kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(rt-import): import Red Team engagement results as validated tests
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Details

Browse Source 
Backend — POST /tests/import-rt (red_lead + admin):
  Accepts engagement JSON with name/date/description/operator and
  a list of techniques each with mitre_id, result, attack_success,
  platform, notes. Creates one Test per technique directly in
  'validated' state (red + blue validation = approved) bypassing
  the normal workflow. Recalculates technique.status_global for
  all affected techniques. Returns created/skipped summary.

Frontend — /tests/import-rt (new dedicated page):
  - Format reference panel (collapsible) with field descriptions
  - Download template JSON button (generates a filled example)
  - Paste JSON textarea + file upload (.json)
  - Live validation + preview table showing what will be imported
  - Import button with spinner
  - Success / warning / error result display
  Accessible to admin and red_lead only.
  Added to sidebar under Tests > Import RT Results.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
2026-05-29 16:15:35 +02:00
parent b39a4fec14
commit 2f1ef7545d
5 changed files with 542 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

356
frontend/src/pages/ImportRTPage.tsx Normal file
View File

@@ -0,0 +1,356 @@
import { useState, useRef } from "react";
import { useMutation } from "@tanstack/react-query";
import {
Upload,
Download,
FileJson,
CheckCircle,
XCircle,
AlertTriangle,
Loader2,
ChevronDown,
ChevronUp,
} from "lucide-react";
import { importRT, type RTImportPayload, type RTTechniqueEntry } from "../api/tests";
/* ── Template JSON ─────────────────────────────────────────────────── */
const TEMPLATE_JSON: RTImportPayload = {
name: "Red Team Q1 2024",
date: new Date().toISOString().slice(0, 10),
description: "External red team engagement — perimeter assessment",
operator: "SecTeam Red",
techniques: [
{
mitre_id: "T1059.001",
result: "detected",
attack_success: true,
platform: "windows",
notes: "PowerShell execution caught by Defender for Endpoint within 2 min",
},
{
mitre_id: "T1078",
result: "not_detected",
attack_success: true,
platform: "windows",
notes: "Credential reuse via stolen credentials — undetected for 48h",
},
{
mitre_id: "T1486",
result: "not_detected",
attack_success: false,
platform: "windows",
notes: "Ransomware blocked by AppLocker before execution",
},
{
mitre_id: "T1190",
result: "partially_detected",
attack_success: true,
platform: "linux",
notes: "Exploit worked but only a partial alert fired — no full incident created",
},
],
};
/* ── helpers ─────────────────────────────────────────────────────── */
const RESULT_CONFIG: Record<string, { label: string; badge: string }> = {
detected: { label: "Detected", badge: "bg-green-500/10 text-green-400 border-green-500/20" },
not_detected: { label: "Not Detected", badge: "bg-red-500/10 text-red-400 border-red-500/20" },
partially_detected: { label: "Partial", badge: "bg-yellow-500/10 text-yellow-400 border-yellow-500/20" },
};
function downloadTemplate() {
const blob = new Blob([JSON.stringify(TEMPLATE_JSON, null, 2)], { type: "application/json" });
const a = document.createElement("a");
a.href = URL.createObjectURL(blob);
a.download = "rt_import_template.json";
a.click();
URL.revokeObjectURL(a.href);
}
function parseJson(raw: string): { payload: RTImportPayload | null; error: string | null } {
try {
const parsed = JSON.parse(raw);
if (!parsed.name) return { payload: null, error: "Missing required field: name" };
if (!Array.isArray(parsed.techniques)) return { payload: null, error: "Missing required field: techniques (array)" };
for (const t of parsed.techniques) {
if (!t.mitre_id) return { payload: null, error: `Technique missing mitre_id: ${JSON.stringify(t)}` };
if (!["detected", "not_detected", "partially_detected"].includes(t.result)) {
return { payload: null, error: `Invalid result '${t.result}' for ${t.mitre_id}. Must be: detected | not_detected | partially_detected` };
}
}
return { payload: parsed as RTImportPayload, error: null };
} catch (e) {
return { payload: null, error: `Invalid JSON: ${(e as Error).message}` };
}
}
/* ── Component ────────────────────────────────────────────────────── */
export default function ImportRTPage() {
const fileRef = useRef<HTMLInputElement>(null);
const [jsonText, setJsonText] = useState("");
const [showFormat, setShowFormat] = useState(false);
const [parseError, setParseError] = useState<string | null>(null);
const [preview, setPreview] = useState<RTImportPayload | null>(null);
const importMutation = useMutation({
mutationFn: (payload: RTImportPayload) => importRT(payload),
});
const handleTextChange = (value: string) => {
setJsonText(value);
setParseError(null);
importMutation.reset();
if (!value.trim()) {
setPreview(null);
return;
}
const { payload, error } = parseJson(value);
if (error) {
setParseError(error);
setPreview(null);
} else {
setPreview(payload);
}
};
const handleFile = (e: React.ChangeEvent<HTMLInputElement>) => {
const file = e.target.files?.[0];
if (!file) return;
const reader = new FileReader();
reader.onload = (ev) => {
const text = ev.target?.result as string;
setJsonText(text);
handleTextChange(text);
};
reader.readAsText(file);
e.target.value = "";
};
const handleImport = () => {
if (!preview) return;
importMutation.mutate(preview);
};
const result = importMutation.data;
return (
<div className="space-y-6 max-w-4xl">
{/* Header */}
<div>
<h1 className="text-2xl font-bold text-white flex items-center gap-2">
<Upload className="h-7 w-7 text-orange-400" />
Import Red Team Results
</h1>
<p className="mt-1 text-sm text-gray-400">
Upload findings from a real Red Team engagement. Each technique becomes a validated test
with its detection result, maintaining full coverage history.
