+ {% translate "Most recent reports" %}
{% if schedule.reports %}
{% translate "Scheduled Reports:" %}
diff --git a/rocky/reports/views/base.py b/rocky/reports/views/base.py
index 3eb27848bf7..bf35a17a2a9 100644
--- a/rocky/reports/views/base.py
+++ b/rocky/reports/views/base.py
@@ -550,6 +550,21 @@ def get_context_data(self, **kwargs):
class SaveReportView(BaseReportView, SchedulerView):
task_type = "report"
+ def get_query(self):
+ object_selection = self.request.POST.get("object_selection", "")
+ query = {}
+
+ if object_selection == "query":
+ query = {
+ "ooi_types": [t.__name__ for t in self.get_ooi_types()],
+ "scan_level": self.get_ooi_scan_levels(),
+ "scan_type": self.get_ooi_profile_types(),
+ "search_string": self.search_string,
+ "order_by": self.order_by,
+ "asc_desc": self.sorting_order,
+ }
+ return query
+
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
old_report_names = request.POST.getlist("old_report_name")
report_names = request.POST.getlist("report_name", [])
@@ -567,24 +582,12 @@ def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
elif self.is_scheduled_report():
report_name_format = request.POST.get("parent_report_name", "")
subreport_name_format = request.POST.get("child_report_name", "")
- object_selection = request.POST.get("object_selection", "")
form = ReportScheduleStartDateForm(request.POST)
if form.is_valid():
start_datetime = form.cleaned_data["start_datetime"]
recurrence = form.cleaned_data["recurrence"]
- query = {}
- if object_selection == "query":
- query = {
- "ooi_types": [t.__name__ for t in self.get_ooi_types()],
- "scan_level": self.get_ooi_scan_levels(),
- "scan_type": self.get_ooi_profile_types(),
- "search_string": self.search_string,
- "order_by": self.order_by,
- "asc_desc": self.sorting_order,
- }
-
parent_report_type = None
if self.report_type is not None:
parent_report_type = self.report_type.id
@@ -594,7 +597,7 @@ def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
schedule = self.convert_recurrence_to_cron_expressions(recurrence, start_datetime)
report_recipe = self.create_report_recipe(
- report_name_format, subreport_name_format, parent_report_type, schedule, query
+ report_name_format, subreport_name_format, parent_report_type, schedule, self.get_query()
)
self.create_report_schedule(report_recipe, start_datetime)
diff --git a/rocky/reports/views/report_overview.py b/rocky/reports/views/report_overview.py
index 341a1127d41..9b5a0c7cf53 100644
--- a/rocky/reports/views/report_overview.py
+++ b/rocky/reports/views/report_overview.py
@@ -80,7 +80,7 @@ def get_queryset(self) -> list[dict[str, Any]]:
"recipe": recipe_ooi,
"cron": schedule["schedule"],
"deadline_at": datetime.fromisoformat(schedule["deadline_at"]),
- "reports": report_oois,
+ "reports": report_oois[:5],
}
)
diff --git a/rocky/rocky/locale/django.pot b/rocky/rocky/locale/django.pot
index 01d345e0abc..32a97766577 100644
--- a/rocky/rocky/locale/django.pot
+++ b/rocky/rocky/locale/django.pot
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-03 20:02+0000\n"
+"POT-Creation-Date: 2025-01-08 15:41+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
@@ -353,7 +353,7 @@ msgid "Member type"
msgstr ""
#: account/templates/account_detail.html
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
+#: reports/report_types/findings_report/report.html
#: rocky/templates/tasks/normalizers.html
msgid "Organization"
msgstr ""
@@ -595,10 +595,129 @@ msgstr ""
msgid "Cancel"
msgstr ""
-#: crisis_room/views.py
+#: crisis_room/models.py
+msgid ""
+"Where on the dashboard do you want to show the data? Position 1 is the most "
+"top level and the max position is 16."
+msgstr ""
+
+#: crisis_room/models.py
+msgid "Will be displayed on the general crisis room, for all organizations."
+msgstr ""
+
+#: crisis_room/models.py
+msgid "Will be displayed on a single organization dashboard"
+msgstr ""
+
+#: crisis_room/models.py
+msgid "Will be displayed on the findings dashboard for all organizations"
+msgstr ""
+
+#: crisis_room/templates/crisis_room.html rocky/templates/403.html
+#: rocky/templates/404.html
+msgid "Crisis Room"
+msgstr ""
+
+#: crisis_room/templates/crisis_room.html
+msgid "Crisis Room overview for all organizations"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_dashboards.html
+msgid "Dashboards"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_dashboards.html
+msgid ""
+"\n"
+" On this page you can see an overview of the "
+"dashboards for all organizations.\n"
+" **More context can be written here**\n"
+" "
+msgstr ""
+
+#: crisis_room/templates/crisis_room_dashboards.html
+msgid "dashboards"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_dashboards.html
+msgid "There are no dashboards to display."
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
+#: reports/report_types/findings_report/report.html
+#: reports/templates/partials/report_findings_table.html
+#: reports/templates/partials/report_sidemenu.html
+msgid "Findings overview"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
+msgid ""
+"\n"
+" This overview shows the total number of findings "
+"per\n"
+" severity that have been identified for all "
+"organizations.\n"
+" "
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
+msgid "Findings per organization"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
msgid ""
-"Failed to get list of findings for organization {}, check server logs for "
-"more details."
