fix: correct CampaignsView, analysis.py IPv4 split, entities date filter

- CampaignsView: update ClusterData interface to match real API response
  (severity/unique_ips/score instead of threat_level/total_ips/confidence_range)
  Fix fetch to use data.items, rewrite ClusterCard and BehavioralTab
  Remove unused getClassificationColor and THREAT_ORDER constants
- analysis.py: fix IPv4Address object has no attribute 'split' on line 322
  Add str() conversion before calling .split('.')
- entities.py: fix Date vs DateTime comparison — log_date is a Date column,
  comparing against now()-INTERVAL HOUR caused yesterday's entries to be excluded
  Use toDate(now() - INTERVAL X HOUR) for correct Date-level comparison

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/routes/entities.py

@@ -45,7 +45,7 @@ def get_entity_stats(entity_type: str, entity_value: str, hours: int = 24) -> Op
     FROM mabase_prod.view_dashboard_entities
     WHERE entity_type = %(entity_type)s
       AND entity_value = %(entity_value)s
-      AND log_date >= now() - INTERVAL %(hours)s HOUR
+      AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR)
     GROUP BY entity_type, entity_value
     """
     
@@ -76,11 +76,11 @@ def get_related_attributes(entity_type: str, entity_value: str, hours: int = 24)
     # Requête pour agréger tous les attributs associés
     query = """
     SELECT
-        (SELECT groupUniqArray(toString(src_ip)) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= now() - INTERVAL %(hours)s HOUR) as ips,
-        (SELECT groupUniqArray(ja4) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= now() - INTERVAL %(hours)s HOUR AND ja4 != '') as ja4s,
-        (SELECT groupUniqArray(host) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= now() - INTERVAL %(hours)s HOUR AND host != '') as hosts,
-        (SELECT groupUniqArrayArray(asns) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= now() - INTERVAL %(hours)s HOUR AND notEmpty(asns)) as asns,
-        (SELECT groupUniqArrayArray(countries) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= now() - INTERVAL %(hours)s HOUR AND notEmpty(countries)) as countries
+        (SELECT groupUniqArray(toString(src_ip)) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR)) as ips,
+        (SELECT groupUniqArray(ja4) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR) AND ja4 != '') as ja4s,
+        (SELECT groupUniqArray(host) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR) AND host != '') as hosts,
+        (SELECT groupUniqArrayArray(asns) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR) AND notEmpty(asns)) as asns,
+        (SELECT groupUniqArrayArray(countries) FROM mabase_prod.view_dashboard_entities WHERE entity_type = %(entity_type)s AND entity_value = %(entity_value)s AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR) AND notEmpty(countries)) as countries
     """
     
     result = db.connect().query(query, {
@@ -123,7 +123,7 @@ def get_array_values(entity_type: str, entity_value: str, array_field: str, hour
         FROM mabase_prod.view_dashboard_entities
         WHERE entity_type = %(entity_type)s
           AND entity_value = %(entity_value)s
-          AND log_date >= now() - INTERVAL %(hours)s HOUR
+          AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR)
           AND notEmpty({array_field})
     )
     GROUP BY value
@@ -193,7 +193,7 @@ async def get_subnet_investigation(
                 arrayJoin(user_agents) AS user_agent
             FROM view_dashboard_entities
             WHERE entity_type = 'ip'
-              AND log_date >= now() - INTERVAL %(hours)s HOUR
+              AND log_date >= toDate(now() - INTERVAL %(hours)s HOUR)
               AND splitByChar('.', entity_value)[1] = %(subnet_prefix)s
               AND splitByChar('.', entity_value)[2] = %(subnet_mask)s
               AND splitByChar('.', entity_value)[3] = %(subnet_third)s