</p>
</div>
{/* Format toggle */}
<div className="rounded-xl border border-gray-800 bg-gray-900">
<button
onClick={() => setShowFormat(!showFormat)}
className="flex w-full items-center justify-between px-5 py-4 text-left"
>
<div className="flex items-center gap-2">
<FileJson className="h-4 w-4 text-cyan-400" />
<span className="text-sm font-medium text-gray-300">JSON Format Reference</span>
</div>
{showFormat ? <ChevronUp className="h-4 w-4 text-gray-500" /> : <ChevronDown className="h-4 w-4 text-gray-500" />}
</button>
{showFormat && (
<div className="border-t border-gray-800 px-5 pb-5 pt-4 space-y-4">
<div className="grid gap-4 sm:grid-cols-2">
{/* Required fields */}
<div>
<p className="mb-2 text-xs font-semibold uppercase tracking-wider text-gray-500">Required fields</p>
<table className="w-full text-xs">
<tbody className="divide-y divide-gray-800">
{[
["name", "string", "Engagement name"],
["techniques[].mitre_id", "string", "e.g. T1059.001"],
["techniques[].result", "enum", "detected | not_detected | partially_detected"],
["techniques[].attack_success", "boolean", "Was the attack successful?"],
].map(([field, type, desc]) => (
<tr key={field}>
<td className="py-1.5 pr-3 font-mono text-cyan-400">{field}</td>
<td className="py-1.5 pr-3 text-gray-500 italic">{type}</td>
<td className="py-1.5 text-gray-400">{desc}</td>
</tr>
))}
</tbody>
</table>
</div>
{/* Optional fields */}
<div>
<p className="mb-2 text-xs font-semibold uppercase tracking-wider text-gray-500">Optional fields</p>
<table className="w-full text-xs">
<tbody className="divide-y divide-gray-800">
{[
["date", "string", "ISO date (YYYY-MM-DD)"],
["description", "string", "Engagement description"],
["operator", "string", "Team or company"],
["techniques[].platform", "string", "windows | linux | macos"],
["techniques[].notes", "string", "What happened, how it was used"],
].map(([field, type, desc]) => (
<tr key={field}>
<td className="py-1.5 pr-3 font-mono text-gray-400">{field}</td>
<td className="py-1.5 pr-3 text-gray-500 italic">{type}</td>
<td className="py-1.5 text-gray-400">{desc}</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
<button
onClick={downloadTemplate}
className="flex items-center gap-2 rounded-lg border border-cyan-500/30 bg-cyan-500/10 px-4 py-2 text-sm font-medium text-cyan-400 hover:bg-cyan-500/20 transition-colors"
>
<Download className="h-4 w-4" />
Download template JSON
</button>
</div>
)}
</div>
{/* Input area */}
<div className="rounded-xl border border-gray-800 bg-gray-900 p-5 space-y-4">
<div className="flex items-center justify-between">
<h2 className="text-sm font-semibold text-white">Paste or upload your JSON</h2>
<div className="flex items-center gap-2">
<input ref={fileRef} type="file" accept=".json" onChange={handleFile} className="hidden" />
<button
onClick={() => fileRef.current?.click()}
className="flex items-center gap-1.5 rounded-lg border border-gray-700 px-3 py-1.5 text-xs text-gray-400 hover:bg-gray-800 hover:text-white transition-colors"
>
<Upload className="h-3.5 w-3.5" />
Upload file
</button>
</div>
</div>
<textarea
value={jsonText}
onChange={(e) => handleTextChange(e.target.value)}
placeholder={`Paste your JSON here or use the template…\n\n{\n "name": "Red Team Q1 2024",\n "techniques": [\n {\n "mitre_id": "T1059.001",\n "result": "detected",\n "attack_success": true\n }\n ]\n}`}
rows={14}
className="w-full rounded-lg border border-gray-700 bg-gray-800 px-3 py-2.5 font-mono text-xs text-gray-200 placeholder-gray-600 focus:border-cyan-500 focus:outline-none resize-none"
/>
{parseError && (
<div className="flex items-start gap-2 rounded-lg border border-red-500/30 bg-red-900/20 p-3 text-sm text-red-400">