+"\n"
+" This table shows the findings that have been "
+"identiefied for each organization,\n"
+" sorted by the finding types and grouped by "
+"organizations.\n"
+" "
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
+msgid ""
+"\n"
+" No findings have been identified yet. As soon as they have "
+"been\n"
+" identified, they will be shown on this page.\n"
+" "
+msgstr ""
+
+#: crisis_room/templates/crisis_room_findings.html
+msgid ""
+"\n"
+" There are no organizations yet. After creating an organization,\n"
+" the identified findings with severity 'critical' and 'high' will "
+"be shown here.\n"
+" "
+msgstr ""
+
+#: crisis_room/templates/crisis_room_header.html
+msgid "Crisis Room Navigation"
+msgstr ""
+
+#: crisis_room/templates/crisis_room_header.html
+#: reports/report_types/aggregate_organisation_report/report.html
+#: reports/report_types/aggregate_organisation_report/system_specific.html
+#: reports/report_types/findings_report/report.html
+#: reports/report_types/mail_report/report.html
+#: reports/report_types/multi_organization_report/report.html
+#: reports/report_types/name_server_report/report.html
+#: reports/report_types/tls_report/report.html
+#: reports/report_types/vulnerability_report/report.html
+#: reports/report_types/web_system_report/report.html
+#: reports/templates/partials/report_findings_table.html
+#: reports/templates/partials/report_sidemenu.html
+#: rocky/templates/dashboard_client.html rocky/templates/dashboard_redteam.html
+#: rocky/templates/header.html
+#: rocky/templates/oois/ooi_detail_findings_list.html
+#: rocky/templates/oois/ooi_detail_findings_overview.html
+#: rocky/templates/oois/ooi_page_tabs.html
+#: rocky/templates/partials/ooi_report_findings_block.html
+#: rocky/templates/partials/ooi_report_findings_block_table.html
+#: rocky/views/finding_list.py rocky/views/finding_type_add.py
+#: rocky/views/ooi_view.py
+msgid "Findings"
msgstr ""
#: katalogus/client.py
@@ -921,8 +1040,8 @@ msgstr ""
#: katalogus/templates/normalizer_detail.html
#: reports/report_types/aggregate_organisation_report/appendix.html
#: reports/report_types/dns_report/report.html
-#: reports/report_types/findings_report/report.html
#: reports/report_types/vulnerability_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/summary/report_asset_overview.html tools/forms/boefje.py
#: tools/forms/finding_type.py rocky/templates/oois/ooi_detail.html
#: rocky/templates/oois/ooi_detail_findings_list.html rocky/templates/scan.html
@@ -1250,9 +1369,9 @@ msgstr ""
#: reports/report_types/dns_report/report.html
#: reports/report_types/findings_report/report.html
#: reports/report_types/vulnerability_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/report_overview/scheduled_reports_table.html
#: reports/templates/summary/selected_plugins.html
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
#: rocky/templates/findings/finding_list.html
#: rocky/templates/organizations/organization_crisis_room.html
#: rocky/templates/tasks/boefjes.html rocky/templates/tasks/normalizers.html
@@ -1265,9 +1384,9 @@ msgstr ""
#: reports/report_types/dns_report/report.html
#: reports/report_types/findings_report/report.html
#: reports/report_types/vulnerability_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/report_overview/scheduled_reports_table.html
#: reports/templates/summary/selected_plugins.html
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
#: rocky/templates/findings/finding_list.html
#: rocky/templates/organizations/organization_crisis_room.html
#: rocky/templates/tasks/boefjes.html rocky/templates/tasks/normalizers.html
@@ -2772,6 +2891,15 @@ msgstr ""
msgid "No CVEs have been found."
msgstr ""
+#: reports/report_types/aggregate_organisation_report/report.html
+msgid ""
+"\n"
+" This chapter contains information about the "
+"findings that have been identified\n"
+" for this organization.\n"
+" "
+msgstr ""
+
#: reports/report_types/aggregate_organisation_report/report.py
msgid "Aggregate Organisation Report"
msgstr ""
@@ -2857,27 +2985,6 @@ msgstr ""
msgid "Host:"
msgstr ""
-#: reports/report_types/aggregate_organisation_report/system_specific.html
-#: reports/report_types/findings_report/report.html
-#: reports/report_types/mail_report/report.html
-#: reports/report_types/name_server_report/report.html
-#: reports/report_types/tls_report/report.html
-#: reports/report_types/vulnerability_report/report.html
-#: reports/report_types/web_system_report/report.html
-#: reports/templates/partials/report_severity_totals_table.html
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-#: rocky/templates/dashboard_client.html rocky/templates/dashboard_redteam.html
-#: rocky/templates/header.html
-#: rocky/templates/oois/ooi_detail_findings_list.html
-#: rocky/templates/oois/ooi_detail_findings_overview.html
-#: rocky/templates/oois/ooi_page_tabs.html
-#: rocky/templates/partials/ooi_report_findings_block.html
-#: rocky/templates/partials/ooi_report_findings_block_table.html
-#: rocky/views/finding_list.py rocky/views/finding_type_add.py
-#: rocky/views/ooi_view.py
-msgid "Findings"
-msgstr ""
-
#: reports/report_types/aggregate_organisation_report/system_specific.html
#: reports/report_types/mail_report/report.html
#: reports/report_types/name_server_report/report.html
@@ -2888,13 +2995,13 @@ msgid "Compliance issue"
msgstr ""
#: reports/report_types/aggregate_organisation_report/system_specific.html
-#: reports/report_types/findings_report/report.html
#: reports/report_types/mail_report/report.html
#: reports/report_types/name_server_report/report.html
#: reports/report_types/rpki_report/report.html
#: reports/report_types/safe_connections_report/report.html
#: reports/report_types/vulnerability_report/report.html
#: reports/report_types/web_system_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/partials/report_severity_totals_table.html
#: rocky/templates/partials/ooi_report_findings_block_table.html
#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
@@ -3034,7 +3141,7 @@ msgid "No"
msgstr ""
#: reports/report_types/dns_report/report.html
-#: reports/report_types/findings_report/report.html
+#: reports/templates/partials/report_findings_table.html
msgid "Other findings found"
msgstr ""
@@ -3048,7 +3155,7 @@ msgid "Severity"
msgstr ""
#: reports/report_types/dns_report/report.html
-#: reports/report_types/findings_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: rocky/templates/findings/finding_add.html
#: rocky/templates/findings/finding_list.html
#: rocky/templates/organizations/organization_crisis_room.html
@@ -3059,8 +3166,8 @@ msgstr ""
#: reports/report_types/dns_report/report.html
#: reports/report_types/findings_report/report.html
#: reports/report_types/vulnerability_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/summary/selected_plugins.html
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
#: rocky/templates/findings/finding_list.html
#: rocky/templates/organizations/organization_crisis_room.html
#: rocky/templates/partials/ooi_report_findings_block_table.html
@@ -3077,6 +3184,7 @@ msgstr ""
#: reports/report_types/dns_report/report.html
#: reports/report_types/findings_report/report.html
#: reports/report_types/vulnerability_report/report.html
+#: reports/templates/partials/report_findings_table.html
#: reports/templates/partials/report_severity_totals_table.html
#: rocky/templates/oois/ooi_detail_findings_overview.html
#: rocky/templates/partials/ooi_report_findings_block_table.html
@@ -3092,38 +3200,58 @@ msgstr ""
#: reports/report_types/findings_report/report.html
msgid ""
-"The Findings Report provides an overview of the identified findings on the "
-"scanned systems. For each finding it shows the risk level and the number of "
-"occurrences of the finding. Under the 'Details' section a description, "
-"impact, recommendation and location of the finding can be found. The risk "
-"level may be different for your specific environment."
