feat: 6 améliorations SOC — synthèse IP, baseline, sophistication, chasse proactive, badge ASN, 2 nouveaux onglets rotation

- investigation_summary.py: nouveau endpoint GET /api/investigation/{ip}/summary agrège 6 sources (ML, bruteforce, TCP spoofing, JA4 rotation, persistance, timeline 24h) en un score de risque 0-100 avec signaux détaillés - InvestigationView.tsx: widget IPActivitySummary avec jauge Risk Score SVG, badges multi-sources et mini-timeline 24h barres - metrics.py: endpoint GET /api/metrics/baseline — comparaison 24h vs hier (total détections, IPs uniques, alertes CRITICAL) avec % de variation - IncidentsView.tsx: widget baseline avec ▲▼ sur le dashboard principal - rotation.py: endpoints /sophistication et /proactive-hunt Score sophistication = JOIN 3 tables (rotation×10 + récurrence×20 + log(bf+1)×5) Chasse proactive = IPs récurrentes sous le seuil ML (abs(score) < 0.5) - RotationView.tsx: onglets 🏆 Sophistication et 🕵️ Chasse proactive avec tier APT-like/Advanced/Automated/Basic et boutons investigation - detections.py: LEFT JOIN asn_reputation, badge coloré rouge/orange/vert selon label (bot/scanner → score 0.05, human → 0.9) - models.py: ajout champs asn_score et asn_rep_label dans Detection Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-16 00:43:27 +01:00
parent 8032ebaab8
commit d4c3512572
11 changed files with 815 additions and 6 deletions
--- a/backend/routes/detections.py
+++ b/backend/routes/detections.py
@ -97,8 +97,10 @@ async def get_detections(
            hit_velocity,
            fuzzing_index,
            post_ratio,
-            reason
+            reason,
+            ar.label AS asn_rep_label
        FROM ml_detected_anomalies
+        LEFT JOIN mabase_prod.asn_reputation ar ON ar.src_asn = toUInt32OrZero(asn_number)
        WHERE {where_clause}
        ORDER BY {sort_by} {sort_order}
        LIMIT %(limit)s OFFSET %(offset)s
@ -109,6 +111,21 @@ async def get_detections(
        
        result = db.query(main_query, params)
        
+        def _label_to_score(label: str) -> float | None:
+            if not label:
+                return None
+            mapping = {
+                'human': 0.9,
+                'bot': 0.05,
+                'proxy': 0.25,
+                'vpn': 0.3,
+                'tor': 0.1,
+                'datacenter': 0.4,
+                'scanner': 0.05,
+                'malicious': 0.05,
+            }
+            return mapping.get(label.lower(), 0.5)
+
        detections = [
            Detection(
                detected_at=row[0],
@ -130,7 +147,9 @@ async def get_detections(
                hit_velocity=float(row[16]) if row[16] else 0.0,
                fuzzing_index=float(row[17]) if row[17] else 0.0,
                post_ratio=float(row[18]) if row[18] else 0.0,
-                reason=row[19] or ""
+                reason=row[19] or "",
+                asn_rep_label=row[20] or "",
+                asn_score=_label_to_score(row[20] or ""),
            )
            for row in result.result_rows
        ]