refactor: UI improvements and code cleanup

Frontend: - DetectionsList: Simplify columns, improve truncation and display for IPs, hosts, bot info - IncidentsView: Replace metric cards with compact stat cards (unique IPs, known bots, ML anomalies, threat levels) - InvestigationView: Add section navigation anchors, reorganize layout with proper IDs - ThreatIntelView: Add navigation links to investigation pages, add comment column, improve table layout Backend: - Various route and model adjustments - Configuration updates Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-03-20 09:56:49 +01:00
parent dbb9bb3f94
commit bd33fbad01
17 changed files with 444 additions and 510 deletions
--- a/backend/routes/rotation.py
+++ b/backend/routes/rotation.py
@ -1,7 +1,6 @@
 """
 Endpoints pour la détection de la rotation de fingerprints JA4 et des menaces persistantes
 """
-import math
 from fastapi import APIRouter, HTTPException, Query

 from ..database import db
@ -110,7 +109,7 @@ async def get_sophistication(limit: int = Query(50, ge=1, le=500)):
    try:
        sql = """
        SELECT
-            replaceRegexpAll(toString(r.src_ip), '^::ffff:', '') AS ip,
+            r.ip,
            r.distinct_ja4_count,
            coalesce(rec.recurrence,     0)  AS recurrence,
            coalesce(bf.bruteforce_hits, 0)  AS bruteforce_hits,
@ -119,18 +118,26 @@ async def get_sophistication(limit: int = Query(50, ge=1, le=500)):
                + coalesce(rec.recurrence, 0) * 20
                + least(30.0, log(coalesce(bf.bruteforce_hits, 0) + 1) * 5)
            ), 1) AS sophistication_score
-        FROM mabase_prod.view_host_ip_ja4_rotation r
+        FROM (
+            SELECT
+                replaceRegexpAll(toString(src_ip), '^::ffff:', '') AS ip,
+                distinct_ja4_count
+            FROM mabase_prod.view_host_ip_ja4_rotation
+        ) r
        LEFT JOIN (
-            SELECT src_ip, count() AS recurrence
+            SELECT
+                replaceRegexpAll(toString(src_ip), '^::ffff:', '') AS ip,
+                count() AS recurrence
            FROM mabase_prod.ml_detected_anomalies FINAL
-            GROUP BY src_ip
-        ) rec USING(src_ip)
+            GROUP BY ip
+        ) rec ON r.ip = rec.ip
        LEFT JOIN (
-            SELECT replaceRegexpAll(toString(src_ip),'^::ffff:','') AS src_ip,
-                   sum(hits) AS bruteforce_hits
+            SELECT
+                replaceRegexpAll(toString(src_ip), '^::ffff:', '') AS ip,
+                sum(hits) AS bruteforce_hits
            FROM mabase_prod.view_form_bruteforce_detected
-            GROUP BY src_ip
-        ) bf USING(src_ip)
+            GROUP BY ip
+        ) bf ON r.ip = bf.ip
        ORDER BY sophistication_score DESC
        LIMIT %(limit)s
        """