+"The Findings Report contains information about the findings that have been "
+"identified for the selected asset and organization."
msgstr ""
#: reports/report_types/findings_report/report.html
-#: reports/report_types/vulnerability_report/report.py
-#: rocky/templates/oois/ooi_detail_origins_inference.html
-#: rocky/templates/oois/ooi_detail_origins_observations.html
-#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
-msgid "Source"
+msgid "Findings per organization overview"
msgstr ""
#: reports/report_types/findings_report/report.html
-msgid "Impact"
+#: reports/templates/partials/report_findings_table.html
+#: reports/templates/partials/report_severity_totals_table.html
+#: tools/forms/finding_type.py
+msgid "Finding types"
msgstr ""
#: reports/report_types/findings_report/report.html
-#: reports/report_types/multi_organization_report/recommendations.html
-msgid "Recommendation"
+msgid "Highest risk level"
msgstr ""
#: reports/report_types/findings_report/report.html
-#: reports/report_types/vulnerability_report/report.py
-msgid "First seen"
+msgid "Critical finding types"
msgstr ""
#: reports/report_types/findings_report/report.html
-#: rocky/templates/organizations/organization_crisis_room.html
-msgid "No findings have been identified yet."
+msgid ""
+"This overview shows the total number of findings per severity that have been "
+"identified for this organization."
+msgstr ""
+
+#: reports/report_types/findings_report/report.html
+msgid "Critical and high findings"
+msgstr ""
+
+#: reports/report_types/findings_report/report.html
+msgid ""
+"\n"
+" This table shows the top 25 "
+"critical and high findings that have\n"
+" been identified for this "
+"organization, grouped by finding types.\n"
+" A table with all the "
+"identified findings can be found in the Findings Report.\n"
+" "
+msgstr ""
+
+#: reports/report_types/findings_report/report.html
+msgid "View findings report"
+msgstr ""
+
+#: reports/report_types/findings_report/report.html
+#: reports/templates/report_overview/scheduled_reports_table.html
+msgid "Edit report recipe"
msgstr ""
#: reports/report_types/findings_report/report.py
@@ -3350,11 +3478,21 @@ msgstr ""
msgid "Overview of recommendations"
msgstr ""
+#: reports/report_types/multi_organization_report/recommendations.html
+#: reports/templates/partials/report_findings_table.html
+msgid "Recommendation"
+msgstr ""
+
#: reports/report_types/multi_organization_report/recommendations.html
#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
msgid "Occurrence"
msgstr ""
+#: reports/report_types/multi_organization_report/report.html
+#: rocky/templates/organizations/organization_crisis_room.html
+msgid "No findings have been identified yet."
+msgstr ""
+
#: reports/report_types/multi_organization_report/report.py
msgid "Multi Organization Report"
msgstr ""
@@ -3641,6 +3779,18 @@ msgstr ""
msgid "Vulnerabilities found are grouped for each system."
msgstr ""
+#: reports/report_types/vulnerability_report/report.py
+#: reports/templates/partials/report_findings_table.html
+#: rocky/templates/oois/ooi_detail_origins_inference.html
+#: rocky/templates/oois/ooi_detail_origins_observations.html
+#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
+msgid "Source"
+msgstr ""
+
+#: reports/report_types/vulnerability_report/report.py
+msgid "First seen"
+msgstr ""
+
#: reports/report_types/vulnerability_report/report.py
msgid "Last seen"
msgstr ""
@@ -3785,6 +3935,43 @@ msgstr ""
msgid "Ready"
msgstr ""
+#: reports/templates/partials/report_findings_table.html
+msgid ""
+"\n"
+" This table provides an overview of the identified findings on "
+"the scanned\n"
+" systems. For each finding type it shows the risk level, the "
+"number of occurrences\n"
+" and the first known occurrence of the finding. The risk level "
+"may be different for your specific environment.\n"
+" The details can be seen when expanding a row. A description, the "
+"source, impact and recommendation of the finding\n"
+" can be found here. It also shows in which findings the finding "
+"type occurred.\n"
+" "
+msgstr ""
+
+#: reports/templates/partials/report_findings_table.html
+msgid "First known occurrence"
+msgstr ""
+
+#: reports/templates/partials/report_findings_table.html
+msgid "Open in report"
+msgstr ""
+
+#: reports/templates/partials/report_findings_table.html
+msgid "Impact"
+msgstr ""
+
+#: reports/templates/partials/report_findings_table.html
+msgid ""
+"No critical and high findings have been identified for this organization."
