version 0.4.0

backend/alembic/versions/a3b1c2d4e5f6_add_cases_and_activity_logs.py

@@ -0,0 +1,72 @@
+"""add cases and activity logs
+
+Revision ID: a3b1c2d4e5f6
+Revises: 98ab619418bc
+Create Date: 2025-01-01 00:00:00.000000
+"""
+from typing import Sequence, Union
+from alembic import op
+import sqlalchemy as sa
+
+revision: str = "a3b1c2d4e5f6"
+down_revision: Union[str, None] = "98ab619418bc"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "cases",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("title", sa.String(512), nullable=False),
+        sa.Column("description", sa.Text, nullable=True),
+        sa.Column("severity", sa.String(16), server_default="medium"),
+        sa.Column("tlp", sa.String(16), server_default="amber"),
+        sa.Column("pap", sa.String(16), server_default="amber"),
+        sa.Column("status", sa.String(24), server_default="open"),
+        sa.Column("priority", sa.Integer, server_default="2"),
+        sa.Column("assignee", sa.String(128), nullable=True),
+        sa.Column("tags", sa.JSON, nullable=True),
+        sa.Column("hunt_id", sa.String(32), sa.ForeignKey("hunts.id"), nullable=True),
+        sa.Column("owner_id", sa.String(32), sa.ForeignKey("users.id"), nullable=True),
+        sa.Column("mitre_techniques", sa.JSON, nullable=True),
+        sa.Column("iocs", sa.JSON, nullable=True),
+        sa.Column("started_at", sa.DateTime(timezone=True), nullable=True),
+        sa.Column("resolved_at", sa.DateTime(timezone=True), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
+    )
+    op.create_index("ix_cases_hunt", "cases", ["hunt_id"])
+    op.create_index("ix_cases_status", "cases", ["status"])
+
+    op.create_table(
+        "case_tasks",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("case_id", sa.String(32), sa.ForeignKey("cases.id", ondelete="CASCADE"), nullable=False),
+        sa.Column("title", sa.String(512), nullable=False),
+        sa.Column("description", sa.Text, nullable=True),
+        sa.Column("status", sa.String(24), server_default="todo"),
+        sa.Column("assignee", sa.String(128), nullable=True),
+        sa.Column("order", sa.Integer, server_default="0"),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+        sa.Column("updated_at", sa.DateTime(timezone=True), nullable=False),
+    )
+    op.create_index("ix_case_tasks_case", "case_tasks", ["case_id"])
+
+    op.create_table(
+        "activity_logs",
+        sa.Column("id", sa.Integer, primary_key=True, autoincrement=True),
+        sa.Column("entity_type", sa.String(32), nullable=False),
+        sa.Column("entity_id", sa.String(32), nullable=False),
+        sa.Column("action", sa.String(64), nullable=False),
+        sa.Column("details", sa.JSON, nullable=True),
+        sa.Column("user_id", sa.String(32), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False),
+    )
+    op.create_index("ix_activity_entity", "activity_logs", ["entity_type", "entity_id"])
+
+
+def downgrade() -> None:
+    op.drop_table("activity_logs")
+    op.drop_table("case_tasks")
+    op.drop_table("cases")

