mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-02 08:27:29 -08:00
788 lines
12 KiB
TypeScript
788 lines
12 KiB
TypeScript
import {
|
|
INodeProperties,
|
|
} from 'n8n-workflow';
|
|
|
|
import {
|
|
TLP,
|
|
} from '../interfaces/AlertInterface';
|
|
|
|
export const observableOperations = [
|
|
{
|
|
displayName: 'Operation',
|
|
name: 'operation',
|
|
type: 'options',
|
|
required: true,
|
|
default: 'getAll',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
},
|
|
},
|
|
typeOptions: {
|
|
loadOptionsDependsOn: [
|
|
'resource',
|
|
],
|
|
loadOptionsMethod: 'loadObservableOptions',
|
|
},
|
|
},
|
|
] as INodeProperties[];
|
|
|
|
export const observableFields = [
|
|
{
|
|
displayName: 'Case ID',
|
|
name: 'caseId',
|
|
type: 'string',
|
|
required: true,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
'getAll',
|
|
],
|
|
},
|
|
},
|
|
description: 'ID of the case',
|
|
},
|
|
{
|
|
displayName: 'Return All',
|
|
name: 'returnAll',
|
|
type: 'boolean',
|
|
displayOptions: {
|
|
show: {
|
|
operation: [
|
|
'getAll',
|
|
'search',
|
|
],
|
|
resource: [
|
|
'observable',
|
|
],
|
|
},
|
|
},
|
|
default: false,
|
|
description: 'If all results should be returned or only up to a given limit.',
|
|
},
|
|
{
|
|
displayName: 'Limit',
|
|
name: 'limit',
|
|
type: 'number',
|
|
displayOptions: {
|
|
show: {
|
|
operation: [
|
|
'getAll',
|
|
'search',
|
|
],
|
|
resource: [
|
|
'observable',
|
|
],
|
|
returnAll: [
|
|
false,
|
|
],
|
|
},
|
|
},
|
|
typeOptions: {
|
|
minValue: 1,
|
|
maxValue: 500,
|
|
},
|
|
default: 100,
|
|
description: 'How many results to return.',
|
|
},
|
|
// required attributs
|
|
{
|
|
displayName: 'Observable ID',
|
|
name: 'id',
|
|
type: 'string',
|
|
required: true,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'update',
|
|
'executeResponder',
|
|
'executeAnalyzer',
|
|
'get',
|
|
],
|
|
},
|
|
},
|
|
description: 'ID of the observable',
|
|
},
|
|
{
|
|
displayName: 'Data Type',
|
|
name: 'dataType',
|
|
type: 'options',
|
|
required: true,
|
|
default: '',
|
|
options: [
|
|
{
|
|
name: 'domain',
|
|
value: 'domain',
|
|
},
|
|
{
|
|
name: 'file',
|
|
value: 'file',
|
|
},
|
|
{
|
|
name: 'filename',
|
|
value: 'filename',
|
|
},
|
|
{
|
|
name: 'fqdn',
|
|
value: 'fqdn',
|
|
},
|
|
{
|
|
name: 'hash',
|
|
value: 'hash',
|
|
},
|
|
{
|
|
name: 'ip',
|
|
value: 'ip',
|
|
},
|
|
{
|
|
name: 'mail',
|
|
value: 'mail',
|
|
},
|
|
{
|
|
name: 'mail_subject',
|
|
value: 'mail_subject',
|
|
},
|
|
{
|
|
name: 'other',
|
|
value: 'other',
|
|
},
|
|
{
|
|
name: 'regexp',
|
|
value: 'regexp',
|
|
},
|
|
{
|
|
name: 'registry',
|
|
value: 'registry',
|
|
},
|
|
{
|
|
name: 'uri_path',
|
|
value: 'uri_path',
|
|
},
|
|
{
|
|
name: 'url',
|
|
value: 'url',
|
|
},
|
|
{
|
|
name: 'user-agent',
|
|
value: 'user-agent',
|
|
},
|
|
],
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
'executeAnalyzer',
|
|
],
|
|
},
|
|
},
|
|
description: 'Type of the observable',
|
|
},
|
|
{
|
|
displayName: 'Data',
|
|
name: 'data',