+msgstr ""
+
+#: reports/templates/partials/report_findings_table.html
+msgid "No findings have been identified for this organization."
+msgstr ""
+
#: reports/templates/partials/report_header.html
msgid ""
"All selected report types for the selected objects are displayed one below "
@@ -4072,9 +4259,12 @@ msgstr ""
msgid "Enable plugins and continue"
msgstr ""
-#: reports/templates/partials/report_severity_totals.html
#: reports/templates/partials/report_severity_totals_table.html
-msgid "Findings overview"
+msgid ""
+"\n"
+" This overview shows the total number of findings per\n"
+" severity that have been identified for this organization.\n"
+" "
msgstr ""
#: reports/templates/partials/report_severity_totals_table.html
@@ -4327,6 +4517,10 @@ msgstr ""
msgid "Schedule status"
msgstr ""
+#: reports/templates/report_overview/scheduled_reports_table.html
+msgid "Most recent reports"
+msgstr ""
+
#: reports/templates/report_overview/scheduled_reports_table.html
msgid "Scheduled Reports:"
msgstr ""
@@ -4343,10 +4537,6 @@ msgstr ""
msgid "objects"
msgstr ""
-#: reports/templates/report_overview/scheduled_reports_table.html
-msgid "Edit report recipe"
-msgstr ""
-
#: reports/templates/report_overview/scheduled_reports_table.html
msgid "Enable schedule"
msgstr ""
@@ -4705,10 +4895,6 @@ msgstr ""
msgid "Click to select one of the available options"
msgstr ""
-#: tools/forms/finding_type.py
-msgid "Finding types"
-msgstr ""
-
#: tools/forms/finding_type.py
#: rocky/templates/partials/finding_occurrence_definition_list.html
msgid "Proof"
@@ -5232,11 +5418,6 @@ msgstr ""
msgid "You may want to go back to the"
msgstr ""
-#: rocky/templates/403.html rocky/templates/404.html
-#: rocky/templates/crisis_room/crisis_room.html
-msgid "Crisis Room"
-msgstr ""
-
#: rocky/templates/404.html
msgid "Error code 404: Page not found"
msgstr ""
@@ -5371,41 +5552,6 @@ msgstr ""
msgid "Popup closing…"
msgstr ""
-#: rocky/templates/crisis_room/crisis_room.html
-msgid ""
-"An overview of all (critical) findings OpenKAT found. Check the detail "
-"section for additional severity information."
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid "Total findings"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid "Total Findings"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid " Finding Details"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-#: rocky/templates/organizations/organization_list.html
-msgid "There were no organizations found for your user account"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid "Top critical organizations"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid "Critical findings"
-msgstr ""
-
-#: rocky/templates/crisis_room/crisis_room_findings_block.html
-msgid "Critical Findings"
-msgstr ""
-
#: rocky/templates/dashboard_client.html rocky/templates/dashboard_redteam.html
#: rocky/templates/header.html
msgid "Close menu"
@@ -6144,6 +6290,10 @@ msgstr ""
msgid "Tags"
msgstr ""
+#: rocky/templates/organizations/organization_list.html
+msgid "There were no organizations found for your user account"
+msgstr ""
+
#: rocky/templates/organizations/organization_list.html
msgid "Actions to perform for all of your organizations."
msgstr ""
diff --git a/rocky/rocky/scheduler.py b/rocky/rocky/scheduler.py
index 447b67d03b0..c0526231fec 100644
--- a/rocky/rocky/scheduler.py
+++ b/rocky/rocky/scheduler.py
@@ -3,6 +3,7 @@
import collections
import datetime
import logging
+import time
import uuid
from enum import Enum
from functools import cached_property
@@ -168,6 +169,17 @@ class ScheduleResponse(BaseModel):
modified_at: datetime.datetime
+class SchedulerResponse(BaseModel):
+ id: str
+ enabled: bool
+ priority_queue: dict[str, Any]
+ last_activity: str | None
+
+
+class SchedulerNoResponse(BaseModel):
+ detail: str
+
+
class Queue(BaseModel):
id: str
size: int
@@ -287,6 +299,23 @@ def get_schedule_details(self, schedule_id: str) -> ScheduleResponse:
except ConnectError:
raise SchedulerConnectError()
+ def is_scheduler_ready(self, scheduler_id: str) -> bool:
+ """Max trails is 1 minute, 10 x 10 seconds"""
+ trials = 0
+ interval = 10 # in seconds
+ while trials < 10:
+ try:
+ res = self._client.get(f"/schedulers/{scheduler_id}")
+ res.raise_for_status()
+ break
+ except HTTPStatusError as http_error:
+ if http_error.response.status_code == codes.NOT_FOUND:
+ trials += 1
+ time.sleep(interval)
+ continue
+ raise SchedulerHTTPError()
+ return SchedulerResponse.model_validate_json(res.content).enabled
+
def post_schedule_search(self, filters: dict[str, list[dict[str, str]]]) -> PaginatedSchedulesResponse:
try:
res = self._client.post("/schedules/search", json=filters)
diff --git a/rocky/rocky/templates/crisis_room/crisis_room.html b/rocky/rocky/templates/crisis_room/crisis_room.html
deleted file mode 100644
index f08a8efcccf..00000000000
--- a/rocky/rocky/templates/crisis_room/crisis_room.html
+++ /dev/null
@@ -1,27 +0,0 @@
-{% extends "layouts/base.html" %}
-
-{% load i18n %}
-{% load static %}
-
-{% block content %}
- {% include "header.html" %}
-
-
-
-
- {% translate "Crisis Room" %} @ {{ observed_at|date:'M d, Y' }}
-
- {% translate "An overview of all (critical) findings OpenKAT found. Check the detail section for additional severity information." %}
-
-
- {% include "partials/elements/ooi_report_settings.html" %}
-
-
-
- {% include "crisis_room/crisis_room_findings_block.html" %}
-
-
-{% endblock content %}
diff --git a/rocky/rocky/templates/crisis_room/crisis_room_findings_block.html b/rocky/rocky/templates/crisis_room/crisis_room_findings_block.html
deleted file mode 100644
index 2beecb9e82c..00000000000
--- a/rocky/rocky/templates/crisis_room/crisis_room_findings_block.html
+++ /dev/null
@@ -1,134 +0,0 @@
-{% load i18n %}
-
-
-
-
- {% translate "Total findings" %}
- {% if organizations %}
-
- {% else %}
- {% translate "There were no organizations found for your user account" %}.
