Revert "Add IOC type filter to Feeds API and page. Closes GreedyBear-Project#551 (GreedyBear-Project#610)" (GreedyBear-Project#615)

This reverts commit 3367c70.

Author: regulartim

api/serializers.py

@@ -38,9 +38,7 @@ def validate(self, data):
         Check a given observable against regex expression
         """
         observable = data["query"]
-        if re.match(r"^[\d\.]+$", observable) and not re.match(REGEX_IP, observable):
-            raise serializers.ValidationError("Observable is not a valid IP")
-        if not re.match(REGEX_IP, observable) and not re.match(REGEX_DOMAIN, observable):
+        if not re.match(REGEX_IP, observable) or not re.match(REGEX_DOMAIN, observable):
             raise serializers.ValidationError("Observable is not a valid IP or domain")
         try:
             required_object = IOC.objects.get(name=observable)
@@ -97,7 +95,6 @@ def ordering_validation(ordering: str) -> str:
 class FeedsRequestSerializer(serializers.Serializer):
     feed_type = serializers.CharField(max_length=120)
     attack_type = serializers.ChoiceField(choices=["scanner", "payload_request", "all"])
-    ioc_type = serializers.ChoiceField(choices=["ip", "domain", "all"])
     max_age = serializers.IntegerField(min_value=1)
     min_days_seen = serializers.IntegerField(min_value=1)
     include_reputation = serializers.ListField(child=serializers.CharField(max_length=120))

api/views/feeds.py

@@ -33,9 +33,7 @@ def feeds(request, feed_type, attack_type, prioritize, format_):
     """
     logger.info(f"request /api/feeds with params: feed type: {feed_type}, " f"attack_type: {attack_type}, prioritization: {prioritize}, format: {format_}")
 
-    feed_params_data = request.query_params.dict()
-    feed_params_data.update({"feed_type": feed_type, "attack_type": attack_type, "format_": format_})
-    feed_params = FeedRequestParams(feed_params_data)
+    feed_params = FeedRequestParams({"feed_type": feed_type, "attack_type": attack_type, "format_": format_})
     feed_params.apply_default_filters(request.query_params)
     feed_params.set_prioritization(prioritize)
 

api/views/utils.py

@@ -46,7 +46,6 @@ class FeedRequestParams:
     Attributes:
         feed_type (str): Type of feed to retrieve (default: "all")
         attack_type (str): Type of attack to filter (default: "all")
-        ioc_type (str): Type of IOC to filter - 'ip', 'domain', or 'all' (default: "all")
         max_age (str): Maximum number of days since last occurrence (default: "3")
         min_days_seen (str): Minimum number of days on which an IOC must have been seen (default: "1")
         include_reputation (list): List of reputation values to include (default: [])
@@ -66,7 +65,6 @@ def __init__(self, query_params: dict):
         """
         self.feed_type = query_params.get("feed_type", "all").lower()
         self.attack_type = query_params.get("attack_type", "all").lower()
-        self.ioc_type = query_params.get("ioc_type", "all").lower()
         self.max_age = query_params.get("max_age", "3")
         self.min_days_seen = query_params.get("min_days_seen", "1")
         self.include_reputation = query_params["include_reputation"].split(";") if "include_reputation" in query_params else []
@@ -156,9 +154,6 @@ def get_queryset(request, feed_params, valid_feed_types):
     if feed_params.attack_type != "all":
         query_dict[feed_params.attack_type] = True
 
-    if feed_params.ioc_type != "all":
-        query_dict["type"] = feed_params.ioc_type
-
     query_dict["last_seen__gte"] = datetime.now() - timedelta(days=int(feed_params.max_age))
     if int(feed_params.min_days_seen) > 1:
         query_dict["number_of_days_seen__gte"] = int(feed_params.min_days_seen)

frontend/src/components/feeds/Feeds.jsx

@@ -26,12 +26,6 @@ const attackTypeChoices = [
   { label: "Payload request", value: "payload_request" },
 ];
 
-const iocTypeChoices = [
-  { label: "All", value: "all" },
-  { label: "IP addresses", value: "ip" },
-  { label: "Domains", value: "domain" },
-];
-
 const prioritizationChoices = [
   { label: "Recent", value: "recent" },
   { label: "Persistent", value: "persistent" },
@@ -42,7 +36,6 @@ const prioritizationChoices = [
 const initialValues = {
   feeds_type: "all",
   attack_type: "all",
-  ioc_type: "all",
   prioritize: "recent",
 };
 
