4c04c9870a
Integrate Atlas InfoSec API to manage compliance action plans directly from the ReportingPage. Users can view, create, and update action plans for host findings without switching to the Atlas web tool. Backend: - Add atlasApi.js helper with Basic Auth, TLS skip, GET/PUT/PATCH/POST - Add atlas_action_plans_cache migration for SQLite cache table - Add atlas.js router with sync, status, and proxy CRUD endpoints - Mount Atlas router at /api/atlas in server.js - Extract hostId from Ivanti host findings during sync Frontend: - Add AtlasBadge component (amber=needs plan, green=has plan) - Add AtlasSlideOutPanel with plan list, create form, edit capability - Separate active plans from inactive history in collapsible section - Custom dark-themed plan type dropdown - Optimistic local state shows pending plans immediately after creation - Atlas sync button on ReportingPage toolbar - Prepopulate finding ID in create form from clicked row Environment: - Add ATLAS_API_URL, ATLAS_API_USER, ATLAS_API_PASS, ATLAS_SKIP_TLS to .env.example
985 lines
41 KiB
JavaScript
985 lines
41 KiB
JavaScript
// Ivanti / RiskSense Host Findings Routes
|
|
// Caches hostFinding/search results in SQLite with daily auto-sync.
|
|
// Notes are stored separately so they survive cache refreshes.
|
|
|
|
const express = require('express');
|
|
const { requireGroup } = require('../middleware/auth');
|
|
const { ivantiPost } = require('../helpers/ivantiApi');
|
|
|
|
const SYNC_INTERVAL_MS = 24 * 60 * 60 * 1000;
|
|
|
|
const FINDINGS_FILTERS = [
|
|
// NOTE: This filters for Open findings only — Closed count is fetched separately via syncClosedCount()
|
|
{
|
|
field: 'assetCustomAttributes.1550_host_1.value',
|
|
exclusive: false,
|
|
operator: 'IN',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: 'NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM',
|
|
caseSensitive: false
|
|
},
|
|
{
|
|
field: 'severity',
|
|
exclusive: false,
|
|
operator: 'RANGE',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: '8.5,9.9',
|
|
caseSensitive: false
|
|
},
|
|
{
|
|
field: 'generic_state',
|
|
exclusive: false,
|
|
operator: 'EXACT',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: 'Open',
|
|
caseSensitive: false
|
|
}
|
|
];
|
|
|
|
// Same BU + severity filters but for Closed state — used only to fetch the total count
|
|
const CLOSED_COUNT_FILTERS = [
|
|
{
|
|
field: 'assetCustomAttributes.1550_host_1.value',
|
|
exclusive: false,
|
|
operator: 'IN',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: 'NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM',
|
|
caseSensitive: false
|
|
},
|
|
{
|
|
field: 'severity',
|
|
exclusive: false,
|
|
operator: 'RANGE',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: '8.5,9.9',
|
|
caseSensitive: false
|
|
},
|
|
{
|
|
field: 'generic_state',
|
|
exclusive: false,
|
|
operator: 'EXACT',
|
|
orWithPrevious: false,
|
|
implicitFilters: [],
|
|
value: 'Closed',
|
|
caseSensitive: false
|
|
}
|
|
];
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Table init
|
|
// ---------------------------------------------------------------------------
|
|
function initTables(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.serialize(() => {
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_findings_cache (
|
|
id INTEGER PRIMARY KEY CHECK (id = 1),
|
|
total INTEGER DEFAULT 0,
|
|
findings_json TEXT DEFAULT '[]',
|
|
synced_at DATETIME,
|
|
sync_status TEXT DEFAULT 'never',
|
|
error_message TEXT
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
INSERT OR IGNORE INTO ivanti_findings_cache (id, total, findings_json, sync_status)
|
|
VALUES (1, 0, '[]', 'never')
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_finding_notes (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
finding_id TEXT NOT NULL UNIQUE,
|
|
note TEXT NOT NULL DEFAULT '',
|
|
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_counts_cache (
|
|
id INTEGER PRIMARY KEY CHECK (id = 1),
|
|
open_count INTEGER DEFAULT 0,
|
|
closed_count INTEGER DEFAULT 0,
|
|
synced_at DATETIME
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
// Idempotent column additions — errors mean the column already exists, which is fine
|
|
db.run(`ALTER TABLE ivanti_counts_cache ADD COLUMN fp_workflow_counts_json TEXT DEFAULT '{}'`, () => {});
|
|
db.run(`ALTER TABLE ivanti_counts_cache ADD COLUMN fp_id_counts_json TEXT DEFAULT '{}'`, () => {});
|
|
|
|
db.run(`
|
|
INSERT OR IGNORE INTO ivanti_counts_cache (id, open_count, closed_count)
|
|
VALUES (1, 0, 0)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_finding_overrides (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
finding_id TEXT NOT NULL,
|
|
field TEXT NOT NULL,
|
|
value TEXT NOT NULL DEFAULT '',