- {% endif %}
-
-
- {% if perms.tools.view_organization %}
- {% translate "Top critical organizations" %}
- {% else %}
- {% translate "Critical findings" %}
- {% endif %}
-
-
-
+ {{ member }}
{% translate "Crisis room" %} {{ organization.name }} @ {{ observed_at|date:'M d, Y' }}
{% if not indemnification_present %}
{% translate "Crisis room" %} {{ organization.name }} @ {{ observed_at|date:
{% translate "An overview of the top 10 most severe findings OpenKAT found. Check the detail section for additional severity information." %}
+ {{ recipe_form_fields }}
{% translate "Top 10 most severe Findings" %}
{% if object_list %}
{% translate "Object list" as filter_title %}
diff --git a/rocky/tests/conftest.py b/rocky/tests/conftest.py
index c11aea4b237..113b3ac1867 100644
--- a/rocky/tests/conftest.py
+++ b/rocky/tests/conftest.py
@@ -10,6 +10,7 @@
import pytest
import structlog
+from crisis_room.models import Dashboard, DashboardData
from django.conf import settings
from django.contrib.auth.models import Group, Permission
from django.contrib.messages.middleware import MessageMiddleware
@@ -2411,3 +2412,283 @@ def aggregate_report_with_sub_reports():
],
)
return aggregate_report
+
+
+@pytest.fixture
+def dashboard_data(client_member, client_member_b):
+ recipe_id_a = "ReportRecipe|7ebcdb32-e7f2-4c2d-840a-d7b8e6b37616"
+ recipe_id_b = "ReportRecipe|c41bbf9a-7102-4b6b-b256-b3036e106316"
+
+ dashboard_a = Dashboard.objects.create(
+ name="Crisis Room Findings Dashboard", organization=client_member.organization
+ )
+ dashboard_data_a = DashboardData.objects.create(dashboard=dashboard_a, recipe=recipe_id_a, findings_dashboard=True)
+
+ dashboard_b = Dashboard.objects.create(
+ name="Crisis Room Findings Dashboard", organization=client_member_b.organization
+ )
+ dashboard_data_b = DashboardData.objects.create(dashboard=dashboard_b, recipe=recipe_id_b, findings_dashboard=True)
+
+ return [dashboard_data_a, dashboard_data_b]
+
+
+@pytest.fixture
+def findings_reports(client_member, client_member_b):
+ bytes_raw_id_a = "62258c3d-89b2-4fde-a2e0-d78715a174e6"
+ bytes_raw_id_b = "1b887350-0afb-4786-b587-4323cd8e4180"
+
+ recipe_id_a = "ReportRecipe|7ebcdb32-e7f2-4c2d-840a-d7b8e6b37616"
+ recipe_id_b = "ReportRecipe|c41bbf9a-7102-4b6b-b256-b3036e106316"
+
+ report_a = Report(
+ object_type="Report",
+ scan_profile=None,
+ user_id=None,
+ primary_key="Report|9a0fd1f4-ba2b-4800-ade8-7f17f099e179",
+ name="Crisis Room Aggregate Report",
+ report_type="aggregate-organisation-report",
+ template="aggregate_organisation_report/report.html",
+ date_generated=datetime(2024, 12, 23, 12, 0, 32, 730678),
+ input_oois=["Hostname|internet|mispo.es"],
+ report_id=UUID("9a0fd1f4-ba2b-4800-ade8-7f17f099e179"),
+ organization_code=client_member.organization.code,
+ organization_name=client_member.organization.name,
+ organization_tags=[],
+ data_raw_id=bytes_raw_id_a,
+ observed_at=datetime(2024, 12, 23, 12, 0, 32, 53194),
+ parent_report=None,
+ report_recipe=Reference(recipe_id_a),
+ has_parent=False,
+ )
+
+ report_b = Report(
+ object_type="Report",
+ scan_profile=None,
+ user_id=None,
+ primary_key="Report|2b871ed0-44e5-4375-85af-4a1cf44145f7",
+ name="Crisis Room Aggregate Report",
+ report_type="aggregate-organisation-report",
+ template="aggregate_organisation_report/report.html",
+ date_generated=datetime(2024, 12, 23, 11, 0, 32, 447950),
+ input_oois=["Hostname|internet|mispo.es"],
+ report_id=UUID("2b871ed0-44e5-4375-85af-4a1cf44145f7"),
+ organization_code=client_member_b.organization.code,
+ organization_name=client_member_b.organization.name,
+ organization_tags=[],
+ data_raw_id=bytes_raw_id_b,
+ observed_at=datetime(2024, 12, 23, 11, 0, 31, 602127),
+ parent_report=None,
+ report_recipe=Reference(recipe_id_b),
+ has_parent=False,
+ )
+
+ return [report_a, report_b]
+
+
+@pytest.fixture
+def findings_report_bytes_data():
+ report_data_a = {
+ "systems": {"services": {}},
+ "services": {},
+ "recommendations": [],
+ "recommendation_counts": {},
+ "open_ports": {},
+ "ipv6": {},
+ "vulnerabilities": {},
+ "findings": {
+ "finding_types": [],
+ "summary": {
+ "total_by_severity_per_finding_type": {
+ "critical": 0,
+ "high": 0,
+ "medium": 3,
+ "low": 1,
+ "recommendation": 0,
+ "pending": 0,
+ "unknown": 0,
+ },
+ "total_by_severity": {
+ "critical": 0,
+ "high": 0,
+ "medium": 4,
+ "low": 3,
+ "recommendation": 0,
+ "pending": 0,
+ "unknown": 0,
+ },
+ "total_finding_types": 4,
+ "total_occurrences": 7,
+ },
+ },
+ "basic_security": {
+ "rpki": {},
+ "system_specific": {"Mail": [], "Web": [], "DNS": []},
+ "safe_connections": {},
+ "summary": {},
+ },
+ "summary": {"critical_vulnerabilities": 0, "ips_scanned": 0, "hostnames_scanned": 0, "terms_in_report": ""},
