import { INodeProperties, } from 'n8n-workflow'; import { TLP, } from '../interfaces/AlertInterface'; export const observableOperations: INodeProperties[] = [ { displayName: 'Operation Name or ID', name: 'operation', type: 'options', description: 'Choose from the list, or specify an ID using an expression', noDataExpression: true, required: true, default: 'getAll', displayOptions: { show: { resource: [ 'observable', ], }, }, typeOptions: { loadOptionsDependsOn: [ 'resource', ], loadOptionsMethod: 'loadObservableOptions', }, }, ]; export const observableFields: INodeProperties[] = [ { displayName: 'Case ID', name: 'caseId', type: 'string', required: true, default: '', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', 'getAll', ], }, }, description: 'ID of the case', }, { displayName: 'Return All', name: 'returnAll', type: 'boolean', displayOptions: { show: { operation: [ 'getAll', 'search', ], resource: [ 'observable', ], }, }, default: false, description: 'Whether to return all results or only up to a given limit', }, { displayName: 'Limit', name: 'limit', type: 'number', displayOptions: { show: { operation: [ 'getAll', 'search', ], resource: [ 'observable', ], returnAll: [ false, ], }, }, typeOptions: { minValue: 1, maxValue: 500, }, default: 100, description: 'Max number of results to return', }, // required attributs { displayName: 'Observable ID', name: 'id', type: 'string', required: true, default: '', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'update', 'executeResponder', 'executeAnalyzer', 'get', ], }, }, description: 'ID of the observable', }, { displayName: 'Data Type Name or ID', name: 'dataType', type: 'options', required: true, default: '', typeOptions: { loadOptionsMethod: 'loadObservableTypes', }, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', 'executeAnalyzer', ], }, }, description: 'Type of the observable. Choose from the list, or specify an ID using an expression.', }, { displayName: 'Data', name: 'data', type: 'string', required: true, default: '', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, hide: { dataType: [ 'file', ], }, }, }, { displayName: 'Binary Property', name: 'binaryProperty', type: 'string', required: true, default: 'data', description: 'Binary Property that represent the attachment file', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], dataType: [ 'file', ], }, }, }, { displayName: 'Message', name: 'message', type: 'string', required: true, default: '', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, description: 'Description of the observable in the context of the case', }, { displayName: 'Start Date', name: 'startDate', type: 'dateTime', required: true, default: '', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, description: 'Date and time of the begin of the case default=now', }, { displayName: 'TLP', name: 'tlp', type: 'options', required: true, default: 2, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, options: [ { name: 'White', value: TLP.white, }, { name: 'Green', value: TLP.green, }, { name: 'Amber', value: TLP.amber, }, { name: 'Red', value: TLP.red, }, ], description: 'Traffict Light Protocol (TLP). Default=Amber.', }, { displayName: 'IOC', name: 'ioc', type: 'boolean', required: true, default: false, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, description: 'Whether the observable is an IOC (Indicator of compromise)', }, { displayName: 'Sighted', name: 'sighted', type: 'boolean', required: true, default: false, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, description: 'Whether sighted previously', }, { displayName: 'Status', name: 'status', type: 'options', required: true, default: '', options: [ { name: 'Ok', value: 'Ok', }, { name: 'Deleted', value: 'Deleted', }, ], displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, description: 'Status of the observable. Default=Ok.', }, // required for analyzer execution { displayName: 'Analyzer Names or IDs', name: 'analyzers', type: 'multiOptions', description: 'Choose from the list, or specify IDs using an expression', required: true, default: [], typeOptions: { loadOptionsDependsOn: [ 'id', 'dataType', ], loadOptionsMethod: 'loadAnalyzers', }, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'executeAnalyzer', ], }, hide: { id: [ '', ], }, }, }, // required for responder execution { displayName: 'Responder Name or ID', name: 'responder', type: 'options', description: 