Merge pull request #2209 from akto-api-security/feature/threat_ui_improvements

fixes

Author: ayushaga14

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/threat_detection/api.js

@@ -16,7 +16,7 @@ const threatDetectionRequests = {
         })
     },
 
-    fetchSuspectSampleData(skip, ips, apiCollectionIds, urls, types, sort, startTimestamp, endTimestamp, subCategory) {
+    fetchSuspectSampleData(skip, ips, apiCollectionIds, urls, types, sort, startTimestamp, endTimestamp) {
         return request({
             url: '/api/fetchSuspectSampleData',
             method: 'post',
@@ -28,8 +28,7 @@ const threatDetectionRequests = {
                 apiCollectionIds: apiCollectionIds,
                 sort: sort,
                 startTimestamp: startTimestamp,
-                endTimestamp: endTimestamp,
-                subCategory: subCategory
+                endTimestamp: endTimestamp
             }
         })
     },

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/threat_detection/components/SusDataTable.jsx

@@ -23,11 +23,6 @@ const headers = [
     value: "endpointComp",
     title: "Api Endpoint",
   },
-  {
-    text: "Subcategory",
-    value: "subCategory",
-    title: "Subcategory",
-  },
   {
     text: "Threat Actor",
     value: "actorComp",
@@ -85,7 +80,6 @@ function SusDataTable({ currDateRange, rowClicked }) {
   const collectionsMap = PersistStore((state) => state.collectionsMap);
   const threatFiltersMap = PersistStore((state) => state.threatFiltersMap);
 
-  const [subCategoryChoices, setSubCategoryChoices] = useState([]);
 
   async function fetchData(
     sortKey,
@@ -100,8 +94,7 @@ function SusDataTable({ currDateRange, rowClicked }) {
     let sourceIpsFilter = [],
       apiCollectionIdsFilter = [],
       matchingUrlFilter = [],
-      typeFilter = [],
-      subCategoryFilter = [];
+      typeFilter = [];
     if (filters?.actor) {
       sourceIpsFilter = filters?.actor;
     }
@@ -114,9 +107,6 @@ function SusDataTable({ currDateRange, rowClicked }) {
     if(filters?.type){
       typeFilter = filters?.type
     }
-    if(filters?.subCategory){
-      subCategoryFilter = filters?.subCategory
-    }
     const sort = { [sortKey]: sortOrder };
     const res = await api.fetchSuspectSampleData(
       skip,
@@ -126,25 +116,21 @@ function SusDataTable({ currDateRange, rowClicked }) {
       typeFilter,
       sort,
       startTimestamp,
-      endTimestamp,
-      subCategoryFilter
+      endTimestamp
     );
-    const distinctSubCategories = Array.from(new Set(res?.maliciousEvents.map((x) => x?.subCategory)));
-    setSubCategoryChoices(distinctSubCategories);
+//    setSubCategoryChoices(distinctSubCategories);
     let total = res.total;
     let ret = res?.maliciousEvents.map((x) => {
       const severity = threatFiltersMap[x?.filterId]?.severity || "HIGH"
       return {
         ...x,
         id: x.id,
-        subCategory: x?.subCategory,
         actorComp: x?.actor,
         endpointComp: (
           <GetPrettifyEndpoint maxWidth="300px" method={x.method} url={x.url} isNew={false} />
         ),
         apiCollectionName: collectionsMap[x.apiCollectionId] || "-",
-        discoveredTs: dayjs(x.timestamp).format("DD-MM-YYYY HH:mm:ss"),
-        subCategoryComp: x?.subCategory || "-",
+        discoveredTs: dayjs(x.timestamp*1000).format("DD-MM-YYYY HH:mm:ss"),
         sourceIPComponent: x?.ip || "-",
         type: x?.type || "-",
         severityComp: (<div className={`badge-wrapper-${severity}`}>
@@ -168,9 +154,6 @@ function SusDataTable({ currDateRange, rowClicked }) {
       return { label: x, value: x };
     });
 
-    let subCategoryChoices = res?.subCategory.map((x) => {
-      return { label: x, value: x };
-    });
 
     filters = [
       {
@@ -185,12 +168,6 @@ function SusDataTable({ currDateRange, rowClicked }) {
         title: "URL",
         choices: urlChoices,
       },
-      {
-        key: "subCategory",
-        label: "Subcategory",
-        title: "Subcategory",
-        choices: subCategoryChoices,
-      },
       {
         key: 'type',
         label: "Type",

apps/threat-detection-backend/src/main/java/com/akto/threat/backend/service/ThreatActorService.java

@@ -237,10 +237,10 @@ public DailyActorsCountResponse getDailyActorCounts(String accountId, long start
   public ThreatActivityTimelineResponse getThreatActivityTimeline(String accountId, long startTs, long endTs) {
 
         List<ThreatActivityTimelineResponse.ActivityTimeline> timeline = new ArrayList<>();
-        long sevenDaysInSeconds = TimeUnit.DAYS.toSeconds(7);
-        if (sevenDaysInSeconds < endTs - sevenDaysInSeconds) {
-            startTs = endTs - sevenDaysInSeconds;
-        }
+        // long sevenDaysInSeconds = TimeUnit.DAYS.toSeconds(7);
+        // if (startTs < endTs - sevenDaysInSeconds) {
+        //     startTs = endTs - sevenDaysInSeconds;
+        // }
         MongoCollection<Document> coll = this.mongoClient
             .getDatabase(accountId)
             .getCollection(MongoDBCollection.ThreatDetection.MALICIOUS_EVENTS, Document.class);
@@ -253,7 +253,7 @@ public ThreatActivityTimelineResponse getThreatActivityTimeline(String accountId
         // Stage 2: Project required fields and normalize timestamp to daily granularity
         new Document("$project", new Document("dayStart",
             new Document("$dateTrunc", new Document("date", 
-                new Document("$toDate", new Document("$multiply", Arrays.asList("$detectedAt", 1000))))
+                new Document("$toDate", new Document("$multiply", Arrays.asList("$detectedAt", 1000L))))
                     .append("unit", "day")))
             .append("subCategory", "$subCategory")),