+ "total_findings": 0,
+ "total_systems": 0,
+ "total_hostnames": 0,
+ "total_systems_basic_security": 0,
+ "health": [
+ {"service": "rocky", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "octopoes", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {
+ "service": "xtdb",
+ "healthy": True,
+ "version": "1.24.4",
+ "additional": {
+ "version": "1.24.4",
+ "revision": "b46e92df67699cb25f3b21a61742c79da564b3b0",
+ "indexVersion": 22,
+ "consumerState": None,
+ "kvStore": "xtdb.rocksdb.RocksKv",
+ "estimateNumKeys": 56338,
+ "size": 93781419,
+ },
+ "results": [],
+ },
+ {
+ "service": "katalogus",
+ "healthy": True,
+ "version": "0.0.1-development",
+ "additional": None,
+ "results": [],
+ },
+ {"service": "scheduler", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "bytes", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "keiko", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ ],
+ "config_oois": [],
+ "input_data": {
+ "input_oois": ["Hostname|internet|mispo.es"],
+ "report_types": ["systems-report", "findings-report"],
+ "plugins": {
+ "required": [
+ "nmap",
+ "webpage-analysis",
+ "ssl-certificates",
+ "nmap-udp",
+ "ssl-version",
+ "testssl-sh-ciphers",
+ "dns-records",
+ ],
+ "optional": ["leakix", "snyk", "service_banner", "shodan"],
+ },
+ },
+ }
+
+ report_data_b = {
+ "systems": {"services": {}},
+ "services": {},
+ "recommendations": [],
+ "recommendation_counts": {},
+ "open_ports": {},
+ "ipv6": {},
+ "vulnerabilities": {},
+ "findings": {
+ "finding_types": [],
+ "summary": {
+ "total_by_severity_per_finding_type": {
+ "critical": 1,
+ "high": 2,
+ "medium": 4,
+ "low": 2,
+ "recommendation": 1,
+ "pending": 1,
+ "unknown": 1,
+ },
+ "total_by_severity": {
+ "critical": 3,
+ "high": 3,
+ "medium": 5,
+ "low": 3,
+ "recommendation": 1,
+ "pending": 1,
+ "unknown": 1,
+ },
+ "total_finding_types": 12,
+ "total_occurrences": 17,
+ },
+ },
+ "basic_security": {
+ "rpki": {},
+ "system_specific": {"Mail": [], "Web": [], "DNS": []},
+ "safe_connections": {},
+ "summary": {},
+ },
+ "summary": {"critical_vulnerabilities": 0, "ips_scanned": 0, "hostnames_scanned": 0, "terms_in_report": ""},
+ "total_findings": 0,
+ "total_systems": 0,
+ "total_hostnames": 0,
+ "total_systems_basic_security": 0,
+ "health": [
+ {"service": "rocky", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "octopoes", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {
+ "service": "xtdb",
+ "healthy": True,
+ "version": "1.24.4",
+ "additional": {
+ "version": "1.24.4",
+ "revision": "b46e92df67699cb25f3b21a61742c79da564b3b0",
+ "indexVersion": 22,
+ "consumerState": None,
+ "kvStore": "xtdb.rocksdb.RocksKv",
+ "estimateNumKeys": 54693,
+ "size": 91850532,
+ },
+ "results": [],
+ },
+ {
+ "service": "katalogus",
+ "healthy": True,
+ "version": "0.0.1-development",
+ "additional": None,
+ "results": [],
+ },
+ {"service": "scheduler", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "bytes", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ {"service": "keiko", "healthy": True, "version": "0.0.1.dev1", "additional": None, "results": []},
+ ],
+ "config_oois": [],
+ "input_data": {
+ "input_oois": ["Hostname|internet|mispo.es"],
+ "report_types": ["systems-report", "findings-report"],
+ "plugins": {
+ "required": [
+ "nmap",
+ "webpage-analysis",
+ "ssl-certificates",
+ "nmap-udp",
+ "ssl-version",
+ "testssl-sh-ciphers",
+ "dns-records",
+ ],
+ "optional": ["leakix", "snyk", "service_banner", "shodan"],
+ },
+ },
+ }
+ return [report_data_a, report_data_b]
+
+
+@pytest.fixture
+def findings_dashboard_mock_data(dashboard_data, findings_reports, findings_report_bytes_data):
+ dashboard_data_a = dashboard_data[0]
+ dashboard_data_b = dashboard_data[1]
+
+ report_a = findings_reports[0]
+ report_b = findings_reports[1]
+
+ report_data_a = findings_report_bytes_data[0]
+ report_data_b = findings_report_bytes_data[1]
+
+ return {
+ dashboard_data_a.dashboard.organization: {
+ dashboard_data_a: {"report": report_a, "report_data": report_data_a, "highest_risk_level": "medium"}
+ },
+ dashboard_data_b.dashboard.organization: {
+ dashboard_data_b: {"report": report_b, "report_data": report_data_b, "highest_risk_level": "medium"}
+ },
+ }
diff --git a/rocky/tests/test_crisis_room.py b/rocky/tests/test_crisis_room.py
deleted file mode 100644
index 94e9b8f577a..00000000000
--- a/rocky/tests/test_crisis_room.py
+++ /dev/null
@@ -1,69 +0,0 @@
-from crisis_room.views import CrisisRoomView, OrganizationFindingCountPerSeverity
-from django.urls import resolve, reverse
-from pytest_django.asserts import assertContains
-
-from octopoes.connector import ConnectorException