'Choose from the list, or specify an ID using an expression', required: true, default: '', typeOptions: { loadOptionsDependsOn: [ 'id', ], loadOptionsMethod: 'loadResponders', }, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'executeResponder', ], }, hide: { id: [ '', ], }, }, }, // Optional attributes (Create operation) { displayName: 'Options', name: 'options', type: 'collection', placeholder: 'Add Option', default: {}, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'create', ], }, }, options: [ { displayName: 'Observable Tags', name: 'tags', type: 'string', default: '', placeholder: 'tag1,tag2', }, ], }, // Optional attributes (Update operation) { displayName: 'Update Fields', name: 'updateFields', type: 'collection', default: {}, displayOptions: { show: { resource: [ 'observable', ], operation: [ 'update', ], }, }, options: [ { displayName: 'Message', name: 'message', type: 'string', default: '', description: 'Description of the observable in the context of the case', }, { displayName: 'Observable Tags', name: 'tags', type: 'string', default: '', placeholder: 'tag1,tag2', }, { displayName: 'TLP', name: 'tlp', type: 'options', default: 2, options: [ { name: 'White', value: TLP.white, }, { name: 'Green', value: TLP.green, }, { name: 'Amber', value: TLP.amber, }, { name: 'Red', value: TLP.red, }, ], description: 'Traffict Light Protocol (TLP). Default=Amber.', }, { displayName: 'IOC', name: 'ioc', type: 'boolean', default: false, description: 'Whether the observable is an IOC (Indicator of compromise)', }, { displayName: 'Sighted', name: 'sighted', description: 'Whether sighted previously', type: 'boolean', default: false, }, { displayName: 'Status', name: 'status', type: 'options', default: '', options: [ { name: 'Ok', value: 'Ok', }, { name: 'Deleted', value: 'Deleted', }, ], description: 'Status of the observable. Default=Ok.', }, ], }, // query options { displayName: 'Options', name: 'options', displayOptions: { show: { operation: [ 'getAll', 'search', ], resource: [ 'observable', ], }, }, type: 'collection', placeholder: 'Add Option', default: {}, options: [ { displayName: 'Sort', name: 'sort', type: 'string', placeholder: '±Attribut, exp +status', description: 'Specify the sorting attribut, + for asc, - for desc', default: '', }, ], }, // query attributes { displayName: 'Filters', name: 'filters', type: 'collection', default: {}, placeholder: 'Add Filter', displayOptions: { show: { resource: [ 'observable', ], operation: [ 'search', 'count', ], }, }, options: [ { displayName: 'Data Type Names or IDs', name: 'dataType', type: 'multiOptions', default: [], typeOptions: { loadOptionsMethod: 'loadObservableTypes', }, description: 'Type of the observable. Choose from the list, or specify IDs using an expression.', }, { displayName: 'Date Range', type: 'fixedCollection', name: 'range', default: {}, options: [ { displayName: 'Add Date Range Inputs', name: 'dateRange', values: [ { displayName: 'From Date', name: 'fromDate', type: 'dateTime', default: '', }, { displayName: 'To Date', name: 'toDate', type: 'dateTime', default: '', }, ], }, ], }, { displayName: 'Description', name: 'description', type: 'string', default: '', placeholder: 'exp,freetext', }, { displayName: 'IOC', name: 'ioc', type: 'boolean', default: false, description: 'Whether the observable is an IOC (Indicator of compromise)', }, { displayName: 'Keyword', name: 'keyword', type: 'string', default: '', placeholder: 'exp,freetext', }, { displayName: 'Message', name: 'message', type: 'string', default: '', description: 'Description of the observable in the context of the case', }, { displayName: 'Observable Tags', name: 'tags', type: 'string', default: '', placeholder: 'tag1,tag2', }, { displayName: 'Sighted', name: 'sighted', type: 'boolean', default: false, }, { name: 'Status', displayName: 'Status', type: 'options', default: '', options: [ { name: 'Ok', value: 'Ok', }, { name: 'Deleted', value: 'Deleted', }, ], description: 'Status of the observable. Default=Ok.', }, { displayName: 'TLP', name: 'tlp', type: 'options', default: 2, options: [ { name: 'White', value: TLP.white, }, { name: 'Green', value: TLP.green, }, { name: 'Amber', value: TLP.amber, }, { name: 'Red', value: TLP.red, }, ], description: 'Traffict Light Protocol (TLP). Default=Amber.', }, { displayName: 'Value', name: 'data', type: 'string', default: '', placeholder: 'example.com; 8.8.8.8', }, ], }, ];