@@ -94,7 +87,6 @@ export default function Feeds() {
       params: {
         feed_type: initialValues.feeds_type,
         attack_type: initialValues.attack_type,
-        ioc_type: initialValues.ioc_type,
         prioritize: initialValues.prioritize,
       },
       initialParams: {
@@ -110,11 +102,10 @@ export default function Feeds() {
     (values) => {
       try {
         setUrl(
-          `${FEEDS_BASE_URI}/${values.feeds_type}/${values.attack_type}/${values.prioritize}.json?ioc_type=${values.ioc_type}`
+          `${FEEDS_BASE_URI}/${values.feeds_type}/${values.attack_type}/${values.prioritize}.json`
         );
         initialValues.feeds_type = values.feeds_type;
         initialValues.attack_type = values.attack_type;
-        initialValues.ioc_type = values.ioc_type;
         initialValues.prioritize = values.prioritize;
 
         const resetPage = {
@@ -157,7 +148,7 @@ export default function Feeds() {
                   {(formik) => (
                     <Form>
                       <FormGroup row>
-                        <Col sm={12} md={3}>
+                        <Col sm={12} md={4}>
                           <Label
                             className="form-control-label"
                             htmlFor="Feeds__feeds_type"
@@ -175,7 +166,7 @@ export default function Feeds() {
                             }}
                           />
                         </Col>
-                        <Col sm={12} md={3}>
+                        <Col sm={12} md={4}>
                           <Label
                             className="form-control-label"
                             htmlFor="Feeds__attack_type"
@@ -193,25 +184,7 @@ export default function Feeds() {
                             }}
                           />
                         </Col>
-                        <Col sm={12} md={3}>
-                          <Label
-                            className="form-control-label"
-                            htmlFor="Feeds__ioc_type"
-                          >
-                            IOC type:
-                          </Label>
-                          <Select
-                            id="Feeds__ioc_type"
-                            name="ioc_type"
-                            value={initialValues.ioc_type}
-                            choices={iocTypeChoices}
-                            onChange={(e) => {
-                              formik.handleChange(e);
-                              formik.submitForm();
-                            }}
-                          />
-                        </Col>
-                        <Col sm={12} md={3}>
+                        <Col sm={12} md={4}>
                           <Label
                             className="form-control-label"
                             htmlFor="Feeds__prioritize"

frontend/tests/components/feeds/Feeds.test.jsx

@@ -72,8 +72,6 @@ describe("Feeds component", () => {
     expect(feedTypeSelectElement).toBeInTheDocument();
     const attackTypeSelectElement = screen.getByLabelText("Attack type:");
     expect(attackTypeSelectElement).toBeInTheDocument();
-    const iocTypeSelectElement = screen.getByLabelText("IOC type:");
-    expect(iocTypeSelectElement).toBeInTheDocument();
     const prioritizationSelectElement = screen.getByLabelText("Prioritize:");
     expect(prioritizationSelectElement).toBeInTheDocument();
 
@@ -85,23 +83,13 @@ describe("Feeds component", () => {
 
     await user.selectOptions(feedTypeSelectElement, "log4j");
     await user.selectOptions(attackTypeSelectElement, "scanner");
-    await user.selectOptions(iocTypeSelectElement, "ip");
     await user.selectOptions(prioritizationSelectElement, "persistent");
 
     await waitFor(() => {
-      // check link has been changed including ioc_type parameter
+      // check link has been changed
       expect(buttonRawData).toHaveAttribute(
         "href",
-        "/api/feeds/log4j/scanner/persistent.json?ioc_type=ip"
-      );
-    });
-
-    // Test selecting domain IOC type
-    await user.selectOptions(iocTypeSelectElement, "domain");
-    await waitFor(() => {
-      expect(buttonRawData).toHaveAttribute(
-        "href",
-        "/api/feeds/log4j/scanner/persistent.json?ioc_type=domain"
+        "/api/feeds/log4j/scanner/persistent.json"
       );
     });
   });

tests/__init__.py

@@ -81,36 +81,12 @@ def setUpTestData(cls):
             expected_interactions=11.1,
         )
 
-        cls.ioc_domain = IOC.objects.create(
-            name="malicious.example.com",
-            type=iocType.DOMAIN.value,
-            first_seen=cls.current_time,
-            last_seen=cls.current_time,
-            days_seen=[cls.current_time],
-            number_of_days_seen=1,
-            attack_count=1,
-            interaction_count=1,
-            log4j=True,
-            cowrie=False,
-            scanner=False,
-            payload_request=True,
-            related_urls=[],
-            ip_reputation="",
-            asn=None,
-            destination_ports=[],
-            login_attempts=0,
-            recurrence_probability=0.2,
-            expected_interactions=5.5,
-        )
-
         cls.ioc.general_honeypot.add(cls.heralding)  # FEEDS
         cls.ioc.general_honeypot.add(cls.ciscoasa)  # FEEDS
         cls.ioc.save()
         cls.ioc_2.general_honeypot.add(cls.heralding)  # FEEDS
         cls.ioc_2.general_honeypot.add(cls.ciscoasa)  # FEEDS
         cls.ioc_2.save()
-        cls.ioc_domain.general_honeypot.add(cls.heralding)  # FEEDS
-        cls.ioc_domain.save()
 
         cls.cmd_seq = ["cd foo", "ls -la"]
         cls.hash = sha256("\n".join(cls.cmd_seq).encode()).hexdigest()

tests/test_serializers.py

@@ -25,7 +25,6 @@ def test_valid_fields(self):
         choices = {
             "feed_type": ["all", "log4j", "cowrie", "adbhoney"],
             "attack_type": ["all", "scanner", "payload_request"],
-            "ioc_type": ["ip", "domain", "all"],
             "max_age": [str(n) for n in [1, 2, 4, 8, 16]],
             "min_days_seen": [str(n) for n in [1, 2, 4, 8, 16]],
             "include_reputation": [[], ["known attacker"], ["known attacker", "mass scanner"]],