docs(changeset): Exposing BeaconMeta source LogLine

devanfarrell · devanfarrell · commit ea7bb90162ea · 2023-01-17T06:55:43.000-08:00
diff --git a/.changeset/little-beans-hammer.md b/.changeset/little-beans-hammer.md
@@ -0,0 +1,5 @@
+---
+'@redeye/models': patch
+---
+
+Exposing BeaconMeta source LogLine
diff --git a/applications/server/schema.graphql b/applications/server/schema.graphql
@@ -8,17 +8,22 @@ type Annotation {
   commandIds: [String]
   date: DateTime!
   favorite: Boolean!
+  generation: GenerationType!
   id: String!
   tags: [Tag!]
   text: String!
   user: String!
 }
 
 input AnonymizationInput {
+  findReplace: [FindReplaceInput!] = []
   removeHidden: Boolean = false
   removeKeystrokes: Boolean = false
   removePasswordsHashes: Boolean = false
   removeScreenshots: Boolean = false
+  replaceDomainsAndIps: Boolean = false
+  replaceHostnames: Boolean = false
+  replaceUsernames: Boolean = false
 }
 
 type Beacon {
@@ -61,6 +66,9 @@ type BeaconMeta {
   """Process Identifier the beacon is running on"""
   pid: Int
 
+  """The log line from which the BeaconMeta was extracted"""
+  source: LogEntry!
+
   """The start time of the beacon"""
   startTime: DateTime
 
@@ -71,21 +79,23 @@ type BeaconMeta {
 type Campaign {
   annotationCount: Int!
   beaconCount: Int!
-  bloodStrikeServerCount: Int!
   commandCount: Int!
   computerCount: Int!
   creator: GlobalOperator
   firstLogTime: DateTime
   id: String!
   lastLogTime: DateTime
   lastOpenedBy: GlobalOperator
+  migrationError: Boolean!
   name: String!
   parsingStatus: ParsingStatus!
+  serverCount: Int!
 }
 
 type Command {
   attackIds: [String!]
   beacon: Beacon!
+  commandFailed: Boolean!
   commandGroups: [CommandGroup!]!
   id: String!
   input: LogEntry!
@@ -98,6 +108,7 @@ type Command {
 type CommandGroup {
   annotations: [Annotation!]!
   commandIds: [String!]!
+  generation: GenerationType!
   id: String!
 }
 
@@ -137,14 +148,26 @@ enum FileFlag {
   UPLOAD
 }
 
+input FindReplaceInput {
+  find: String = ""
+  replace: String = ""
+}
+
+"""How the entity was generated"""
+enum GenerationType {
+  MANUAL
+  PROCEDURAL
+  PROCEDURAL_MODIFIED
+}
+
 type GlobalOperator {
   id: String!
   name: String!
 }
 
 type Host {
   beaconIds: [String!]!
-  cobaltStrikeServer: Boolean!
+  cobaltStrikeServer: Boolean
   displayName: String
   hidden: Boolean
   hostName: String!
@@ -245,7 +268,7 @@ type Mutation {
   createCampaign(creatorName: String!, name: String!): Campaign!
 
   """Create a global user"""
-  createGlobalOperator(username: String!): GlobalOperator
+  createGlobalOperator(password: String!, username: String!): GlobalOperator
 
   """Create a new link between two beacons"""
   createLink(
@@ -268,6 +291,9 @@ type Mutation {
   """Delete a Campaign by id"""
   deleteCampaign(campaignId: String!): Boolean!
 
+  """Delete a link"""
+  deleteLink(campaignId: String!, id: String!): Link!
+
   """Edit a link"""
   editLink(
     campaignId: String!
@@ -327,9 +353,13 @@ type ParsingProgress {
 
 """The current state of Campaign parsing"""
 enum ParsingStatus {
+  LIVE_PARSING_CS
+  NOT_READY_TO_PARSE
   PARSING_COMPLETED
+  PARSING_FAILURE
   PARSING_IN_PROGRESS
   PARSING_NOT_STARTED
+  PARSING_QUEUED
 }
 
 type PresentationCommandGroup {
@@ -408,7 +438,7 @@ type Query {
   files(beaconId: String, campaignId: String!, hostId: String): [File]
 
   """Get all the operators for all campaigns"""
-  globalOperators: [GlobalOperator]
+  globalOperators(password: String!): [GlobalOperator]
 
   """Get all the hosts for a project"""
   hosts(campaignId: String!, hidden: Boolean = false): [Host]
@@ -436,6 +466,9 @@ type Query {
   """Get categories for presentation mode"""
   presentationItems(campaignId: String!, hidden: Boolean = false): [PresentationItem]
 
+  """Search Annotations from textQuery"""
+  searchAnnotations(campaignId: String!, hidden: Boolean = false, searchQuery: String!): [Annotation!]
+
   """Search Commands from textQuery"""
   searchCommands(campaignId: String!, hidden: Boolean = false, searchQuery: String!): [Command!]
 
@@ -457,7 +490,7 @@ type Query {
 
 type Server {
   beacons: [Beacon!]!
-  displayName: String
+  displayName: String!
   hidden: Boolean
   id: String!
   logsCount: Float!
diff --git a/packages/models/src/projectModels/BeaconMeta.ts b/packages/models/src/projectModels/BeaconMeta.ts
@@ -43,6 +43,8 @@ export class BeaconMeta {
 	@Property({ nullable: true })
 	origin?: string;
 
+	// This is likely to be nullable in future due to different ways we have to extract this data in other C2 tools
+	@Field(() => LogEntry, { description: 'The log line from which the BeaconMeta was extracted' })
 	@OneToOne({ owner: true, entity: () => LogEntry })
 	source: LogEntry;
 
