Added Threat Intelligence section to the Organization dashboard #4036
Conversation
WalkthroughThis pull request adds threat intelligence components to the company cyber dashboard. It introduces a new section in the analytics HTML template with displays for security risk scores, top issue categories, and recent security alerts. In parallel, it enhances the backend view by adding methods to compute threat intelligence data, including risk scoring, recent alerts, and label conversion. Minor adjustments for unauthenticated user handling were also applied. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant AnalyticsView as OrganizationDashboardAnalyticsView
participant Template as organization_analytics.html
Client->>AnalyticsView: Send GET request for dashboard data
AnalyticsView->>AnalyticsView: Execute get_threat_intelligence(organization)
AnalyticsView->>AnalyticsView: Process risk score, issue categories, and recent alerts
AnalyticsView->>Template: Render updated dashboard with threat intelligence context
Template->>Client: Return dashboard page with new threat intelligence section
Assessment against linked issues
Possibly related PRs
Suggested reviewers
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
⏰ Context from checks skipped due to timeout of 90000ms (2)
🔇 Additional comments (3)
✨ Finishing Touches
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (4)
website/templates/organization/organization_analytics.html (2)
342-346: Consider adding ARIA attributes for accessibility.The color-coding for risk scores improves visual understanding, but users with visual impairments might miss this information. Consider adding appropriate ARIA attributes or additional text indicators to ensure the severity level is accessible to all users.
<span class="text-3xl font-bold inline-block py-1 px-2 rounded-full {% if threat_intelligence.risk_score >= 75 %}text-red-600 {% elif threat_intelligence.risk_score >= 50 %}text-yellow-600 {% else %}text-green-600{% endif %}" + aria-label="Risk score: {{ threat_intelligence.risk_score }} out of 100, {% if threat_intelligence.risk_score >= 75 %}High risk{% elif threat_intelligence.risk_score >= 50 %}Medium risk{% else %}Low risk{% endif %}" > {{ threat_intelligence.risk_score }}/100 </span>
372-373: Add tooltips for truncated alert descriptions.Since you're using
truncateclass on alert descriptions, some text might be cut off. Consider adding tooltips to show the full description on hover.<span class="w-2 h-2 rounded-full {% if alert.cve_score >= 8 %}bg-red-500{% elif alert.cve_score >= 5 %}bg-yellow-500{% else %}bg-orange-500{% endif %}"></span> -<span class="text-sm text-gray-600 truncate">{{ alert.description }}</span> +<span class="text-sm text-gray-600 truncate" title="{{ alert.description }}">{{ alert.description }}</span>website/views/company.py (2)
246-246: Risk score calculation could be more robust.The current risk score calculation uses a simple ratio of critical issues to total issues. Consider implementing a weighted calculation that factors in multiple severity levels.
-risk_score = min(100, (critical_issues / total_issues * 100) if total_issues > 0 else 0) +# Calculate weighted risk score factoring in multiple severity levels +high_severity = security_issues.filter(cve_score__gte=8).count() +medium_severity = security_issues.filter(cve_score__gte=5, cve_score__lt=8).count() +low_severity = security_issues.filter(cve_score__gt=0, cve_score__lt=5).count() + +# Apply weights: high=1.0, medium=0.5, low=0.25 +weighted_score = (high_severity * 1.0 + medium_severity * 0.5 + low_severity * 0.25) +weighted_total = total_issues if total_issues > 0 else 1 +risk_score = min(100, int((weighted_score / weighted_total) * 100))
462-462: Consider using context.update with multiple key-value pairs.For better readability when adding multiple context variables, consider using the
update()method with a dictionary containing all new entries rather than updating with a single item.-context.update({"threat_intelligence": self.get_threat_intelligence(id)}) +context.update({ + "threat_intelligence": self.get_threat_intelligence(id), + # Add other future context variables here +})
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
website/templates/organization/organization_analytics.html(1 hunks)website/views/company.py(3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: Run Tests
- GitHub Check: docker-test
🔇 Additional comments (2)
website/templates/organization/organization_analytics.html (1)
330-381: Well-structured Threat Intelligence section implementation!The new Threat Intelligence section follows the established design patterns of the dashboard, maintaining consistency with other sections. The implementation includes three well-organized components: Security Risk Score, Top Issue Categories, and Recent Security Alerts, each with appropriate visual indicators.
The conditional styling for risk scores and alerts based on severity levels is a nice touch for visual clarity.
website/views/company.py (1)
228-262: Well-implemented threat intelligence data gathering.The
get_threat_intelligencemethod effectively collects and processes security-related data, including:
- Attack vectors from security issues over the past 90 days
- Risk score calculation based on critical issues proportion
- Recent alerts from the past 7 days with severity filtering
The method handles edge cases by checking for zero division and applying maximum limits to the risk score.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
website/templates/organization/organization_analytics.html (2)
363-363: Minor typo in class name attribute.There's a typo in the class name where "semibold" is misspelled as "semibold".
