threat detection dashboard

.github/workflows/prod.yml

@@ -47,6 +47,11 @@ jobs:
       - uses: actions/setup-node@v2
         with:
           node-version: '17'
+      - uses: bufbuild/buf-action@v1
+        with:
+          setup_only: true
+      - name: Generate Proto files
+        run: make proto-gen
       - name: Download Akto templates zip and PII files
         working-directory: ./apps/dashboard/src/main/resources
         run: |

.github/workflows/staging.yml

@@ -26,6 +26,11 @@ jobs:
       - uses: actions/setup-node@v2
         with:
           node-version: "17"
+      - uses: bufbuild/buf-action@v1
+        with:
+          setup_only: true
+      - name: Generate Proto files
+        run: make proto-gen
       - name: Convert github branch name to be compatible with docker tag name convention and generate tag name
         id: docker_tag
         run: echo "IMAGE_TAG=a-$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_OUTPUT

.gitignore

@@ -22,3 +22,4 @@ https:
 **/data-zoo-data
 **/data-zoo-logs
 **/bin
+.factorypath

Makefile

@@ -0,0 +1,8 @@
+proto-gen:
+	sh ./scripts/proto-gen.sh
+
+build: proto-gen
+	mvn install -DskipTests
+
+build-clean: proto-gen
+	mvn clean install -DskipTests

apps/dashboard/pom.xml

@@ -1,5 +1,6 @@
-<project xmlns="https://maven.apache.org/POM/4.0.0" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="https://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -25,7 +26,7 @@
     </dependencyManagement>
 
     <dependencies>
-       <dependency>
+        <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-lambda</artifactId>
             <version>1.12.405</version>
@@ -109,6 +110,11 @@
             <artifactId>dao</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.akto.libs.protobuf</groupId>
+            <artifactId>protobuf</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>com.akto.libs.utils</groupId>
             <artifactId>utils</artifactId>
@@ -294,4 +300,4 @@
         </plugins>
         <finalName>${project.artifactId}</finalName>
     </build>
-</project>
+</project>

apps/dashboard/src/main/java/com/akto/action/threat_detection/AbstractThreatDetectionAction.java

@@ -0,0 +1,42 @@
+package com.akto.action.threat_detection;
+
+import com.akto.action.UserAction;
+import com.akto.dao.context.Context;
+import com.akto.database_abstractor_authenticator.JwtAuthenticator;
+import java.util.Calendar;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AbstractThreatDetectionAction extends UserAction {
+
+  private Map<Integer, String> tokens = new HashMap<>();
+  private String backendUrl;
+
+  public AbstractThreatDetectionAction() {
+    super();
+    this.backendUrl = System.getenv().getOrDefault("THREAT_DETECTION_BACKEND_URL", "https://tbs.akto.io");
+  }
+
+  public String getApiToken() {
+    try {
+      int accountId = Context.accountId.get();
+      if (tokens.containsKey(accountId)) {
+        return tokens.get(accountId);
+      }
+
+      Map<String, Object> claims = new HashMap<>();
+      claims.put("accountId", accountId);
+      String token = JwtAuthenticator.createJWT(claims, "Akto", "access_tbs", Calendar.MINUTE, 1);
+      tokens.put(accountId, token);
+
+      return token;
+    } catch (Exception e) {
+      System.out.println(e);
+      return "";
+    }
+  }
+
+  public String getBackendUrl() {
+    return backendUrl;
+  }
+}

apps/dashboard/src/main/java/com/akto/action/threat_detection/DashboardMaliciousEvent.java

@@ -0,0 +1,111 @@
+package com.akto.action.threat_detection;
+
+import com.akto.dto.type.URLMethods;
+import com.akto.dto.type.URLMethods.Method;
+
+public class DashboardMaliciousEvent {
+  private String id;
+  private String actor;
+  private String filter_id;
+  private String url;
+  private URLMethods.Method method;
+  private int apiCollectionId;
+  private String ip;
+  private String country;
+  private long timestamp;
+
+  public DashboardMaliciousEvent() {}
+
+  public DashboardMaliciousEvent(
+      String id,
+      String actor,
+      String filter,
+      String url,
+      Method method,
+      int apiCollectionId,
+      String ip,
+      String country,
+      long timestamp) {
+    this.id = id;
+    this.actor = actor;
+    this.filter_id = filter;
+    this.url = url;
+    this.method = method;
+    this.apiCollectionId = apiCollectionId;
+    this.ip = ip;
+    this.country = country;
+    this.timestamp = timestamp;
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public void setId(String id) {
+    this.id = id;
+  }
+
+  public String getActor() {
+    return actor;
+  }
+
+  public void setActor(String actor) {
+    this.actor = actor;
+  }
+
+  public String getFilterId() {
+    return filter_id;
+  }
+
+  public void setFilterId(String filter) {
+    this.filter_id = filter;
+  }
+
+  public String getUrl() {
+    return url;
+  }
+
+  public void setUrl(String url) {
+    this.url = url;
+  }
+
+  public URLMethods.Method getMethod() {
+    return method;
+  }
+
+  public void setMethod(URLMethods.Method method) {
+    this.method = method;
+  }
+
+  public String getIp() {
+    return ip;
+  }
+
+  public void setIp(String ip) {
+    this.ip = ip;
+  }
+
+  public String getCountry() {
+    return country;
+  }
+
+  public void setCountry(String country) {
+    this.country = country;
+  }
+
+  public long getTimestamp() {
+    return timestamp;
+  }
+
+  public void setTimestamp(long timestamp) {
+    this.timestamp = timestamp;
+  }
+
+  public int getApiCollectionId() {
+    return apiCollectionId;
+  }
+
+  public void setApiCollectionId(int apiCollectionId) {
+    this.apiCollectionId = apiCollectionId;
+  }
+}

