Implement Phase 4: ML threat detection, automated playbooks, and advanced reporting

Co-authored-by: mblanke <9078342+mblanke@users.noreply.github.com>

backend/app/schemas/playbook.py

@@ -0,0 +1,55 @@
+from pydantic import BaseModel
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+
+
+class PlaybookBase(BaseModel):
+    """Base playbook schema"""
+    name: str
+    description: Optional[str] = None
+    trigger_type: str
+    trigger_config: Optional[Dict[str, Any]] = None
+    actions: List[Dict[str, Any]]
+    is_enabled: bool = True
+
+
+class PlaybookCreate(PlaybookBase):
+    """Schema for creating a playbook"""
+    pass
+
+
+class PlaybookUpdate(BaseModel):
+    """Schema for updating a playbook"""
+    name: Optional[str] = None
+    description: Optional[str] = None
+    trigger_type: Optional[str] = None
+    trigger_config: Optional[Dict[str, Any]] = None
+    actions: Optional[List[Dict[str, Any]]] = None
+    is_enabled: Optional[bool] = None
+
+
+class PlaybookRead(PlaybookBase):
+    """Schema for reading playbook data"""
+    id: int
+    tenant_id: int
+    created_by: int
+    created_at: datetime
+    updated_at: datetime
+
+    class Config:
+        from_attributes = True
+
+
+class PlaybookExecutionRead(BaseModel):
+    """Schema for playbook execution"""
+    id: int
+    playbook_id: int
+    tenant_id: int
+    status: str
+    started_at: datetime
+    completed_at: Optional[datetime]
+    result: Optional[Dict[str, Any]]
+    error_message: Optional[str]
+
+    class Config:
+        from_attributes = True

backend/app/schemas/report.py

@@ -0,0 +1,54 @@
+from pydantic import BaseModel
+from typing import Optional, Dict, Any
+from datetime import datetime
+
+
+class ReportTemplateBase(BaseModel):
+    """Base report template schema"""
+    name: str
+    description: Optional[str] = None
+    template_type: str
+    template_config: Dict[str, Any]
+    is_default: bool = False
+
+
+class ReportTemplateCreate(ReportTemplateBase):
+    """Schema for creating a report template"""
+    pass
+
+
+class ReportTemplateRead(ReportTemplateBase):
+    """Schema for reading report template data"""
+    id: int
+    tenant_id: int
+    created_by: int
+    created_at: datetime
+
+    class Config:
+        from_attributes = True
+
+
+class ReportBase(BaseModel):
+    """Base report schema"""
+    title: str
+    report_type: str
+    format: str
+
+
+class ReportCreate(ReportBase):
+    """Schema for creating a report"""
+    template_id: Optional[int] = None
+
+
+class ReportRead(ReportBase):
+    """Schema for reading report data"""
+    id: int
+    tenant_id: int
+    template_id: Optional[int]
+    file_path: Optional[str]
+    status: str
+    generated_by: int
+    generated_at: datetime
+
+    class Config:
+        from_attributes = True

backend/app/schemas/threat_score.py

@@ -0,0 +1,32 @@
+from pydantic import BaseModel
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+
+
+class ThreatScoreBase(BaseModel):
+    """Base threat score schema"""
+    score: float
+    confidence: float
+    threat_type: str
+    description: Optional[str] = None
+    indicators: Optional[List[Dict[str, Any]]] = None
+
+
+class ThreatScoreCreate(ThreatScoreBase):
+    """Schema for creating a threat score"""
+    host_id: Optional[int] = None
+    artifact_id: Optional[int] = None
+    ml_model_version: Optional[str] = None
+
+
+class ThreatScoreRead(ThreatScoreBase):
+    """Schema for reading threat score data"""
+    id: int
+    tenant_id: int
+    host_id: Optional[int]
+    artifact_id: Optional[int]
+    ml_model_version: Optional[str]
+    created_at: datetime
+
+    class Config:
+        from_attributes = True