Splunk2HDF Updates

apps/frontend/package.json

@@ -44,6 +44,7 @@
     "@heimdall/interfaces": "^2.6.14",
     "@mdi/font": "^6.1.95",
     "@mdi/js": "^6.1.95",
+    "@mitre/splunk-sdk-no-env": "^1.10.0",
     "@types/bootstrap": "^5.0.15",
     "@types/chroma-js": "^2.1.0",
     "@types/concat-stream": "^2.0.0",
@@ -122,6 +123,7 @@
     "vuetify-loader": "^1.6.0",
     "vuex": "^3.1.2",
     "vuex-module-decorators": "^1.0.1",
+    "winston": "^3.6.0",
     "xlsx": "^0.17.0",
     "xml-js": "^1.6.11",
     "yazl": "^2.5.1"

apps/frontend/public/index.html

@@ -5,6 +5,7 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width,initial-scale=1.0">
+  <script src="/static/export/jquery.min.js"></script>
   <link rel="icon" href="/favicon.ico">
   <title>Heimdall</title>
 </head>

apps/frontend/src/components/global/ExportSplunkModal.vue

@@ -0,0 +1,158 @@
+<template>
+  <v-dialog v-model="showingModal" width="800px">
+    <template #activator="{on}">
+      <LinkItem
+        key="export_splunk"
+        text="Export to Splunk"
+        icon="mdi-database-arrow-up"
+        @click="showModal"
+        v-on="on"
+      />
+    </template>
+    <v-card>
+      <v-card-title class="headline"> Export to Splunk </v-card-title>
+      <v-card-text>
+        <v-stepper v-model="step" class="elevation-0">
+          <v-stepper-header class="elevation-0">
+            <v-stepper-step id="step-1" step="1">
+              Login Credentials
+            </v-stepper-step>
+            <v-divider />
+            <v-stepper-step id="step-2" step="2"> Post Data </v-stepper-step>
+          </v-stepper-header>
+          <v-stepper-items>
+            <v-stepper-content step="1">
+              <AuthStep
+                index-to-show="hdf"
+                @authenticated="onAuthenticationComplete"
+                @error="errorCount += 1"
+                @show-help="errorCount = -1"
+              />
+            </v-stepper-content>
+            <v-stepper-content step="2">
+              <pre v-text="statusLog" />
+            </v-stepper-content>
+          </v-stepper-items>
+          <v-overlay
+            :opacity="50"
+            absolute="absolute"
+            :value="errorCount >= 3 || errorCount < 0"
+          >
+            <div class="text-center">
+              <p>
+                <span v-if="errorCount > 0">
+                  It seems you may be having trouble using the Splunk toolkit.
+                  Are you sure that you have configured it properly?
+                </span>
+                <br />
+                <span>
+                  For installation instructions and further information, check
+                  here:
+                </span>
+                <v-btn
+                  target="_blank"
+                  href="https://github.com/mitre/hdf-json-to-splunk/"
+                  text
+                  color="info"
+                  px-0
+                >
+                  <v-icon pr-2>mdi-github-circle</v-icon>
+                  Splunk HDF Plugin
+                </v-btn>
+              </p>
+              <v-btn color="info" @click="errorCount = 0"> Ok </v-btn>
+            </div>
+          </v-overlay>
+        </v-stepper>
+      </v-card-text>
+      <v-card-actions>
+        <v-spacer />
+        <v-btn text @click="closeModal"> Close </v-btn>
+      </v-card-actions>
+    </v-card>
+  </v-dialog>
+</template>
+
+<script lang="ts">
+import LinkItem from '@/components/global/sidebaritems/IconLinkItem.vue';
+import {FilteredDataModule} from '@/store/data_filters';
+import {FileID} from '@/store/report_intake';
+import {FromHDFToSplunkMapper, SplunkConfig} from '@mitre/hdf-converters';
+import Vue from 'vue';
+import Component from 'vue-class-component';
+import winston from 'winston';
+import {SnackbarModule} from '../../store/snackbar';
+import AuthStep from '../global/upload_tabs/splunk/AuthStep.vue';
+
+@Component({
+  components: {
+    AuthStep,
+    LinkItem
+  }
+})
+export default class ExportSplunkModal extends Vue {
+  showingModal = false;
+  step = 1;
+  errorCount = 0;
+  statusLog = '';
+  splunkConfig: SplunkConfig | null = null;
+
+  logger: unknown = {
+    info: this.addLogMessage,
+    debug: this.addLogMessage,
+    verbose: this.addLogMessage,
+    error: this.addLogMessage
+  };
+
+  addLogMessage(message: string) {
+    this.statusLog += message + '\n';
+  }
+
+  closeModal() {
+    this.showingModal = false;
+    this.step = 1;
+    this.statusLog = '';
+    this.splunkConfig = null;
+  }
+
+  showModal() {
+    this.showingModal = true;
+  }
+
+  onAuthenticationComplete(splunkConfig: SplunkConfig) {
+    this.splunkConfig = splunkConfig;
+    this.step = 2;
+    this.convertAndUpload();
+  }
+
+  got_files(files: FileID[]) {
+    this.$emit('got-files', files);
+  }
+
+  onSignOut() {
+    this.step = 1;
+    this.splunkConfig = null;
+  }
+
+  async convertAndUpload() {
+    const ids = FilteredDataModule.selected_file_ids;
+    FilteredDataModule.evaluations(ids).forEach(async (evaluation) => {
+      this.statusLog += `Starting Upload of File: ${evaluation.from_file.filename}\n`;
+      if (this.splunkConfig) {
+        new FromHDFToSplunkMapper(evaluation, this.logger as winston.Logger)
+          .toSplunk(this.splunkConfig, evaluation.from_file.filename, true)
+          .then(() => {
+            this.statusLog += `Sucessfully uploaded file ${evaluation.from_file.filename}\n`;
+          })
+          .catch((error) => {
+            this.statusLog += `Failed to upload file ${evaluation.from_file.filename}:\n\t${error}\n`;
+          });
+      } else {
+        SnackbarModule.failure(
+          'Failed to upload to Splunk: Invalid Configuration (undefined)'
+        );
+      }
+    });
+  }
+}
+</script>