|
|
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
|
|
UNIQUE(finding_id, field)
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE INDEX IF NOT EXISTS idx_finding_notes_finding_id
|
|
ON ivanti_finding_notes(finding_id)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE INDEX IF NOT EXISTS idx_finding_overrides_finding_id
|
|
ON ivanti_finding_overrides(finding_id)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_counts_history (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
open_count INTEGER NOT NULL,
|
|
closed_count INTEGER NOT NULL,
|
|
recorded_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
|
)
|
|
`, (err) => {
|
|
if (err) reject(err);
|
|
else resolve();
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Archive table init — creates archive tracking tables alongside the main cache
|
|
// ---------------------------------------------------------------------------
|
|
function initArchiveTables(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.serialize(() => {
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_finding_archives (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
finding_id TEXT NOT NULL UNIQUE,
|
|
finding_title TEXT NOT NULL DEFAULT '',
|
|
host_name TEXT NOT NULL DEFAULT '',
|
|
ip_address TEXT NOT NULL DEFAULT '',
|
|
current_state TEXT NOT NULL CHECK(current_state IN ('ARCHIVED','RETURNED','CLOSED')),
|
|
last_severity REAL NOT NULL DEFAULT 0,
|
|
first_archived_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
last_transition_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE TABLE IF NOT EXISTS ivanti_archive_transitions (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
archive_id INTEGER NOT NULL,
|
|
from_state TEXT NOT NULL,
|
|
to_state TEXT NOT NULL,
|
|
severity_at_transition REAL NOT NULL DEFAULT 0,
|
|
reason TEXT NOT NULL DEFAULT '',
|
|
transitioned_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
FOREIGN KEY (archive_id) REFERENCES ivanti_finding_archives(id)
|
|
)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE INDEX IF NOT EXISTS idx_archive_finding_id
|
|
ON ivanti_finding_archives(finding_id)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE INDEX IF NOT EXISTS idx_archive_current_state
|
|
ON ivanti_finding_archives(current_state)
|
|
`, (err) => { if (err) return reject(err); });
|
|
|
|
db.run(`
|
|
CREATE INDEX IF NOT EXISTS idx_transition_archive_id
|
|
ON ivanti_archive_transitions(archive_id)
|
|
`, (err) => {
|
|
if (err) reject(err);
|
|
else resolve();
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Archive detection — compare previous vs current findings to detect state changes
|
|
// ---------------------------------------------------------------------------
|
|
async function detectArchiveChanges(db, previousFindings, currentFindings) {
|
|
const previousIds = new Set(previousFindings.map(f => String(f.id)));
|
|
const currentIds = new Set(currentFindings.map(f => String(f.id)));
|
|
|
|
// Build lookup maps for metadata
|
|
const previousMap = new Map(previousFindings.map(f => [String(f.id), f]));
|
|
const currentMap = new Map(currentFindings.map(f => [String(f.id), f]));
|
|
|
|
// 1. Disappeared findings: in previous but not in current → ARCHIVED
|
|
const disappearedIds = [...previousIds].filter(id => !currentIds.has(id));
|
|
|
|
for (const id of disappearedIds) {
|
|
const finding = previousMap.get(id);
|
|
const title = finding.title || '';
|
|
const hostName = finding.hostName || '';
|
|
const ipAddress = finding.ipAddress || '';
|
|
const severity = typeof finding.severity === 'number' ? finding.severity : 0;
|
|
|
|
try {
|
|
// Check if this finding already has an archive record
|
|
const existing = await dbGet(db,
|
|
`SELECT id, current_state FROM ivanti_finding_archives WHERE finding_id = ?`,
|
|
[id]
|
|
);
|
|
|
|
if (existing && existing.current_state === 'RETURNED') {
|
|
// Re-disappeared: RETURNED → ARCHIVED
|
|
await dbRun(db,
|
|
`UPDATE ivanti_finding_archives
|
|
SET current_state = 'ARCHIVED', last_severity = ?, last_transition_at = datetime('now')
|
|
WHERE id = ?`,
|
|
[severity, existing.id]
|
|
);
|
|
await dbRun(db,
|
|
`INSERT INTO ivanti_archive_transitions (archive_id, from_state, to_state, severity_at_transition, reason, transitioned_at)
|
|
VALUES (?, 'RETURNED', 'ARCHIVED', ?, 'severity_score_drift', datetime('now'))`,
|
|
[existing.id, severity]
|
|
);
|
|
console.log(`[Archive Detection] Finding ${id} re-archived (RETURNED → ARCHIVED)`);
|
|
} else if (!existing) {
|
|
// First disappearance: NONE → ARCHIVED
|
|
const result = await dbRun(db,
|
|
`INSERT INTO ivanti_finding_archives (finding_id, finding_title, host_name, ip_address, current_state, last_severity, first_archived_at, last_transition_at)