-from tests.conftest import setup_request
-
-
-def test_crisis_room(rf, client_member, mock_crisis_room_octopoes):
- request = setup_request(rf.get("crisis_room"), client_member.user)
- request.resolver_match = resolve(reverse("crisis_room"))
-
- mock_crisis_room_octopoes().count_findings_by_severity.return_value = {"medium": 1, "critical": 0}
-
- response = CrisisRoomView.as_view()(request)
-
- assert response.status_code == 200
-
- assertContains(response, ' 1', html=True)
- assertContains(response, " 0", html=True)
-
- assert mock_crisis_room_octopoes().count_findings_by_severity.call_count == 1
-
-
-def test_crisis_room_observed_at(rf, client_member, mock_crisis_room_octopoes):
- request = setup_request(rf.get("crisis_room", {"observed_at": "2021-01-01"}), client_member.user)
- request.resolver_match = resolve(reverse("crisis_room"))
- response = CrisisRoomView.as_view()(request)
- assert response.status_code == 200
- assertContains(response, "Jan 01, 2021") # Next to title crisis room
- assertContains(response, "2021-01-01") # Date Widget
-
-
-def test_crisis_room_observed_at_bad_format(rf, client_member, mock_crisis_room_octopoes):
- request = setup_request(rf.get("crisis_room", {"observed_at": "2021-bad-format"}), client_member.user)
- request.resolver_match = resolve(reverse("crisis_room"))
- response = CrisisRoomView.as_view()(request)
- assert response.status_code == 200
- assertContains(response, "Can not parse date, falling back to show current date.")
- assertContains(response, "Enter a valid date.")
-
-
-def test_org_finding_count_total():
- assert OrganizationFindingCountPerSeverity("dev", "_dev", {"medium": 1, "low": 2}).total == 3
-
-
-def test_crisis_room_error(rf, client_user_two_organizations, mock_crisis_room_octopoes):
- request = setup_request(rf.get("crisis_room"), client_user_two_organizations)
- request.resolver_match = resolve(reverse("crisis_room"))
-
- mock_crisis_room_octopoes().count_findings_by_severity.side_effect = [
- {"medium": 1, "critical": 0},
- ConnectorException("error"),
- ]
-
- response = CrisisRoomView.as_view()(request)
-
- assert response.status_code == 200
-
- assertContains(response, ' 1', html=True)
- assertContains(response, " 0", html=True)
-
- messages = list(request._messages)
- assert (
- messages[0].message
- == "Failed to get list of findings for organization org_b, check server logs for more details."
- )
-
- assert mock_crisis_room_octopoes().count_findings_by_severity.call_count == 2
diff --git a/rocky/tests/test_dashboard.py b/rocky/tests/test_dashboard.py
new file mode 100644
index 00000000000..bdbc71314ef
--- /dev/null
+++ b/rocky/tests/test_dashboard.py
@@ -0,0 +1,140 @@
+import json
+
+from crisis_room.views import CrisisRoom, DashboardService
+from pytest_django.asserts import assertContains
+
+from tests.conftest import setup_request
+
+
+def test_crisis_room_findings_dashboard(rf, mocker, client_member, findings_dashboard_mock_data):
+ """Test if the view is visible and if data is shown in the tables."""
+ dashboard_service = mocker.patch("crisis_room.views.DashboardService")()
+ dashboard_service.collect_findings_dashboard.return_value = findings_dashboard_mock_data
+ summary = dashboard_service.get_organizations_findings_summary.side_effect = (
+ DashboardService().get_organizations_findings_summary
+ )
+ summary(findings_dashboard_mock_data)
+
+ request = setup_request(rf.get("crisis_room"), client_member.user)
+ response = CrisisRoom.as_view()(request)
+
+ assert response.status_code == 200
+ # View should show the 'Findings overview' for all organizations
+ assertContains(response, " Findings overview", html=True)
+ assertContains(response, ' Total per severity overview', html=True)
+ assertContains(
+ response,
+ ' | Critical | 1 | 3 | ',
+ html=True,
+ )
+ assertContains(response, ' | Total | 16 | 24 | ', html=True)
+
+ # View should also show the 'Findings for all orgniazations' table for all organizations
+ assertContains(response, " Findings per organization", html=True)
+ assertContains(response, ' Findings per organization overview', html=True)
+
+ assertContains(response, ' Test Organization | ', html=True)
+ assertContains(response, " Findings overview", html=True)
+ assertContains(response, ' Total | 4 | 7 | ', html=True)
+
+ assertContains(response, ' OrganizationB | ', html=True)
+ assertContains(response, ' Total | 12 | 17 | ', html=True)
+ assertContains(
+ response, " No critical and high findings have been identified for this organization. ", html=True
+ )
+
+
+def test_get_organizations_findings_summary(findings_dashboard_mock_data):
+ """Test if summary has counted the results of both reports correctly."""