backend/alembic/versions/b4c2d3e5f6a7_add_alerts_and_alert_rules.py

@@ -0,0 +1,63 @@
+"""add alerts and alert_rules tables
+
+Revision ID: b4c2d3e5f6a7
+Revises: a3b1c2d4e5f6
+Create Date: 2025-01-01 00:00:00.000000
+"""
+from typing import Sequence, Union
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers
+revision: str = "b4c2d3e5f6a7"
+down_revision: Union[str, None] = "a3b1c2d4e5f6"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "alerts",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("title", sa.String(512), nullable=False),
+        sa.Column("description", sa.Text, nullable=True),
+        sa.Column("severity", sa.String(16), server_default="medium"),
+        sa.Column("status", sa.String(24), server_default="new"),
+        sa.Column("analyzer", sa.String(64), nullable=False),
+        sa.Column("score", sa.Float, server_default="0"),
+        sa.Column("evidence", sa.JSON, nullable=True),
+        sa.Column("mitre_technique", sa.String(32), nullable=True),
+        sa.Column("tags", sa.JSON, nullable=True),
+        sa.Column("hunt_id", sa.String(32), sa.ForeignKey("hunts.id"), nullable=True),
+        sa.Column("dataset_id", sa.String(32), sa.ForeignKey("datasets.id"), nullable=True),
+        sa.Column("case_id", sa.String(32), sa.ForeignKey("cases.id"), nullable=True),
+        sa.Column("assignee", sa.String(128), nullable=True),
+        sa.Column("acknowledged_at", sa.DateTime(timezone=True), nullable=True),
+        sa.Column("resolved_at", sa.DateTime(timezone=True), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+    )
+    op.create_index("ix_alerts_severity", "alerts", ["severity"])
+    op.create_index("ix_alerts_status", "alerts", ["status"])
+    op.create_index("ix_alerts_hunt", "alerts", ["hunt_id"])
+    op.create_index("ix_alerts_dataset", "alerts", ["dataset_id"])
+
+    op.create_table(
+        "alert_rules",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("name", sa.String(256), nullable=False),
+        sa.Column("description", sa.Text, nullable=True),
+        sa.Column("analyzer", sa.String(64), nullable=False),
+        sa.Column("config", sa.JSON, nullable=True),
+        sa.Column("severity_override", sa.String(16), nullable=True),
+        sa.Column("enabled", sa.Boolean, server_default=sa.text("1")),
+        sa.Column("hunt_id", sa.String(32), sa.ForeignKey("hunts.id"), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+    )
+    op.create_index("ix_alert_rules_analyzer", "alert_rules", ["analyzer"])
+
+
+def downgrade() -> None:
+    op.drop_table("alert_rules")
+    op.drop_table("alerts")

backend/alembic/versions/c5d3e4f6a7b8_add_notebooks_and_playbook_runs.py

@@ -0,0 +1,54 @@
+"""add notebooks and playbook_runs tables
+
+Revision ID: c5d3e4f6a7b8
+Revises: b4c2d3e5f6a7
+Create Date: 2025-01-01 00:00:00.000000
+"""
+from typing import Sequence, Union
+from alembic import op
+import sqlalchemy as sa
+
+revision: str = "c5d3e4f6a7b8"
+down_revision: Union[str, None] = "b4c2d3e5f6a7"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "notebooks",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("title", sa.String(512), nullable=False),
+        sa.Column("description", sa.Text, nullable=True),
+        sa.Column("cells", sa.JSON, nullable=True),
+        sa.Column("hunt_id", sa.String(32), sa.ForeignKey("hunts.id"), nullable=True),
+        sa.Column("case_id", sa.String(32), sa.ForeignKey("cases.id"), nullable=True),
+        sa.Column("owner_id", sa.String(32), sa.ForeignKey("users.id"), nullable=True),
+        sa.Column("tags", sa.JSON, nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+    )
+    op.create_index("ix_notebooks_hunt", "notebooks", ["hunt_id"])
+
+    op.create_table(
+        "playbook_runs",
+        sa.Column("id", sa.String(32), primary_key=True),
+        sa.Column("playbook_name", sa.String(256), nullable=False),
+        sa.Column("status", sa.String(24), server_default="in-progress"),
+        sa.Column("current_step", sa.Integer, server_default="1"),
+        sa.Column("total_steps", sa.Integer, server_default="0"),
+        sa.Column("step_results", sa.JSON, nullable=True),
+        sa.Column("hunt_id", sa.String(32), sa.ForeignKey("hunts.id"), nullable=True),
+        sa.Column("case_id", sa.String(32), sa.ForeignKey("cases.id"), nullable=True),
+        sa.Column("started_by", sa.String(128), nullable=True),
+        sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now()),
+        sa.Column("completed_at", sa.DateTime(timezone=True), nullable=True),
+    )
+    op.create_index("ix_playbook_runs_hunt", "playbook_runs", ["hunt_id"])
+    op.create_index("ix_playbook_runs_status", "playbook_runs", ["status"])
+
+
+def downgrade() -> None:
+    op.drop_table("playbook_runs")
+    op.drop_table("notebooks")