|
|
type: 'string',
|
|
required: true,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
hide: {
|
|
dataType: [
|
|
'file',
|
|
],
|
|
},
|
|
},
|
|
},
|
|
{
|
|
displayName: 'Binary Property',
|
|
name: 'binaryProperty',
|
|
type: 'string',
|
|
required: true,
|
|
default: 'data',
|
|
description: 'Binary Property that represent the attachment file',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
dataType: [
|
|
'file',
|
|
],
|
|
},
|
|
},
|
|
},
|
|
{
|
|
displayName: 'Message',
|
|
name: 'message',
|
|
type: 'string',
|
|
required: true,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
description: 'Description of the observable in the context of the case',
|
|
},
|
|
{
|
|
displayName: 'Start Date',
|
|
name: 'startDate',
|
|
type: 'dateTime',
|
|
required: true,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
description: 'Date and time of the begin of the case default=now',
|
|
},
|
|
{
|
|
displayName: 'TLP',
|
|
name: 'tlp',
|
|
type: 'options',
|
|
required: true,
|
|
default: 2,
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
options: [
|
|
{
|
|
name: 'White',
|
|
value: TLP.white,
|
|
},
|
|
{
|
|
name: 'Green',
|
|
value: TLP.green,
|
|
},
|
|
{
|
|
name: 'Amber',
|
|
value: TLP.amber,
|
|
},
|
|
{
|
|
name: 'Red',
|
|
value: TLP.red,
|
|
},
|
|
],
|
|
description: 'Traffict Light Protocol (TLP). Default=Amber',
|
|
},
|
|
{
|
|
displayName: 'IOC',
|
|
name: 'ioc',
|
|
type: 'boolean',
|
|
required: true,
|
|
default: false,
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
description: 'Indicates if the observable is an IOC (Indicator of compromise)',
|
|
},
|
|
{
|
|
displayName: 'Sighted',
|
|
name: 'sighted',
|
|
type: 'boolean',
|
|
required: true,
|
|
default: false,
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
description: 'Sighted previously',
|
|
},
|
|
{
|
|
displayName: 'Status',
|
|
name: 'status',
|
|
type: 'options',
|
|
required: true,
|
|
default: '',
|
|
options: [
|
|
{
|
|
name: 'Ok',
|
|
value: 'Ok',
|
|
},
|
|
{
|
|
name: 'Deleted',
|
|
value: 'Deleted',
|
|
},
|
|
],
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
description: 'Status of the observable. Default=Ok',
|
|
},
|
|
// required for analyzer execution
|
|
{
|
|
displayName: 'Analyzer',
|
|
name: 'analyzers',
|
|
type: 'multiOptions',
|
|
required: true,
|
|
default: [],
|
|
typeOptions: {
|
|
loadOptionsDependsOn: [
|
|
'id',
|
|
'dataType',
|
|
],
|
|
loadOptionsMethod: 'loadAnalyzers',
|
|
},
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'executeAnalyzer',
|
|
],
|
|
},
|
|
hide: {
|
|
id: [
|
|
'',
|
|
],
|
|
},
|
|
},
|
|
},
|
|
|
|
// required for responder execution
|
|
{
|
|
displayName: 'Responder ID',
|
|
name: 'responder',
|
|
type: 'options',
|
|
required: true,
|
|
default: '',
|
|
typeOptions: {
|
|
loadOptionsDependsOn: [
|
|
'id',
|
|
],
|
|
loadOptionsMethod: 'loadResponders',
|
|
},
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'executeResponder',
|
|
],
|
|
},
|
|
hide: {
|
|
id: [
|
|