|
|
VALUES (?, ?, ?, ?, 'ARCHIVED', ?, datetime('now'), datetime('now'))`,
|
|
[id, title, hostName, ipAddress, severity]
|
|
);
|
|
const archiveId = result.lastID;
|
|
await dbRun(db,
|
|
`INSERT INTO ivanti_archive_transitions (archive_id, from_state, to_state, severity_at_transition, reason, transitioned_at)
|
|
VALUES (?, 'NONE', 'ARCHIVED', ?, 'severity_score_drift', datetime('now'))`,
|
|
[archiveId, severity]
|
|
);
|
|
console.log(`[Archive Detection] Finding ${id} archived (NONE → ARCHIVED)`);
|
|
}
|
|
// If existing state is ARCHIVED or CLOSED, no action needed
|
|
} catch (err) {
|
|
console.error(`[Archive Detection] Error processing disappeared finding ${id}:`, err.message);
|
|
}
|
|
}
|
|
|
|
// 2. Returned findings: in current AND has existing ARCHIVED record → RETURNED
|
|
const currentIdsList = [...currentIds];
|
|
if (currentIdsList.length > 0) {
|
|
try {
|
|
const archivedRecords = await dbAll(db,
|
|
`SELECT id, finding_id FROM ivanti_finding_archives WHERE current_state = 'ARCHIVED'`
|
|
);
|
|
|
|
for (const record of archivedRecords) {
|
|
if (currentIds.has(record.finding_id)) {
|
|
const finding = currentMap.get(record.finding_id);
|
|
const severity = typeof finding.severity === 'number' ? finding.severity : 0;
|
|
|
|
await dbRun(db,
|
|
`UPDATE ivanti_finding_archives
|
|
SET current_state = 'RETURNED', last_severity = ?, last_transition_at = datetime('now')
|
|
WHERE id = ?`,
|
|
[severity, record.id]
|
|
);
|
|
await dbRun(db,
|
|
`INSERT INTO ivanti_archive_transitions (archive_id, from_state, to_state, severity_at_transition, reason, transitioned_at)
|
|
VALUES (?, 'ARCHIVED', 'RETURNED', ?, 'reappeared_in_sync', datetime('now'))`,
|
|
[record.id, severity]
|
|
);
|
|
console.log(`[Archive Detection] Finding ${record.finding_id} returned (ARCHIVED → RETURNED)`);
|
|
}
|
|
}
|
|
} catch (err) {
|
|
console.error('[Archive Detection] Error processing returned findings:', err.message);
|
|
}
|
|
}
|
|
|
|
console.log(`[Archive Detection] Processed ${disappearedIds.length} disappeared, checked ${currentIdsList.length} current findings against archive`);
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Closed finding detection — check archived/returned findings against Ivanti closed set
|
|
// ---------------------------------------------------------------------------
|
|
async function detectClosedFindings(db, closedFindingIds) {
|
|
if (!closedFindingIds || closedFindingIds.length === 0) return;
|
|
|
|
const closedSet = new Set(closedFindingIds.map(String));
|
|
|
|
try {
|
|
const records = await dbAll(db,
|
|
`SELECT id, finding_id, current_state, last_severity FROM ivanti_finding_archives WHERE current_state IN ('ARCHIVED', 'RETURNED')`
|
|
);
|
|
|
|
let closedCount = 0;
|
|
for (const record of records) {
|
|
if (!closedSet.has(record.finding_id)) continue;
|
|
|
|
try {
|
|
await dbRun(db,
|
|
`UPDATE ivanti_finding_archives
|
|
SET current_state = 'CLOSED', last_transition_at = datetime('now')
|
|
WHERE id = ?`,
|
|
[record.id]
|
|
);
|
|
await dbRun(db,
|
|
`INSERT INTO ivanti_archive_transitions (archive_id, from_state, to_state, severity_at_transition, reason, transitioned_at)
|
|
VALUES (?, ?, 'CLOSED', ?, 'remediated_in_ivanti', datetime('now'))`,
|
|
[record.id, record.current_state, record.last_severity || 0]
|
|
);
|
|
closedCount++;
|
|
console.log(`[Archive Detection] Finding ${record.finding_id} closed (${record.current_state} → CLOSED)`);
|
|
} catch (err) {
|
|
console.error(`[Archive Detection] Error closing finding ${record.finding_id}:`, err.message);
|
|
}
|
|
}
|
|
|
|
console.log(`[Archive Detection] Closed ${closedCount} findings as remediated`);
|
|
} catch (err) {
|
|
console.error('[Archive Detection] Error querying archive records for closed detection:', err.message);
|
|
}
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Extract only the fields we need from a raw finding object
|
|
// ---------------------------------------------------------------------------
|
|
function extractFinding(f) {
|
|
// statusEmbedded.dueDate = "2026-03-06T00:00:00" — strip to date part
|
|
const rawDueDate = f.statusEmbedded?.dueDate || '';
|
|
const dueDate = rawDueDate ? rawDueDate.split('T')[0] : '';
|
|
|
|
// BU ownership: assetCustomAttributes['1550_host_1'] is an array like ["NTS-AEO-STEAM"]
|
|
const buOwnership = f.assetCustomAttributes?.['1550_host_1']?.[0] || '';
|
|
|
|
// CVE list: vulnerabilities.vulnInfoList[].cve
|
|
const cves = (f.vulnerabilities?.vulnInfoList || []).map(v => v.cve).filter(Boolean);
|
|
|
|
// Workflow: only capture FP# (False Positive) tickets — SYS# are auto-generated
|
|
// system workflows and not actionable for our purposes.