- <h3 class="text-lg font-semibold text-gray-800 mb-2">Recent Security Alerts</h3> + <h3 class="text-lg font-semibold text-gray-800 mb-2">Recent Security Alerts</h3>
350-350: Same typo in another class name attribute.The same "semibold" typo appears in this heading as well.
- <h3 class="text-lg font-semibold text-gray-800 mb-2">Top Issue Categories</h3> + <h3 class="text-lg font-semibold text-gray-800 mb-2">Top Issue Categories</h3>website/views/company.py (1)
455-455: Consider initializing the context with all values.Instead of updating the context after initialization, consider including the threat intelligence data directly in the initial context dictionary for better readability.
context = { "organization": id, "organizations": organizations, "organization_obj": organization_obj, "total_info": self.get_general_info(id), "bug_report_type_piechart_data": self.get_bug_report_type_piechart_data(id), "reports_on_domain_piechart_data": self.get_reports_on_domain_piechart_data(id), "get_current_year_monthly_reported_bar_data": self.get_current_year_monthly_reported_bar_data(id), "bug_rate_increase_descrease_weekly": self.bug_rate_increase_descrease_weekly(id), "accepted_bug_rate_increase_descrease_weekly": self.bug_rate_increase_descrease_weekly(id, True), "spent_on_bugtypes": self.get_spent_on_bugtypes(id), "security_incidents_summary": self.get_security_incidents_summary(id), + "threat_intelligence": self.get_threat_intelligence(id), } - context.update({"threat_intelligence": self.get_threat_intelligence(id)})
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
website/templates/organization/organization_analytics.html(1 hunks)website/views/company.py(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: Run Tests
- GitHub Check: docker-test
🔇 Additional comments (3)
website/templates/organization/organization_analytics.html (1)
330-374: Well-structured implementation of the Threat Intelligence section.The new section follows the same design patterns as existing sections in the dashboard, with responsive grid layouts and appropriate conditional formatting for risk indicators.
website/views/company.py (2)
228-262: Good implementation of the threat intelligence method.The method properly filters security issues, calculates risk scores, and retrieves recent alerts. The risk score calculation safely handles division by zero cases.
263-266: Good reuse of existing label mapping.The
get_label_namemethod properly reuses the existinglabelsclass attribute to maintain consistency across the codebase, as suggested in a previous review comment.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
website/views/company.py (2)
245-246: Consider adding comments explaining score calculation.The risk score calculation logic could benefit from additional comments explaining why
cve_score >= 8is chosen as the threshold for critical issues and how the score formula was determined.# Calculate risk score (0-100) total_issues = security_issues.count() critical_issues = security_issues.filter(cve_score__gte=8).count() # Use cve_score instead of severity + # Calculate risk score as percentage of critical issues (CVE score ≥ 8), capped at 100 risk_score = min(100, (critical_issues / total_issues * 100) if total_issues > 0 else 0)
228-262: Consider optimizing database queries.The method makes multiple database queries to fetch security issues. Consider retrieving the data once and reusing it to improve performance.
def get_threat_intelligence(self, organization): """Gets threat intelligence data for the organization.""" security_issues = Issue.objects.filter( domain__organization__id=organization, label=4, # Security label ) + + # Calculate counts once to avoid multiple queries + total_issues = security_issues.count() + critical_issues = security_issues.filter(cve_score__gte=8).count() + + # Pre-fetch recent alerts in a single query + recent_alerts = security_issues.filter( + created__gte=timezone.now() - timedelta(days=7), + cve_score__gte=7, # Use cve_score for severity + ).order_by("-created")[:5] # Get trending attack types based on issue labels/tags instead attack_vectors = ( security_issues.filter(created__gte=timezone.now() - timedelta(days=90)) .values("label") # Use label instead of vulnerability_type .annotate(count=Count("id")) .order_by("-count")[:5] ) # Calculate risk score (0-100) - total_issues = security_issues.count() - critical_issues = security_issues.filter(cve_score__gte=8).count() # Use cve_score instead of severity risk_score = min(100, (critical_issues / total_issues * 100) if total_issues > 0 else 0) return { "attack_vectors": [ { "vulnerability_type": self.get_label_name(vector["label"]), # Convert label to readable name "count": vector["count"], } for vector in attack_vectors ], "risk_score": int(risk_score), - "recent_alerts": security_issues.filter( - created__gte=timezone.now() - timedelta(days=7), - cve_score__gte=7, # Use cve_score for severity - ).order_by("-created")[:5], + "recent_alerts": recent_alerts, }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
website/views/company.py(2 hunks)
🧰 Additional context used
🪛 Ruff (0.8.2)
website/views/company.py
265-266: SyntaxError: Expected ')', found newline
⏰ Context from checks skipped due to timeout of 90000ms (4)
- GitHub Check: Run Tests
- GitHub Check: docker-test
- GitHub Check: Analyze (python)
- GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (2)
website/views/company.py (2)
228-262: Well-implemented threat intelligence method.The
get_threat_intelligencemethod effectively collects security insights by:
- Filtering security issues by organization and label
- Calculating trending attack vectors from the last 90 days
- Computing a risk score based on critical issue ratio
- Gathering recent high-severity alerts
The implementation properly handles edge cases like division by zero when calculating the risk score.
