import { useState, useRef } from "react"; import { useMutation } from "@tanstack/react-query"; import { Upload, Download, FileJson, CheckCircle, XCircle, AlertTriangle, Loader2, ChevronDown, ChevronUp, } from "lucide-react"; import { importRT, type RTImportPayload, type RTTechniqueEntry } from "../api/tests"; /* ── Template JSON ─────────────────────────────────────────────────── */ const TEMPLATE_JSON: RTImportPayload = { name: "Red Team Q1 2024", date: new Date().toISOString().slice(0, 10), description: "External red team engagement — perimeter assessment", operator: "SecTeam Red", techniques: [ { mitre_id: "T1059.001", result: "detected", attack_success: true, platform: "windows", notes: "PowerShell execution caught by Defender for Endpoint within 2 min", }, { mitre_id: "T1078", result: "not_detected", attack_success: true, platform: "windows", notes: "Credential reuse via stolen credentials — undetected for 48h", }, { mitre_id: "T1486", result: "not_detected", attack_success: false, platform: "windows", notes: "Ransomware blocked by AppLocker before execution", }, { mitre_id: "T1190", result: "partially_detected", attack_success: true, platform: "linux", notes: "Exploit worked but only a partial alert fired — no full incident created", }, ], }; /* ── helpers ─────────────────────────────────────────────────────── */ const RESULT_CONFIG: Record = { detected: { label: "Detected", badge: "bg-green-500/10 text-green-400 border-green-500/20" }, not_detected: { label: "Not Detected", badge: "bg-red-500/10 text-red-400 border-red-500/20" }, partially_detected: { label: "Partial", badge: "bg-yellow-500/10 text-yellow-400 border-yellow-500/20" }, }; function downloadTemplate() { const blob = new Blob([JSON.stringify(TEMPLATE_JSON, null, 2)], { type: "application/json" }); const a = document.createElement("a"); a.href = URL.createObjectURL(blob); a.download = "rt_import_template.json"; a.click(); URL.revokeObjectURL(a.href); } function parseJson(raw: string): { payload: RTImportPayload | null; error: string | null } { try { const parsed = JSON.parse(raw); if (!parsed.name) return { payload: null, error: "Missing required field: name" }; if (!Array.isArray(parsed.techniques)) return { payload: null, error: "Missing required field: techniques (array)" }; for (const t of parsed.techniques) { if (!t.mitre_id) return { payload: null, error: `Technique missing mitre_id: ${JSON.stringify(t)}` }; if (!["detected", "not_detected", "partially_detected"].includes(t.result)) { return { payload: null, error: `Invalid result '${t.result}' for ${t.mitre_id}. Must be: detected | not_detected | partially_detected` }; } } return { payload: parsed as RTImportPayload, error: null }; } catch (e) { return { payload: null, error: `Invalid JSON: ${(e as Error).message}` }; } } /* ── Component ────────────────────────────────────────────────────── */ export default function ImportRTPage() { const fileRef = useRef(null); const [jsonText, setJsonText] = useState(""); const [showFormat, setShowFormat] = useState(false); const [parseError, setParseError] = useState(null); const [preview, setPreview] = useState(null); const importMutation = useMutation({ mutationFn: (payload: RTImportPayload) => importRT(payload), }); const handleTextChange = (value: string) => { setJsonText(value); setParseError(null); importMutation.reset(); if (!value.trim()) { setPreview(null); return; } const { payload, error } = parseJson(value); if (error) { setParseError(error); setPreview(null); } else { setPreview(payload); } }; const handleFile = (e: React.ChangeEvent) => { const file = e.target.files?.[0]; if (!file) return; const reader = new FileReader(); reader.onload = (ev) => { const text = ev.target?.result as string; setJsonText(text); handleTextChange(text); }; reader.readAsText(file); e.target.value = ""; }; const handleImport = () => { if (!preview) return; importMutation.mutate(preview); }; const result = importMutation.data; return (
{/* Header */}

Import Red Team Results

Upload findings from a real Red Team engagement. Each technique becomes a validated test with its detection result, maintaining full coverage history.

{/* Format toggle */}
{showFormat && (
{/* Required fields */}

Required fields

{[ ["name", "string", "Engagement name"], ["techniques[].mitre_id", "string", "e.g. T1059.001"], ["techniques[].result", "enum", "detected | not_detected | partially_detected"], ["techniques[].attack_success", "boolean", "Was the attack successful?"], ].map(([field, type, desc]) => ( ))}
{field} {type} {desc}
{/* Optional fields */}

Optional fields

{[ ["date", "string", "ISO date (YYYY-MM-DD)"], ["description", "string", "Engagement description"], ["operator", "string", "Team or company"], ["techniques[].platform", "string", "windows | linux | macos"], ["techniques[].notes", "string", "What happened, how it was used"], ].map(([field, type, desc]) => ( ))}
{field} {type} {desc}
)}
{/* Input area */}

Paste or upload your JSON