'',
|
|
],
|
|
},
|
|
},
|
|
},
|
|
// Optional attributes (Create operation)
|
|
{
|
|
displayName: 'Options',
|
|
name: 'options',
|
|
type: 'collection',
|
|
placeholder: 'Add Option',
|
|
required: false,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'create',
|
|
],
|
|
},
|
|
},
|
|
options: [
|
|
{
|
|
displayName: 'Observable Tags',
|
|
name: 'tags',
|
|
type: 'string',
|
|
required: false,
|
|
default: '',
|
|
placeholder: 'tag1,tag2',
|
|
},
|
|
],
|
|
},
|
|
// Optional attributes (Update operation)
|
|
{
|
|
displayName: 'Update Fields',
|
|
name: 'updateFields',
|
|
type: 'collection',
|
|
required: false,
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'update',
|
|
],
|
|
},
|
|
},
|
|
options: [
|
|
{
|
|
displayName: 'Message',
|
|
name: 'message',
|
|
type: 'string',
|
|
default: '',
|
|
description: 'Description of the observable in the context of the case',
|
|
|
|
},
|
|
{
|
|
displayName: 'Observable Tags',
|
|
name: 'tags',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder: 'tag1,tag2',
|
|
},
|
|
{
|
|
displayName: 'TLP',
|
|
name: 'tlp',
|
|
type: 'options',
|
|
default: 2,
|
|
options: [
|
|
{
|
|
name: 'White',
|
|
value: TLP.white,
|
|
},
|
|
{
|
|
name: 'Green',
|
|
value: TLP.green,
|
|
},
|
|
{
|
|
name: 'Amber',
|
|
value: TLP.amber,
|
|
},
|
|
{
|
|
name: 'Red',
|
|
value: TLP.red,
|
|
},
|
|
],
|
|
description: 'Traffict Light Protocol (TLP). Default=Amber',
|
|
},
|
|
{
|
|
displayName: 'IOC',
|
|
name: 'ioc',
|
|
type: 'boolean',
|
|
default: false,
|
|
description: 'Indicates if the observable is an IOC (Indicator of compromise)',
|
|
},
|
|
{
|
|
displayName: 'Sighted',
|
|
name: 'sighted',
|
|
description: 'sighted previously',
|
|
type: 'boolean',
|
|
default: false,
|
|
},
|
|
{
|
|
displayName: 'Status',
|
|
name: 'status',
|
|
type: 'options',
|
|
default: '',
|
|
options: [
|
|
{
|
|
name: 'Ok',
|
|
value: 'Ok',
|
|
},
|
|
{
|
|
name: 'Deleted',
|
|
value: 'Deleted',
|
|
},
|
|
],
|
|
description: 'Status of the observable. Default=Ok',
|
|
},
|
|
],
|
|
},
|
|
// query options
|
|
{
|
|
displayName: 'Options',
|
|
name: 'options',
|
|
displayOptions: {
|
|
show: {
|
|
operation: [
|
|
'getAll',
|
|
'search',
|
|
],
|
|
resource: [
|
|
'observable',
|
|
],
|
|
},
|
|
},
|
|
type: 'collection',
|
|
placeholder: 'Add Option',
|
|
default: {},
|
|
options: [
|
|
{
|
|
displayName: 'Sort',
|
|
name: 'sort',
|
|
type: 'string',
|
|
placeholder: '±Attribut, exp +status',
|
|
description: 'Specify the sorting attribut, + for asc, - for desc',
|
|
default: '',
|
|
},
|
|
],
|
|
},
|
|
// query attributes
|
|
{
|
|
displayName: 'Filters',
|
|
name: 'filters',
|
|
type: 'collection',
|
|
required: false,
|
|
default: '',
|
|
placeholder: 'Add Filter',
|
|
displayOptions: {
|
|
show: {
|
|
resource: [
|
|
'observable',
|
|
],
|
|
operation: [
|
|
'search',
|
|
'count',
|
|
],
|
|
},
|
|
},
|
|
options: [
|
|
{
|
|
displayName: 'Data Type',
|
|
name: 'dataType',
|
|
type: 'multiOptions',
|
|
default: [],
|
|
options: [
