feat(intel): major intel scan improvements + Review Queue integration
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Backend:
- intel_service: remove 50-technique limit (scan all techniques), improve
pattern matching with word boundaries (\bT1059\b), raise min name length
to 8 chars to reduce false positives, skip entries with empty titles
- technique_query_service: add intel_items to get_technique_detail() so
the technique page now shows recent threat intel articles (last 20)
- New GET /intel/items endpoint with optional technique_id filter
Frontend:
- New api/intel.ts with listIntelItems()
- ReviewQueuePage: complete redesign
* Expandable rows — click a technique to see its intel articles inline
* IntelPanel component fetches articles per technique on expand
* 'Create Template from Intel' button opens pre-filled modal:
name (from article title), source_url (article link), technique_id
User reads the article and fills the attack procedure
* Updated explanation text: lists all 3 reasons a technique can be flagged
(MITRE update / intel scan / new template or detection rule)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
@@ -6,6 +6,7 @@ from sqlalchemy.orm import Session, joinedload
|
||||
from app.domain.errors import EntityNotFoundError
|
||||
from app.models.technique import Technique
|
||||
from app.models.detection_rule import DetectionRule
|
||||
from app.models.intel import IntelItem
|
||||
from app.services.d3fend_import_service import get_defenses_for_technique
|
||||
|
||||
# Severity sort order for detection rules (most critical first)
|
||||
@@ -25,6 +26,15 @@ def get_technique_detail(db: Session, mitre_id: str) -> dict:
|
||||
|
||||
defenses = get_defenses_for_technique(db, technique.id)
|
||||
|
||||
# Recent intel items for this technique (newest 20)
|
||||
intel_items = (
|
||||
db.query(IntelItem)
|
||||
.filter(IntelItem.technique_id == technique.id)
|
||||
.order_by(IntelItem.detected_at.desc())
|
||||
.limit(20)
|
||||
.all()
|
||||
)
|
||||
|
||||
detection_rules = (
|
||||
db.query(DetectionRule)
|
||||
.filter(
|
||||
@@ -79,4 +89,15 @@ def get_technique_detail(db: Session, mitre_id: str) -> dict:
|
||||
for r in detection_rules
|
||||
],
|
||||
"d3fend_defenses": defenses,
|
||||
"intel_items": [
|
||||
{
|
||||
"id": str(item.id),
|
||||
"url": item.url,
|
||||
"title": item.title,
|
||||
"source": item.source,
|
||||
"detected_at": item.detected_at.isoformat() if item.detected_at else None,
|
||||
"reviewed": item.reviewed,
|
||||
}
|
||||
for item in intel_items
|
||||
],
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user