apps/dashboard/src/main/java/com/akto/action/threat_detection/DashboardThreatActor.java

@@ -0,0 +1,77 @@
+package com.akto.action.threat_detection;
+
+import com.akto.dto.type.URLMethods.Method;
+
+public class DashboardThreatActor {
+
+  private String id;
+  private String latestApiEndpoint;
+  private String latestApiIp;
+  private Method latestApiMethod;
+  private long discoveredAt;
+  private String country;
+
+  public DashboardThreatActor(
+      String id,
+      String latestApiEndpoint,
+      String latestApiIp,
+      Method latestApiMethod,
+      long discoveredAt,
+      String country) {
+
+    this.id = id;
+    this.latestApiEndpoint = latestApiEndpoint;
+    this.latestApiIp = latestApiIp;
+    this.latestApiMethod = latestApiMethod;
+    this.discoveredAt = discoveredAt;
+    this.country = country;
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public void setId(String id) {
+    this.id = id;
+  }
+
+  public String getLatestApiEndpoint() {
+    return latestApiEndpoint;
+  }
+
+  public void setLatestApiEndpoint(String latestApiEndpoint) {
+    this.latestApiEndpoint = latestApiEndpoint;
+  }
+
+  public String getLatestApiIp() {
+    return latestApiIp;
+  }
+
+  public void setLatestApiIp(String latestApiIp) {
+    this.latestApiIp = latestApiIp;
+  }
+
+  public Method getLatestApiMethod() {
+    return latestApiMethod;
+  }
+
+  public void setLatestApiMethod(Method latestApiMethod) {
+    this.latestApiMethod = latestApiMethod;
+  }
+
+  public long getDiscoveredAt() {
+    return discoveredAt;
+  }
+
+  public void setDiscoveredAt(long discoveredAt) {
+    this.discoveredAt = discoveredAt;
+  }
+
+  public String getCountry() {
+    return country;
+  }
+
+  public void setCountry(String country) {
+    this.country = country;
+  }
+}

apps/dashboard/src/main/java/com/akto/action/threat_detection/DashboardThreatApi.java

@@ -0,0 +1,61 @@
+package com.akto.action.threat_detection;
+
+import com.akto.dto.type.URLMethods;
+
+public class DashboardThreatApi {
+
+  private String api;
+  private URLMethods.Method method;
+  private int actorsCount;
+  private int requestsCount;
+  private long discoveredAt;
+
+  public DashboardThreatApi(
+      String api, URLMethods.Method method, int actorsCount, int requestsCount, long discoveredAt) {
+    this.api = api;
+    this.method = method;
+    this.actorsCount = actorsCount;
+    this.requestsCount = requestsCount;
+    this.discoveredAt = discoveredAt;
+  }
+
+  public String getApi() {
+    return api;
+  }
+
+  public void setApi(String api) {
+    this.api = api;
+  }
+
+  public URLMethods.Method getMethod() {
+    return method;
+  }
+
+  public void setMethod(URLMethods.Method method) {
+    this.method = method;
+  }
+
+  public int getActorsCount() {
+    return actorsCount;
+  }
+
+  public void setActorsCount(int actorsCount) {
+    this.actorsCount = actorsCount;
+  }
+
+  public int getRequestsCount() {
+    return requestsCount;
+  }
+
+  public void setRequestsCount(int requestsCount) {
+    this.requestsCount = requestsCount;
+  }
+
+  public long getDiscoveredAt() {
+    return discoveredAt;
+  }
+
+  public void setDiscoveredAt(long discoveredAt) {
+    this.discoveredAt = discoveredAt;
+  }
+}