<XCircle className="h-4 w-4 mt-0.5 shrink-0" />
{parseError}
</div>
)}
</div>
{/* Preview */}
{preview && !parseError && (
<div className="rounded-xl border border-gray-800 bg-gray-900 p-5 space-y-4">
<div className="flex items-center justify-between">
<div>
<h2 className="text-sm font-semibold text-white">{preview.name}</h2>
<p className="mt-0.5 text-xs text-gray-500">
{preview.date && <span>{preview.date} · </span>}
{preview.operator && <span>{preview.operator} · </span>}
<span className="text-amber-400">{preview.techniques.length} techniques</span>
</p>
{preview.description && (
<p className="mt-1 text-xs text-gray-400">{preview.description}</p>
)}
</div>
<button
onClick={handleImport}
disabled={importMutation.isPending}
className="flex items-center gap-2 rounded-lg bg-orange-600 px-4 py-2 text-sm font-medium text-white hover:bg-orange-500 disabled:opacity-50 transition-colors"
>
{importMutation.isPending
? <><Loader2 className="h-4 w-4 animate-spin" /> Importing</>
: <><Upload className="h-4 w-4" /> Import {preview.techniques.length} Techniques</>
}
</button>
</div>
<div className="overflow-x-auto rounded-lg border border-gray-800">
<table className="w-full text-xs">
<thead>
<tr className="border-b border-gray-800 text-gray-500 uppercase tracking-wider">
<th className="px-4 py-2.5 text-left">MITRE ID</th>
<th className="px-4 py-2.5 text-left">Result</th>
<th className="px-4 py-2.5 text-left">Attack</th>
<th className="px-4 py-2.5 text-left">Platform</th>
<th className="px-4 py-2.5 text-left">Notes</th>
</tr>
</thead>
<tbody className="divide-y divide-gray-800/50">
{preview.techniques.map((t: RTTechniqueEntry, i) => (
<tr key={i} className="hover:bg-gray-800/20">
<td className="px-4 py-2.5 font-mono text-cyan-400 font-semibold">{t.mitre_id}</td>
<td className="px-4 py-2.5">
<span className={`inline-flex rounded-full border px-2 py-0.5 font-medium ${RESULT_CONFIG[t.result]?.badge ?? ""}`}>
{RESULT_CONFIG[t.result]?.label ?? t.result}
</span>
</td>
<td className="px-4 py-2.5">
{t.attack_success
? <span className="text-orange-400">Success</span>
: <span className="text-gray-500">Blocked</span>
}
</td>
<td className="px-4 py-2.5 text-gray-400 capitalize">{t.platform ?? "—"}</td>
<td className="px-4 py-2.5 text-gray-500 max-w-xs truncate">{t.notes ?? "—"}</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
)}
{/* Import result */}
{result && (
<div className="rounded-xl border border-green-500/30 bg-green-500/5 p-5 space-y-3">
<div className="flex items-center gap-2">
<CheckCircle className="h-5 w-5 text-green-400" />
<h2 className="text-sm font-semibold text-green-400">
Import complete {result.created} tests created
</h2>
</div>
<p className="text-xs text-gray-400">
Engagement: <span className="text-white">{result.engagement}</span>
{" · "}Created: <span className="text-green-400">{result.created}</span>
{result.skipped > 0 && <>{" · "}<span className="text-yellow-400">{result.skipped} skipped</span></>}
</p>
{result.warnings.length > 0 && (
<div className="space-y-1">
<p className="text-xs font-medium text-yellow-400 flex items-center gap-1">
<AlertTriangle className="h-3.5 w-3.5" /> Skipped entries
</p>
{result.warnings.map((w, i) => (
<p key={i} className="text-xs text-gray-500 ml-5">
<span className="font-mono text-gray-400">{w.mitre_id}</span>: {w.reason}
</p>
))}
</div>
)}
</div>
)}
{importMutation.isError && (
<div className="flex items-start gap-2 rounded-xl border border-red-500/30 bg-red-900/20 p-4 text-sm text-red-400">
<XCircle className="h-4 w-4 mt-0.5 shrink-0" />
{(importMutation.error as Error)?.message || "Import failed"}
</div>
)}
</div>
);
}