|
|
const wfDist = f.workflowDistribution || {};
|
|
const fpBuckets = [
|
|
...(wfDist.actionableWorkflows || []),
|
|
...(wfDist.requestedWorkflows || []),
|
|
...(wfDist.reworkedWorkflows || []),
|
|
...(wfDist.rejectedWorkflows || []),
|
|
...(wfDist.expiredWorkflows || []),
|
|
...(wfDist.approvedWorkflows || []),
|
|
].filter(w => (w.generatedId || '').startsWith('FP#'));
|
|
|
|
// Priority: actionable > requested > reworked > rejected > expired > approved
|
|
const fpEntry = fpBuckets[0] || null;
|
|
|
|
// Fallback: if no FP# in distribution, check workflowGeneratedNames directly
|
|
const generatedNames = f.workflowGeneratedNames || [];
|
|
const fpFromNames = !fpEntry
|
|
? generatedNames.find(n => n.startsWith('FP#')) || null
|
|
: null;
|
|
|
|
const workflow = fpEntry ? {
|
|
id: fpEntry.generatedId || '',
|
|
state: fpEntry.state || '',
|
|
type: 'FP',
|
|
} : fpFromNames ? {
|
|
id: fpFromNames,
|
|
state: '',
|
|
type: 'FP',
|
|
} : null;
|
|
|
|
return {
|
|
id: String(f.id),
|
|
hostId: f.host?.hostId || null,
|
|
title: f.title || '',
|
|
severity: typeof f.severity === 'number' ? f.severity : parseFloat(f.severity) || 0,
|
|
vrrGroup: f.vrrGroup || f.severityGroup || '',
|
|
hostName: f.host?.hostName || '',
|
|
ipAddress: f.host?.ipAddress || '',
|
|
dns: f.dns || f.host?.fqdn || '',
|
|
status: f.status || '',
|
|
slaStatus: f.slaStatus || '',
|
|
dueDate,
|
|
lastFoundOn: f.lastFoundOn || '',
|
|
buOwnership,
|
|
cves,
|
|
workflow
|
|
};
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Fetch total count of Closed findings from Ivanti (page 0, size 1)
|
|
// ---------------------------------------------------------------------------
|
|
async function syncClosedCount(db, openCount, apiKey, clientId, skipTls) {
|
|
const urlPath = `/client/${encodeURIComponent(clientId)}/hostFinding/search`;
|
|
try {
|
|
const body = {
|
|
filters: CLOSED_COUNT_FILTERS,
|
|
projection: 'internal',
|
|
sort: [{ field: 'severity', direction: 'ASC' }],
|
|
page: 0,
|
|
size: 100
|
|
};
|
|
|
|
const result = await ivantiPost(urlPath, body, apiKey, skipTls);
|
|
if (result.status !== 200) throw new Error(`Closed count API returned status ${result.status}`);
|
|
|
|
const data = JSON.parse(result.body);
|
|
// RiskSense returns total in page.totalElements or page.total
|
|
const closedCount = data.page?.totalElements ?? data.page?.total ?? 0;
|
|
const totalPages = data.page?.totalPages || 1;
|
|
|
|
// Collect closed finding IDs for archive detection
|
|
const closedFindingIds = [];
|
|
const firstPageFindings = data._embedded?.hostFindings || [];
|
|
firstPageFindings.forEach(f => { if (f.id) closedFindingIds.push(String(f.id)); });
|
|
|
|
// Fetch remaining pages to collect all closed finding IDs
|
|
for (let pg = 1; pg < totalPages; pg++) {
|
|
try {
|
|
const pageBody = { ...body, page: pg };
|
|
const pageResult = await ivantiPost(urlPath, pageBody, apiKey, skipTls);
|
|
if (pageResult.status !== 200) break;
|
|
const pageData = JSON.parse(pageResult.body);
|
|
const pageFindings = pageData._embedded?.hostFindings || [];
|
|
pageFindings.forEach(f => { if (f.id) closedFindingIds.push(String(f.id)); });
|
|
} catch (err) {
|
|
console.error(`[Ivanti Findings] Failed to fetch closed findings page ${pg}:`, err.message);
|
|
break;
|
|
}
|
|
}
|
|
|
|
await dbRun(db,
|
|
`UPDATE ivanti_counts_cache SET open_count=?, closed_count=?, synced_at=datetime('now') WHERE id=1`,
|
|
[openCount, closedCount]
|
|
);
|
|
|
|
// Append a snapshot to history — every sync is stored; the history
|
|
// endpoint aggregates to last-per-day at query time (Option B).
|
|
await dbRun(db,
|
|
`INSERT INTO ivanti_counts_history (open_count, closed_count) VALUES (?, ?)`,
|
|
[openCount, closedCount]
|
|
);
|
|
|
|
console.log(`[Ivanti Findings] Counts updated — open: ${openCount}, closed: ${closedCount}`);
|
|
|
|
// Detect closed findings in the archive — wrap in try/catch so errors don't break sync
|
|
try {
|
|
await detectClosedFindings(db, closedFindingIds);
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] Closed finding archive detection failed (non-fatal):', err.message);
|
|
}
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] Failed to fetch closed count:', err.message);
|
|
// Still update open count so it stays in sync; leave closed_count as-is
|
|
await dbRun(db,
|
|
`UPDATE ivanti_counts_cache SET open_count=?, synced_at=datetime('now') WHERE id=1`,
|
|
[openCount]
|
|
).catch(() => {});
|
|
}
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Extract FP workflow id+state from a raw (un-extracted) finding
|
|
// Returns { id, state } or null if no FP# workflow present.
