                <i class="text-red fa fa-pause"></i>
+                Hold
+            </a>
+        </span>
+
+        <span class="ml-xxs pull-right" ng-if="caze.status !== 'Pending'">
+            <a href ng-click="casePending()" class="text-muted noline" uib-tooltip="Set case status to Pending">
+                <i class="text-muted fa fa-exclamation-circle" ng-class="SetPending" ng-mouseout="SetPending='text-muted'" ng-mouseover="SetPending='text-red'"></i>
+                Pending
+            </a>
+        </span>
+
+        <span class="ml-xxs pull-right" ng-if="caze.status === 'Pending'">
+            <a href ng-click="caseOpenFromOtherStatus()" class="text-red noline" uib-tooltip="Reopen Case">
+                <i class="text-red fa fa-exclamation-circle"></i>
+                Pending
+            </a>
+        </span>
+
+        <span class="ml-xxs pull-right"  ng-if="caze.status !== 'Review'">
+            <a href ng-click="caseReview()" class="text-muted noline" uib-tooltip="Set case status to Review">
+                <i class="text-muted fa fa-user-circle" ng-class="SetReview" ng-mouseout="SetReview='text-muted'" ng-mouseover="SetReview='text-red'"></i>
+                Review
+            </a>
+        </span>
+
+        <span class="ml-xxs pull-right"  ng-if="caze.status === 'Review'">
+            <a href ng-click="caseOpenFromOtherStatus()" class="text-red noline" uib-tooltip="Reopen Case">
+                <i class="text-red fa fa-user-circle"></i>
+                Review
+            </a>
+        </span>
+
         <span class="ml-xxs pull-right" ng-hide="isCaseClosed()">
             <a href ng-click="openCloseDialog()" class="text-muted noline" uib-tooltip="Close case">
                 <i class="text-muted fa fa-check-circle-o" ng-class="CloseCase" ng-mouseout="CloseCase='text-muted glyphicon-ok-circle'" ng-mouseover="CloseCase='text-success glyphicon-ok-sign'"></i>

ui/app/views/partials/case/list/filters.html

@@ -71,7 +71,7 @@ <h4>Filters</h4>
                             <tags-input class="form-control form-control-wrapper"
                                 min-length="2"
                                 ng-model="$vm.uiSrv.activeFilters.severity.value"
-                                placeholder="ex: High, Medium, Low"
+                                placeholder="ex: Critical, High, Medium, Low"
                                 replace-spaces-with-dashes="false"
                                 add-from-autocomplete-only="true">
                                     <auto-complete load-on-focus="true" load-on-down-arrow="true" min-length="1" source="$vm.getSeverities($query)"></auto-complete>