Merge pull request #2827 from JohnDuprey/dev

Huntress RogueApps and Bugfixes
KelvinTegelaar · Aug 16, 2024 · 3de5bb6 · 3de5bb6
2 parents dbb45bc + b4b820f
commit 3de5bb6
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 1 deletion.
diff --git a/src/components/tables/CellTable.jsx b/src/components/tables/CellTable.jsx
@@ -23,6 +23,15 @@ export default function cellTable(
  if (columnProp === undefined || columnProp === null) {
  columnProp = []
  } else {
+ var objectLength = 1
+ var lengthText = 'Item'
+ if (columnProp instanceof Array) {
+ objectLength = columnProp.length
+ if (objectLength > 1) {
+ lengthText = 'Items'
+ }
+ }
+
  if (!Array.isArray(columnProp) && typeof columnProp === 'object') {
  columnProp = Object.keys(columnProp).map((key) => {
  return {
@@ -93,7 +102,7 @@ export default function cellTable(
  size="sm"
  onClick={() => handleTable({ columnProp })}
  >
- {columnProp.length} Items
+ {objectLength} {lengthText}
  </CButton>
  )
 }

diff --git a/src/data/alerts.json b/src/data/alerts.json
@@ -99,5 +99,11 @@
  "name": "DeviceCompliance",
  "label": "Alert on device compliance issues",
  "recommendedRunInterval": "4h"
+ },
+ {
+ "name": "HuntressRogueApps",
+ "label": "Alert on Huntress Rogue Apps detected",
+ "recommendedRunInterval": "4h",
+ "description": "Huntress has provided a repository of known rogue apps that are commonly used in BEC, data exfiltration and other Microsoft 365 attacks. This alert will notify you if any of these apps are detected in the selected tenant(s). For more information, see <a href='https://huntresslabs.github.io/rogueapps/' target='_blank'>https://huntresslabs.github.io/rogueapps/</a>."
  }
 ]
diff --git a/src/views/tenant/administration/AlertWizard.jsx b/src/views/tenant/administration/AlertWizard.jsx
@@ -21,6 +21,7 @@ import auditLogSchema from 'src/data/AuditLogSchema.json'
 import auditLogTemplates from 'src/data/AuditLogTemplates.json'
 import Skeleton from 'react-loading-skeleton'
 import { required } from 'src/validators'
+import HtmlParser from 'react-html-parser'
 
 const AlertWizard = () => {
  const tenantDomain = useSelector((state) => state.app.currentTenant.defaultDomainName)
@@ -112,6 +113,18 @@ const AlertWizard = () => {
  }
  }
 
+ const getScriptDescription = () => {
+ const values = currentFormState?.values
+ if (values) {
+ const command = values.command?.value
+ if (command?.description) {
+ return HtmlParser(command.description)
+ } else {
+ return null
+ }
+ }
+ }
+
  const setAuditForm = (e) => {
  const preset = presetValues.find((p) => p.value === e.value)
  setAuditFormState(preset.template)
@@ -368,6 +381,16 @@ const AlertWizard = () => {
  render={({ handleSubmit, submitting, values }) => {
  return (
  <CForm id="alertForm" onSubmit={handleSubmit}>
+ {getScriptDescription() && (
+ <CRow className="mb-3">
+ <CCol>
+ <CCallout color="info">
+ <FontAwesomeIcon icon="info-circle" className="me-2" />
+ {getScriptDescription()}
+ </CCallout>
+ </CCol>
+ </CRow>
+ )}
  <CRow className="mb-3">
  <CCol>
  <RFFSelectSearch
@@ -382,6 +405,7 @@ const AlertWizard = () => {
  />
  </CCol>
  </CRow>
+
  <Condition when="command.value.requiresInput" is={true}>
  <CRow className="mb-3">
  <CCol>