|
|
// ---------------------------------------------------------------------------
|
|
function extractFPWorkflow(f) {
|
|
const wfDist = f.workflowDistribution || {};
|
|
const fpBuckets = [
|
|
...(wfDist.actionableWorkflows || []),
|
|
...(wfDist.requestedWorkflows || []),
|
|
...(wfDist.reworkedWorkflows || []),
|
|
...(wfDist.rejectedWorkflows || []),
|
|
...(wfDist.expiredWorkflows || []),
|
|
...(wfDist.approvedWorkflows || []),
|
|
].filter(w => (w.generatedId || '').startsWith('FP#'));
|
|
const fpEntry = fpBuckets[0] || null;
|
|
if (!fpEntry) return null;
|
|
return { id: fpEntry.generatedId || '', state: fpEntry.state || 'Unknown' };
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Sync FP stats across ALL findings (open + closed).
|
|
//
|
|
// Produces two separate counts:
|
|
// findingCounts — number of *findings* per FP workflow state
|
|
// idCounts — number of *unique FP# ticket IDs* per state
|
|
// (one FP# can cover many findings; this chart counts tickets)
|
|
//
|
|
// Open findings come from the already-extracted allFindings array.
|
|
// Closed findings are swept page-by-page to catch Approved FPs.
|
|
// ---------------------------------------------------------------------------
|
|
async function syncFPWorkflowCounts(db, openFindings, apiKey, clientId, skipTls) {
|
|
const findingCounts = {}; // state → # findings
|
|
const fpIdMap = {}; // FP# id → state (deduplicates across findings)
|
|
|
|
// Seed from open findings (already extracted, have workflow.id + workflow.state)
|
|
openFindings.forEach(f => {
|
|
if (!f.workflow) return;
|
|
const state = f.workflow.state || 'Unknown';
|
|
const id = f.workflow.id || '';
|
|
findingCounts[state] = (findingCounts[state] || 0) + 1;
|
|
if (id && !fpIdMap[id]) fpIdMap[id] = state;
|
|
});
|
|
|
|
// Sweep closed findings to pick up Approved (and any other closed FP states)
|
|
const urlPath = `/client/${encodeURIComponent(clientId)}/hostFinding/search`;
|
|
let page = 0;
|
|
let totalPages = 1;
|
|
|
|
try {
|
|
do {
|
|
const body = {
|
|
filters: CLOSED_COUNT_FILTERS,
|
|
projection: 'internal',
|
|
sort: [{ field: 'severity', direction: 'ASC' }],
|
|
page,
|
|
size: 100
|
|
};
|
|
const result = await ivantiPost(urlPath, body, apiKey, skipTls);
|
|
if (result.status !== 200) {
|
|
console.warn(`[Ivanti Findings] FP workflow counts: closed findings page ${page} returned ${result.status} — stopping sweep`);
|
|
break;
|
|
}
|
|
const data = JSON.parse(result.body);
|
|
totalPages = data.page?.totalPages || 1;
|
|
const findings = data._embedded?.hostFindings || [];
|
|
findings.forEach(f => {
|
|
const wf = extractFPWorkflow(f);
|
|
if (!wf) return;
|
|
findingCounts[wf.state] = (findingCounts[wf.state] || 0) + 1;
|
|
if (wf.id && !fpIdMap[wf.id]) fpIdMap[wf.id] = wf.state;
|
|
});
|
|
console.log(`[Ivanti Findings] FP workflow counts: closed page ${page + 1}/${totalPages}`);
|
|
page++;
|
|
} while (page < totalPages);
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] FP workflow counts: closed sweep failed:', err.message);
|
|
// Fall through — store whatever we have from open findings
|
|
}
|
|
|
|
// Aggregate unique FP# IDs by state
|
|
const idCounts = {};
|
|
Object.values(fpIdMap).forEach(state => {
|
|
idCounts[state] = (idCounts[state] || 0) + 1;
|
|
});
|
|
|
|
await dbRun(db,
|
|
`UPDATE ivanti_counts_cache SET fp_workflow_counts_json=?, fp_id_counts_json=? WHERE id=1`,
|
|
[JSON.stringify(findingCounts), JSON.stringify(idCounts)]
|
|
).catch(e => console.error('[Ivanti Findings] Failed to store FP workflow counts:', e.message));
|
|
|
|
console.log('[Ivanti Findings] FP finding counts:', findingCounts);
|
|
console.log('[Ivanti Findings] FP workflow ID counts:', idCounts);
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Core sync — fetches ALL pages, stores slimmed findings in SQLite
|
|
// ---------------------------------------------------------------------------
|
|
async function syncFindings(db) {
|
|
const apiKey = process.env.IVANTI_API_KEY;
|
|
const clientId = process.env.IVANTI_CLIENT_ID || '1550';
|
|
const skipTls = process.env.IVANTI_SKIP_TLS === 'true';
|
|
|
|
if (!apiKey) {
|
|
const errMsg = 'IVANTI_API_KEY not set in .env — skipping sync';
|
|
console.warn('[Ivanti Findings]', errMsg);
|
|
await dbRun(db, `UPDATE ivanti_findings_cache SET sync_status='error', error_message=?, synced_at=datetime('now') WHERE id=1`, [errMsg]);
|
|
return;
|
|
}
|
|
|
|
console.log('[Ivanti Findings] Starting sync...');
|
|
|
|
const urlPath = `/client/${encodeURIComponent(clientId)}/hostFinding/search`;
|
|
let allFindings = [];
|
|
let page = 0;
|
|
let totalPages = 1;
|
|
|
|
try {
|
|
do {
|
|
const body = {
|
|
filters: FINDINGS_FILTERS,
|
|
projection: 'internal',