|
|
{
|
|
name: 'domain',
|
|
value: 'domain',
|
|
},
|
|
{
|
|
name: 'file',
|
|
value: 'file',
|
|
},
|
|
{
|
|
name: 'filename',
|
|
value: 'filename',
|
|
},
|
|
{
|
|
name: 'fqdn',
|
|
value: 'fqdn',
|
|
},
|
|
{
|
|
name: 'hash',
|
|
value: 'hash',
|
|
},
|
|
{
|
|
name: 'ip',
|
|
value: 'ip',
|
|
},
|
|
{
|
|
name: 'mail',
|
|
value: 'mail',
|
|
},
|
|
{
|
|
name: 'mail_subject',
|
|
value: 'mail_subject',
|
|
},
|
|
{
|
|
name: 'other',
|
|
value: 'other',
|
|
},
|
|
{
|
|
name: 'regexp',
|
|
value: 'regexp',
|
|
},
|
|
{
|
|
name: 'registry',
|
|
value: 'registry',
|
|
},
|
|
{
|
|
name: 'uri_path',
|
|
value: 'uri_path',
|
|
},
|
|
{
|
|
name: 'url',
|
|
value: 'url',
|
|
},
|
|
{
|
|
name: 'user-agent',
|
|
value: 'user-agent',
|
|
},
|
|
],
|
|
description: 'Type of the observable',
|
|
},
|
|
{
|
|
displayName: 'Date range',
|
|
type: 'fixedCollection',
|
|
name: 'range',
|
|
default: {},
|
|
options: [
|
|
{
|
|
displayName: 'Add date range inputs',
|
|
name: 'dateRange',
|
|
values: [
|
|
{
|
|
displayName: 'From date',
|
|
name: 'fromDate',
|
|
type: 'dateTime',
|
|
required: false,
|
|
default: '',
|
|
},
|
|
{
|
|
displayName: 'To date',
|
|
name: 'toDate',
|
|
type: 'dateTime',
|
|
required: false,
|
|
default: '',
|
|
},
|
|
],
|
|
},
|
|
],
|
|
},
|
|
{
|
|
displayName: 'Description',
|
|
name: 'description',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder: 'exp,freetext',
|
|
},
|
|
{
|
|
displayName: 'IOC',
|
|
name: 'ioc',
|
|
type: 'boolean',
|
|
default: false,
|
|
description: 'Indicates if the observable is an IOC (Indicator of compromise)',
|
|
},
|
|
{
|
|
displayName: 'Keyword',
|
|
name: 'keyword',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder: 'exp,freetext',
|
|
},
|
|
{
|
|
displayName: 'Message',
|
|
name: 'message',
|
|
type: 'string',
|
|
default: '',
|
|
description: 'Description of the observable in the context of the case',
|
|
},
|
|
{
|
|
displayName: 'Observable Tags',
|
|
name: 'tags',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder: 'tag1,tag2',
|
|
},
|
|
{
|
|
displayName: 'Sighted',
|
|
name: 'sighted',
|
|
type: 'boolean',
|
|
default: false,
|
|
},
|
|
{
|
|
name: 'Status',
|
|
displayName: 'Status',
|
|
type: 'options',
|
|
default: '',
|
|
options: [
|
|
{
|
|
name: 'Ok',
|
|
value: 'Ok',
|
|
},
|
|
{
|
|
name: 'Deleted',
|
|
value: 'Deleted',
|
|
},
|
|
],
|
|
description: 'Status of the observable. Default=Ok',
|
|
},
|
|
{
|
|
displayName: 'TLP',
|
|
name: 'tlp',
|
|
type: 'options',
|
|
default: 2,
|
|
options: [
|
|
{
|
|
name: 'White',
|
|
value: TLP.white,
|
|
},
|
|
{
|
|
name: 'Green',
|
|
value: TLP.green,
|
|
},
|
|
{
|
|
name: 'Amber',
|
|
value: TLP.amber,
|
|
},
|
|
{
|
|
name: 'Red',
|
|
value: TLP.red,
|
|
},
|
|
],
|
|
description: 'Traffict Light Protocol (TLP). Default=Amber',
|
|
},
|
|
{
|
|
displayName: 'Value',
|
|
name: 'data',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder: 'example.com; 8.8.8.8',
|
|
},
|
|
],
|
|
},
|
|
] as INodeProperties[];
|