455-455: Good addition to the context dictionary.The threat intelligence data is properly added to the context dictionary for rendering in the template.
|
Hello sir , please review this PR @DonnieBLT |
…P-BLT#4036) * added Threat Intelligence * fix * fix * fix --------- Co-authored-by: DonnieBLT <[email protected]>
* mentor changes * chore(deps): Bump aiohttp from 3.11.14 to 3.11.15 Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.11.14 to 3.11.15. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.11.14...v3.11.15) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump openai from 1.69.0 to 1.70.0 Bumps [openai](https://github.com/openai/openai-python) from 1.69.0 to 1.70.0. - [Release notes](https://github.com/openai/openai-python/releases) - [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md) - [Commits](openai/openai-python@v1.69.0...v1.70.0) --- updated-dependencies: - dependency-name: openai dependency-version: 1.70.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump sentry-sdk from 2.24.1 to 2.25.0 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.24.1 to 2.25.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.24.1...2.25.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * reminder-settings logic done * UI done for remdiner-settings * debug statement removed * chore(deps): Bump django from 5.1.7 to 5.1.8 Bumps [django](https://github.com/django/django) from 5.1.7 to 5.1.8. - [Commits](django/django@5.1.7...5.1.8) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump aiohttp from 3.11.15 to 3.11.16 --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.11.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump django-storages from 1.14.5 to 1.14.6 Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.14.5 to 1.14.6. - [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst) - [Commits](jschneier/django-storages@1.14.5...1.14.6) --- updated-dependencies: - dependency-name: django-storages dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump sentry-sdk from 2.25.0 to 2.25.1 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.25.0...2.25.1) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.25.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Shifted Kudos view to the api (#4083) * shifted to api * pre commit changes * pre-commit migration' * made rabbit changes * Verifying kudos sender through github login. (#4089) * shifted to api * pre commit changes * pre-commit migration' * made rabbit changes * verifying sender by github profile * pre commit fix * fixes ssrf in OWASP compliance check (#4091) * fixes ssrf in OWASP compliance check * isort * try block * Implemented change provided by coderabbitai -Voidoid (#4098) * Implemented change provided by coderabbitai -Voidoid * Update website/templates/hackathons/detail.html --------- Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: DonnieBLT <[email protected]> * done (#4101) * Fix: Fixed the queue page. (#4075) * side navbar fixed * launched_at added and conditions added for it * transaction fixed * paid field added * view queue feature added * pre-commit error * improved UI/UX of whole page * changes in the UI * removed discord and slack options * post on launch added * pre-commit error * pre-commit error fixed * added h and w to all img tags * coderabit changes * Delete_Page UI Fixed (#4100) * done * done * chat-bot fixed (#4052) Co-authored-by: DonnieBLT <[email protected]> * added a close button to delete the message chat in messages (#4032) * added a close button to delete the message chat in messages * removed all console logs --------- Co-authored-by: DonnieBLT <[email protected]> * Added Threat Intelligence section to the Organization dashboard (#4036) * added Threat Intelligence * fix * fix * fix --------- Co-authored-by: DonnieBLT <[email protected]> * done (#4048) Co-authored-by: DonnieBLT <[email protected]> * number updated for django migrations * deleted old file * extra line added * extra line added * code fix * pre-commit check * pre-commit run * pre-commit run * migration fix * optimized logic to send mails * migration * precommit * pre-commit run * pre-commit * pre-commit run * cron changes * migration fixes * migration fix * removed extra urls: code clean * import correction * using get_or_create now * code refactor and bug fix --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krrish Sehgal <[email protected]> Co-authored-by: Abhishek Kumar <[email protected]> Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: DonnieBLT <[email protected]> Co-authored-by: Lucky negi <[email protected]> Co-authored-by: Rinkit Adhana <[email protected]> Co-authored-by: Swaparup Mukherjee <[email protected]> Co-authored-by: sath000007 <[email protected]>
closes #2471
Summary by CodeRabbit