|
|
sort: [{ field: 'severity', direction: 'ASC' }],
|
|
page,
|
|
size: 100
|
|
};
|
|
|
|
const result = await ivantiPost(urlPath, body, apiKey, skipTls);
|
|
|
|
if (result.status === 401) throw new Error('Invalid or missing API key (401)');
|
|
if (result.status === 419) throw new Error('Insufficient privileges (419) — API key lacks hostFinding access');
|
|
if (result.status === 429) throw new Error('Rate limited (429) — try again later');
|
|
if (result.status !== 200) throw new Error(`Ivanti API returned status ${result.status}`);
|
|
|
|
const data = JSON.parse(result.body);
|
|
totalPages = data.page?.totalPages || 1;
|
|
const findings = data._embedded?.hostFindings || [];
|
|
allFindings = allFindings.concat(findings.map(extractFinding));
|
|
|
|
console.log(`[Ivanti Findings] Page ${page + 1}/${totalPages} — ${allFindings.length} findings so far`);
|
|
page++;
|
|
} while (page < totalPages);
|
|
|
|
// Read previous findings BEFORE updating the cache (they'll be overwritten)
|
|
let previousFindings = [];
|
|
try {
|
|
const state = await readState(db);
|
|
previousFindings = state.findings || [];
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] Failed to read previous findings for archive detection:', err.message);
|
|
}
|
|
|
|
await dbRun(db,
|
|
`UPDATE ivanti_findings_cache SET total=?, findings_json=?, synced_at=datetime('now'), sync_status='success', error_message=NULL WHERE id=1`,
|
|
[allFindings.length, JSON.stringify(allFindings)]
|
|
);
|
|
|
|
console.log(`[Ivanti Findings] Sync complete — ${allFindings.length} findings`);
|
|
|
|
// Archive detection — compare previous vs current to detect disappeared/returned findings
|
|
// Only runs after a successful sync (skipped on error per requirement 1.5)
|
|
try {
|
|
await detectArchiveChanges(db, previousFindings, allFindings);
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] Archive detection failed (non-fatal):', err.message);
|
|
}
|
|
|
|
await syncClosedCount(db, allFindings.length, apiKey, clientId, skipTls);
|
|
await syncFPWorkflowCounts(db, allFindings, apiKey, clientId, skipTls);
|
|
} catch (err) {
|
|
const msg = err.message || 'Unknown error';
|
|
console.error('[Ivanti Findings] Sync failed:', msg);
|
|
// Archive detection is intentionally skipped on sync error (requirement 1.5)
|
|
await dbRun(db, `UPDATE ivanti_findings_cache SET sync_status='error', error_message=?, synced_at=datetime('now') WHERE id=1`, [msg]);
|
|
}
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Scheduler
|
|
// ---------------------------------------------------------------------------
|
|
function scheduleSync(db) {
|
|
db.get('SELECT synced_at FROM ivanti_findings_cache WHERE id = 1', (err, row) => {
|
|
if (err || !row || !row.synced_at) {
|
|
syncFindings(db);
|
|
} else {
|
|
const lastSync = new Date(row.synced_at.replace(' ', 'T') + 'Z');
|
|
const hoursSince = (Date.now() - lastSync.getTime()) / (1000 * 60 * 60);
|
|
if (hoursSince >= 24) {
|
|
syncFindings(db);
|
|
} else {
|
|
console.log(`[Ivanti Findings] Last sync ${hoursSince.toFixed(1)}h ago — next auto-sync in ${(24 - hoursSince).toFixed(1)}h`);
|
|
}
|
|
}
|
|
});
|
|
|
|
setInterval(() => syncFindings(db), SYNC_INTERVAL_MS);
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// DB helpers
|
|
// ---------------------------------------------------------------------------
|
|
function dbRun(db, sql, params = []) {
|
|
return new Promise((resolve, reject) => {
|
|
db.run(sql, params, function (err) { if (err) reject(err); else resolve(this); });
|
|
});
|
|
}
|
|
|
|
function dbGet(db, sql, params = []) {
|
|
return new Promise((resolve, reject) => {
|
|
db.get(sql, params, (err, row) => { if (err) reject(err); else resolve(row); });
|
|
});
|
|
}
|
|
|
|
function dbAll(db, sql, params = []) {
|
|
return new Promise((resolve, reject) => {
|
|
db.all(sql, params, (err, rows) => { if (err) reject(err); else resolve(rows || []); });
|
|
});
|
|
}
|
|
|
|
function readState(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.get(
|
|
'SELECT total, findings_json, synced_at, sync_status, error_message FROM ivanti_findings_cache WHERE id = 1',
|
|
(err, row) => {
|
|
if (err) return reject(err);
|
|
if (!row) return resolve({ total: 0, findings: [], synced_at: null, sync_status: 'never', error_message: null });
|
|
let findings = [];
|
|
try { findings = JSON.parse(row.findings_json || '[]'); } catch (_) { /* leave empty */ }
|
|
resolve({ total: row.total || 0, findings, synced_at: row.synced_at, sync_status: row.sync_status, error_message: row.error_message });
|
|
}
|
|
);
|
|
});
|
|
}
|
|
|
|
function readNotes(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.all('SELECT finding_id, note FROM ivanti_finding_notes', (err, rows) => {