+ dashboard_service = DashboardService()
+ summary_results = dashboard_service.get_organizations_findings_summary(findings_dashboard_mock_data)
+
+ assert summary_results["total_by_severity_per_finding_type"] == {
+ "critical": 1,
+ "high": 2,
+ "medium": 7,
+ "low": 3,
+ "recommendation": 1,
+ "pending": 1,
+ "unknown": 1,
+ }
+ assert summary_results["total_by_severity"] == {
+ "critical": 3,
+ "high": 3,
+ "medium": 9,
+ "low": 6,
+ "recommendation": 1,
+ "pending": 1,
+ "unknown": 1,
+ }
+ assert summary_results["total_finding_types"] == 16
+ assert summary_results["total_occurrences"] == 24
+
+
+def test_get_organizations_findings_summary_no_input():
+ """Test if summary returns an empty dict if there is not input."""
+ dashboard_service = DashboardService()
+ summary_results = dashboard_service.get_organizations_findings_summary({})
+
+ assert summary_results == {}
+
+
+def test_get_organizations_findings(findings_report_bytes_data):
+ """Test if the highest risk level is collected, only critical and high finding types are returned."""
+ dashboard_service = DashboardService()
+ report_data = findings_report_bytes_data[0]
+ report_data["findings"]["finding_types"] = [
+ {"finding_type": {"risk_severity": "critical"}, "occurrences": {}},
+ {"finding_type": {"risk_severity": "high"}, "occurrences": {}},
+ {"finding_type": {"risk_severity": "low"}, "occurrences": {}},
+ ]
+ findings = dashboard_service.get_organizations_findings(report_data)
+
+ assert len(findings["findings"]["finding_types"]) == 2
+ assert findings["highest_risk_level"] == "critical"
+ assert findings["findings"]["finding_types"][0]["finding_type"]["risk_severity"] == "critical"
+ assert findings["findings"]["finding_types"][1]["finding_type"]["risk_severity"] == "high"
+
+
+def test_get_organizations_findings_no_finding_types(findings_report_bytes_data):
+ """
+ When there are no finding types, the result should contain the report data and
+ highest_risk_level should be an empty string.
+ """
+ dashboard_service = DashboardService()
+ report_data = findings_report_bytes_data[0]
+ findings = dashboard_service.get_organizations_findings(report_data)
+
+ assert findings == report_data | {"highest_risk_level": ""}
+
+
+def test_get_organizations_findings_no_input():
+ """When there is no input, the result should only contain an empty highest_risk_level"""
+ dashboard_service = DashboardService()
+ findings = dashboard_service.get_organizations_findings({})
+
+ assert findings == {"highest_risk_level": ""}
+
+
+def test_collect_findings_dashboard(mocker, dashboard_data, findings_reports, findings_report_bytes_data):
+ """
+ Test if the right dashboard is filtered and if the method returns the right dict format.
+ Only the most recent report should be visible in the dict.
+ """
+
+ octopoes_client = mocker.patch("crisis_room.views.OctopoesAPIConnector")
+ octopoes_client().query.return_value = findings_reports
+
+ bytes_client = mocker.patch("crisis_room.views.get_bytes_client")
+ bytes_raw_data = [json.dumps(data).encode("utf-8") for data in findings_report_bytes_data]
+ bytes_client().get_raw.return_value = bytes_raw_data[0]
+
+ organizations = [data.dashboard.organization for data in dashboard_data]
+
+ dashboard_service = DashboardService()
+ findings_dashboard = dashboard_service.collect_findings_dashboard(organizations)
+
+ assert findings_dashboard[organizations[0]][dashboard_data[0]]["report"] == findings_reports[0]
+ assert findings_dashboard[organizations[0]][dashboard_data[0]][
+ "report_data"
+ ] == dashboard_service.get_organizations_findings(findings_report_bytes_data[0])
diff --git a/rocky/tools/admin.py b/rocky/tools/admin.py
index 112d3201826..988c131fced 100644
--- a/rocky/tools/admin.py
+++ b/rocky/tools/admin.py
@@ -2,6 +2,7 @@
from json import JSONDecodeError
import tagulous.admin
+from crisis_room.models import Dashboard, DashboardData
from django.contrib import admin, messages
from django.db.models import JSONField
from django.forms import widgets
@@ -86,4 +87,14 @@ class OrganizationTagAdmin(admin.ModelAdmin):
pass
+@admin.register(DashboardData)
+class DahboardDataAdmin(admin.ModelAdmin):
+ pass
+
+
+@admin.register(Dashboard)
+class DahboardAdmin(admin.ModelAdmin):
+ pass
+
+
tagulous.admin.register(Organization, OrganizationAdmin)
diff --git a/rocky/tools/templatetags/ooi_extra.py b/rocky/tools/templatetags/ooi_extra.py
index 7a6724540dd..26c2744266f 100644
--- a/rocky/tools/templatetags/ooi_extra.py
+++ b/rocky/tools/templatetags/ooi_extra.py
@@ -1,4 +1,5 @@
import json
+from datetime import datetime
from typing import Any
from urllib import parse
@@ -99,3 +100,14 @@ def clearance_level(ooi: OOI) -> ScanLevel:
@register.filter
def ooi_type(reference_string: str) -> str:
return Reference.from_str(reference_string).class_
+
+
+@register.filter
+def get_date(date_str: str) -> datetime:
+ return datetime.fromisoformat(date_str)
+
+
+@register.filter
+def get_first_seen(occurrences: dict) -> datetime:
+ first_seen_list = [datetime.fromisoformat(occurrence["first_seen"]) for occurrence in occurrences]
+ return min(first_seen_list)
|