apps/frontend/src/components/global/upload_tabs/splunk/AuthStep.vue

@@ -14,13 +14,27 @@
         type="password"
         data-cy="splunkpassword"
       />
-      <v-text-field
-        v-model="hostname"
-        label="Hostname"
-        for="hostname_field"
-        hint="https://yourdomain.com:8089"
-        data-cy="splunkhostname"
-      />
+      <v-container style="margin: 0; padding: 0" grid-list-md text-xs-center>
+        <v-layout row wrap>
+          <v-flex xs10>
+            <v-text-field
+              v-model="hostname"
+              label="Hostname"
+              for="hostname_field"
+              hint="https://yourdomain.com:8089"
+              data-cy="splunkhostname"
+            />
+          </v-flex>
+          <v-flex xs2>
+            <v-text-field
+              v-model="index"
+              label="Index"
+              for="index_field"
+              data-cy="splunkindex"
+            />
+          </v-flex>
+        </v-layout>
+      </v-container>
     </v-form>
     <v-row class="mx-1">
       <v-btn
@@ -44,13 +58,17 @@
 import FileList from '@/components/global/upload_tabs/aws/FileList.vue';
 import {SnackbarModule} from '@/store/snackbar';
 import {LocalStorageVal} from '@/utilities/helper_util';
-import {SplunkClient} from '@/utilities/splunk_util';
+import {checkSplunkCredentials} from '@mitre/hdf-converters/src/splunk-mapper';
+import {SplunkConfig} from '@mitre/splunk-sdk-no-env';
 import Vue from 'vue';
 import Component from 'vue-class-component';
+import {Prop} from 'vue-property-decorator';
 
 // Our saved fields
 const localUsername = new LocalStorageVal<string>('splunk_username');
 const localPassword = new LocalStorageVal<string>('splunk_password');
+const localSplunk2HDFIndex = new LocalStorageVal<string>('splunk2hdf_index');
+const localHDF2SplunkIndex = new LocalStorageVal<string>('hdf2splunk_index');
 const localHostname = new LocalStorageVal<string>('splunk_hostname');
 
 @Component({
@@ -59,37 +77,60 @@ const localHostname = new LocalStorageVal<string>('splunk_hostname');
   }
 })
 export default class AuthStep extends Vue {
+  @Prop({type: String, required: false}) indexToShow?: string;
   username = '';
+
   password = '';
   hostname = '';
+  index = '';
+
+  async login(): Promise<void> {
+    if (!/^https?:\/\//.test(this.hostname)) {
+      this.hostname = `https://${this.hostname}`;
+    }
+
+    const parsedURL = new URL(this.hostname);
+
+    const config: SplunkConfig = {
+      host: parsedURL.hostname,
+      username: this.username,
+      password: this.password,
+      port: parseInt(parsedURL.port) || 8089,
+      index: this.index,
+      scheme: parsedURL.protocol.split(':')[0] || 'https'
+    };
 
-  async login() {
-    const splunkClient = new SplunkClient(
-      this.hostname,
-      this.username,
-      this.password
-    );
-    splunkClient.validateCredentials().then((result) => {
-      if (result === true) {
+    await checkSplunkCredentials(config, true)
+      .then(() => {
         localUsername.set(this.username);
         localPassword.set(this.password);
         localHostname.set(this.hostname);
+        if (this.indexToShow === undefined) {
+          localSplunk2HDFIndex.set(this.index);
+        } else {
+          localHDF2SplunkIndex.set(this.index);
+        }
         SnackbarModule.notify('You have successfully signed in');
-        this.$emit('authenticated', splunkClient);
-      } else if (result === false) {
-        SnackbarModule.failure('Incorrect Username or Password');
-      } else {
-        SnackbarModule.failure(result);
-        this.$emit('error');
-      }
-    });
+        this.$emit('authenticated', config);
+      })
+      .catch((error) => {
+        if (error !== 'Incorrect Username or Password') {
+          this.$emit('error');
+        }
+        SnackbarModule.failure(error);
+      });
   }
 
   /** Init our fields */
   mounted() {
     this.username = localUsername.get_default('');
     this.password = localPassword.get_default('');
     this.hostname = localHostname.get_default('');
+    if (this.indexToShow === undefined) {
+      this.index = localSplunk2HDFIndex.get_default('*');
+    } else {
+      this.index = localSplunk2HDFIndex.get_default(this.indexToShow);
+    }
   }
 }
 </script>