|
|
if (err) return reject(err);
|
|
const map = {};
|
|
(rows || []).forEach((r) => { map[r.finding_id] = r.note; });
|
|
resolve(map);
|
|
});
|
|
});
|
|
}
|
|
|
|
function readCounts(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.get(
|
|
'SELECT open_count, closed_count, synced_at FROM ivanti_counts_cache WHERE id = 1',
|
|
(err, row) => {
|
|
if (err) return reject(err);
|
|
resolve({
|
|
open: row?.open_count ?? 0,
|
|
closed: row?.closed_count ?? 0,
|
|
synced_at: row?.synced_at ?? null,
|
|
});
|
|
}
|
|
);
|
|
});
|
|
}
|
|
|
|
// Returns { findingId: { hostName: 'override', dns: 'override' }, ... }
|
|
function readOverrides(db) {
|
|
return new Promise((resolve, reject) => {
|
|
db.all('SELECT finding_id, field, value FROM ivanti_finding_overrides', (err, rows) => {
|
|
if (err) return reject(err);
|
|
const map = {};
|
|
(rows || []).forEach((r) => {
|
|
if (!map[r.finding_id]) map[r.finding_id] = {};
|
|
map[r.finding_id][r.field] = r.value;
|
|
});
|
|
resolve(map);
|
|
});
|
|
});
|
|
}
|
|
|
|
async function readStateWithNotes(db) {
|
|
const [state, notes, overrides] = await Promise.all([readState(db), readNotes(db), readOverrides(db)]);
|
|
state.findings = state.findings.map((f) => ({
|
|
...f,
|
|
note: notes[f.id] || '',
|
|
overrides: overrides[f.id] || {},
|
|
}));
|
|
return state;
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Router
|
|
// ---------------------------------------------------------------------------
|
|
function createIvantiFindingsRouter(db, requireAuth) {
|
|
const router = express.Router();
|
|
|
|
Promise.all([initTables(db), initArchiveTables(db)])
|
|
.then(() => scheduleSync(db))
|
|
.catch((err) => console.error('[Ivanti Findings] Init failed:', err));
|
|
|
|
router.use(requireAuth(db));
|
|
|
|
/**
|
|
* GET /api/ivanti/findings
|
|
*
|
|
* Return cached Ivanti findings with notes and overrides merged in.
|
|
*
|
|
* @returns {Object} 200 - { findings: Array<Object>, lastSync: string|null, overrides: Object }
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
router.get('/', async (req, res) => {
|
|
try {
|
|
res.json(await readStateWithNotes(db));
|
|
} catch {
|
|
res.status(500).json({ error: 'Database error reading findings' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* POST /api/ivanti/findings/sync
|
|
*
|
|
* Trigger an immediate Ivanti findings sync and return the fresh state.
|
|
* Requires Admin or Standard_User group.
|
|
*
|
|
* @returns {Object} 200 - { findings: Array<Object>, lastSync: string|null, overrides: Object }
|
|
* @returns {Object} 500 - { error: string } if sync ran but state could not be read
|
|
*/
|
|
router.post('/sync', requireGroup('Admin', 'Standard_User'), async (req, res) => {
|
|
await syncFindings(db);
|
|
try {
|
|
res.json(await readStateWithNotes(db));
|
|
} catch {
|
|
res.status(500).json({ error: 'Sync ran but could not read updated state' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* GET /api/ivanti/findings/counts
|
|
*
|
|
* Return open vs closed finding totals for the pie chart.
|
|
*
|
|
* @returns {Object} 200 - { open: number, closed: number }
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
router.get('/counts', async (req, res) => {
|
|
try {
|
|
res.json(await readCounts(db));
|
|
} catch {
|
|
res.status(500).json({ error: 'Database error reading counts' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* GET /api/ivanti/findings/counts/history
|
|
*
|
|
* Return the last snapshot per day (ascending) for the trend chart.
|
|
* Uses a ROW_NUMBER window function to pick the final sync of each calendar day.
|
|
*
|
|
* @returns {Object} 200 - { history: Array<{ date: string, open_count: number, closed_count: number }> }
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
router.get('/counts/history', async (req, res) => {
|
|
try {
|
|
const rows = await new Promise((resolve, reject) => {
|
|
db.all(
|
|
`SELECT date, open_count, closed_count FROM (
|
|
SELECT DATE(recorded_at) AS date,
|
|
open_count, closed_count,
|
|
ROW_NUMBER() OVER (
|
|
PARTITION BY DATE(recorded_at)
|
|
ORDER BY recorded_at DESC
|
|
) AS rn
|
|
FROM ivanti_counts_history
|
|
) WHERE rn = 1
|
|
ORDER BY date ASC`,
|
|
[],
|
|
(err, rows) => { if (err) reject(err); else resolve(rows || []); }
|
|
);
|
|
});
|
|
res.json({ history: rows });
|
|
} catch (err) {
|
|
console.error('[Ivanti Findings] GET /counts/history error:', err.message);
|
|
res.status(500).json({ error: 'Database error' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* GET /api/ivanti/findings/fp-workflow-counts
|
|
*
|
|
* Return FP finding counts and unique workflow ID counts (open + closed),
|
|
* broken down by workflow status.
|
|
*
|
|
* @returns {Object} 200 - { findingCounts: Object, findingTotal: number, idCounts: Object, idTotal: number }
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
router.get('/fp-workflow-counts', async (req, res) => {
|
|
try {
|
|
const row = await new Promise((resolve, reject) => {
|
|
db.get('SELECT fp_workflow_counts_json, fp_id_counts_json FROM ivanti_counts_cache WHERE id=1',
|
|
(err, row) => { if (err) reject(err); else resolve(row); }
|
|
);
|
|
});
|
|
let findingCounts = {};
|
|
let idCounts = {};
|
|
try { findingCounts = JSON.parse(row?.fp_workflow_counts_json || '{}'); } catch (_) {}
|
|
try { idCounts = JSON.parse(row?.fp_id_counts_json || '{}'); } catch (_) {}
|
|
res.json({
|
|
findingCounts,
|
|
findingTotal: Object.values(findingCounts).reduce((a, b) => a + b, 0),
|
|
idCounts,
|
|
idTotal: Object.values(idCounts).reduce((a, b) => a + b, 0),
|
|
});
|
|
} catch {
|
|
res.status(500).json({ error: 'Database error reading FP workflow counts' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* PUT /api/ivanti/findings/:findingId/override
|
|
*
|
|
* Save or clear a field override for a finding. Requires Admin or Standard_User group.
|
|
* Sending an empty value clears the override (reverts to Ivanti-sourced data).
|
|
*
|
|
* @param {string} findingId - The finding identifier (URL param)
|
|
* @body {string} field - The field to override; must be one of 'hostName', 'dns'
|
|
* @body {string} [value] - The override value; empty or omitted to clear
|
|
*
|
|
* @returns {Object} 200 - { finding_id: string, field: string, value: string|null }
|
|
* @returns {Object} 400 - { error: string } when field is not in the allowed list
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
const OVERRIDE_ALLOWED = ['hostName', 'dns'];
|
|
router.put('/:findingId/override', requireGroup('Admin', 'Standard_User'), (req, res) => {
|
|
const { findingId } = req.params;
|
|
const { field, value } = req.body;
|
|
|
|
if (!OVERRIDE_ALLOWED.includes(field)) {
|
|
return res.status(400).json({ error: `Field '${field}' is not editable. Allowed: ${OVERRIDE_ALLOWED.join(', ')}` });
|
|
}
|
|
|
|
const val = String(value ?? '').trim();
|
|
|
|
if (val === '') {
|
|
// Empty value = clear the override (revert to Ivanti)
|
|
db.run(
|
|
'DELETE FROM ivanti_finding_overrides WHERE finding_id = ? AND field = ?',
|
|
[findingId, field],
|
|
(err) => {
|
|
if (err) return res.status(500).json({ error: 'Failed to clear override' });
|
|
res.json({ finding_id: findingId, field, value: null });
|
|
}
|
|
);
|
|
} else {
|
|
db.run(
|
|
`INSERT INTO ivanti_finding_overrides (finding_id, field, value, updated_at)
|
|
VALUES (?, ?, ?, datetime('now'))
|
|
ON CONFLICT(finding_id, field) DO UPDATE SET value=excluded.value, updated_at=datetime('now')`,
|
|
[findingId, field, val],
|
|
(err) => {
|
|
if (err) return res.status(500).json({ error: 'Failed to save override' });
|
|
res.json({ finding_id: findingId, field, value: val });
|
|
}
|
|
);
|
|
}
|
|
});
|
|
|
|
/**
|
|
* PUT /api/ivanti/findings/:findingId/note
|
|
*
|
|
* Save or update a note for a finding (max 255 characters).
|
|
* Requires Admin or Standard_User group.
|
|
*
|
|
* @param {string} findingId - The finding identifier (URL param)
|
|
* @body {string} [note] - The note text (truncated to 255 chars)
|
|
*
|
|
* @returns {Object} 200 - { finding_id: string, note: string }
|
|
* @returns {Object} 500 - { error: string } on database error
|
|
*/
|
|
router.put('/:findingId/note', requireGroup('Admin', 'Standard_User'), (req, res) => {
|
|
const { findingId } = req.params;
|
|
const note = String(req.body.note || '').slice(0, 255);
|
|
|
|
db.run(
|
|
`INSERT INTO ivanti_finding_notes (finding_id, note, updated_at)
|
|
VALUES (?, ?, datetime('now'))
|
|
ON CONFLICT(finding_id) DO UPDATE SET note=excluded.note, updated_at=datetime('now')`,
|
|
[findingId, note],
|
|
(err) => {
|
|
if (err) return res.status(500).json({ error: 'Failed to save note' });
|
|
res.json({ finding_id: findingId, note });
|
|
}
|
|
);
|
|
});
|
|
|
|
return router;
|
|
}
|
|
|
|
module.exports = createIvantiFindingsRouter;
|
|
module.exports.detectArchiveChanges = detectArchiveChanges;
|
|
module.exports.detectClosedFindings = detectClosedFindings;
|
|
module.exports.initArchiveTables = initArchiveTables;
|